Refining risk oversight for heightened volatility

 

Disruptions in the oil market and swings in other commodity prices. A strengthening U.S. dollar — and a decelerating China and struggling Brazil. Geopolitical unrest and hotspots around the world — Russia, Iran and the Middle East. Ongoing challenges in the Eurozone — from economic stagnation to unprecedented migration. Growing cyber security risk and technology continuing to drive business model disruption. In this unprecedented mix of volatility and uncertainty, boards will need to closely monitor changes in the business landscape — on an ongoing basis — to understand the impact on the company's strategy and risk profile, and help the company calibrate as needed.

Indeed, more than 80% of the directors and executives responding to our recent global survey — “Calibrating Strategy and Risk” — said their board has deepened its engagement in strategy — e.g., considering strategic alternatives, monitoring execution, or recalibrating strategy. Connecting strategy and risk, and testing the continuing validity of critical risk assumptions continue to be key areas of focus — and significant challenges — for many boards.

Given the role that many audit committees play in risk oversight, our survey findings offer insights into the challenges audit committees and boards face in their efforts to refine their risk oversight processes to help their companies meet the challenges posed by the new level of volatility. Our survey shows that many boards have recently taken steps — or discussed ways — to strengthen their oversight of risk, mainly by improving risk-related information flowing to the board, but also by hearing more independent views and refreshing the board/recruiting expertise, coordinating (and reallocating) risk oversight responsibilities among the board's committees, and/or changing the board's committee structure.

- Advertisement -

Boards are also wrestling with other risk-related challenges, including effectively linking risk and strategy in boardroom discussion, devoting sufficient agenda time to cyber security, and communicating and coordinating among the full board and its committees on oversight of the company's key strategic and operational risks.

To dig deeper, we interviewed seasoned audit committee chairs and risk professionals for their perspectives on how audit committees and boards are refining their oversight of risk in an increasingly volatile environment. Among the takeaways:

• Good risk management is an ongoing business discussion — dynamic and enterprise-wide. Managing and overseeing risk should be a dynamic process, starting with front-line management. Is the board getting a consolidated, enterprise-wide view of the company's risks from various C-level perspectives — and outside sources — that helps connect the dots?
• Risk and strategy go hand-in-hand. While boards are clearly spending more time debating risk, make sure it's being done in the context of making good decisions, not making no decisions. Understand the risks around key growth assumptions, and how much risk the company is willing to take.
• Getting the risk culture right starts at the top, but succeeds (or fails) in the middle. The right tone at the top is a must; but a good risk culture — marked by an openness and transparency, where employees are comfortable providing feedback in an open and honest discussion and different views are heard — hinges on the middle. Is it clear that risk management starts with the front line?
• Cyber security is a critical business risk, requiring the full board's attention. Because cyber risk cuts across so many aspects of the business, make sure all the key players (CIO, CISO, CRO, CCO, and chief audit executive, for starters) are in sync, and that cyber security has sufficient time on the full board's agenda.
• Are risk oversight roles and responsibilities clear and still appropriate? Challenging management on how the company is responding to a dynamic risk environment requires more and more time and focus. Give a lot of thought to what gets discussed where — particularly when it comes to the agenda-heavy audit committee, which needs to remain focused on job No. 1: financial reporting and internal controls.

The full interviews — in the latest edition of KPMG's Global Boardroom Insights — along with our global survey findings (at kpmg.com/BLC) offer timely insights into how boardroom discussions are evolving to keep pace with the new global volatility.            â– 

The author can be contacted atauditcommittee@kpmg.com.

About the Author(s)

This is your 1st of 5 free articles this month.

Introductory offer: Unlimited digital access for $20/month
4
Articles Remaining
Already a subscriber? Please sign in here.

Related Articles

Navigate the Boardroom

Sign up for the Directors & Boards weekly newsletter for the latest news, trends and analysis impacting public company boardrooms.