The relationship between risk management and corporate governance
Risk-taking drives corporations to push ahead and make steep gains. Yet, the changing landscape of risk is creating a global conversation about how principles for corporate governance need to evolve to respond more appropriately to understanding the role of risk management in corporate governance.
The world’s corporations are keeping a keen eye on how large corporations manage and respond to risk failures to avoid the same mistakes. They’re learning that companies tend to underestimate the cost of risk failures internally and externally. In many cases, corporations also underestimate the cost of time managers need to address damage control.
As the conversation around risk intensifies, corporations are taking a broader-based approach toward corporate governance principles to account for more diverse risk types.
To help you adopt a broader approach to risk management, this article will explain:
- The role of risk management and corporate governance and why it’s important
- How boards can support better risk management practices
- Key principles for risk management in corporate governance
The role of risk management in corporate governance
Risk management is central to corporate governance. Over the years, the corporate world has taken note of risk failures. The financial crisis of 2008 and following technological advances created unprecedented opportunities — and massive risks. Corporations responded by adopting new, more transparent practices to manage risk. These practices encompass what we now know as governance, risk and compliance.
As such, the role of risk management in corporate governance is to inform how corporations and their board operate concerning risk. It’s about considering the risk exposure of every business activity, then implementing practices like due diligence, internal controls, and more to manage risk proactively.
The role of corporate governance in risk management practices
As risk management influences corporate governance, modern governance has also introduced new risk management practices. Many boards now prioritize smarter risk-taking — risks backed by the assurances that corporate governance provides.
Governance codifies risk management practices. It solidifies how the corporation will conduct different activities — mergers and acquisitions, third-party and vendor relationships and corporate strategy — to introduce the least amount of risk possible.
Why is risk management important in corporate governance?
Risk management is important in corporate governance because it protects the organization from losses. When good corporate governance is in place, corporations can proactively identify and mitigate risk, reducing their risk exposure and ultimately limiting reputational and financial damage.
That’s why risk management has evolved from being an operational imperative to a critical governance issue. Reducing risk should be at the heart of all governance practices. Without that risk focus, governance can fail to safeguard the company and its assets and lead to floundering performance neither the board nor shareholders will be satisfied with.
The board’s responsibility in risk management and corporate governance
The board doesn’t necessarily manage risk in corporate governance — they oversee it. The board is responsible for identifying the business's risks and how to maximize returns while minimizing loss.
Executive leadership and management teams will ultimately look to the board for guidance on where to focus their risk management activities. Those leaders will then implement a risk management strategy and internal controls system that aligns with the board’s priorities.
In addition to overseeing the organization’s risk landscape, the board will also want visibility into risk management reporting. Most boards delegate oversight to the audit and/or risk committee, which need accurate risk insights to help the board make more informed decisions.
4 key principles for risk management in corporate governance
Corporate governance principles for risk management could take on many different forms. Changes will likely be fluid and evolving for the foreseeable future. Despite vast changes, corporate governance principles must be structured, integrated and balanced. Recent risk failures have taught us that all corporations are vulnerable and that they need to prepare just as stringently for low chances of catastrophic risk as for higher chances of significant risks.
Governance principles that will help boards stay head of risks big and small are:
- Updating reward structures: Existing reward structures for corporate executives tend to correspond to how well they manage financial risk as it relates to internal controls and audit functions. The new standard for reward structures may include not only rewarding the success of businesses but also rewarding managers for having a keen awareness of risk management. This means that corporations may begin reducing financial incentives, such as stock options, for managers who regularly engage in excessive risk-taking. Companies may also factor in how well managers pay attention to reputational risk, financial risk, and how strategic risks manifest as operational risks.
- Standardize risk language: Corporate executives are considering forming guidelines as basic steps to new approaches to managing risk. Many executives are encouraging their companies to establish some common risk language they can use throughout the company. Using commonly accepted terms for risk management will aid them as they set new standards for risk management. In turn, new risk management standards will help them balance qualitative and quantitative perspectives as they devise standards for measuring risk.
- Expand the scope of risk management: The future of corporate governance may move toward a broader perspective of standards that are more practical and useful for all types of businesses, including banks and other financial institutions. Such issues as outsourcing and supplier-related risks are examples of risks that apply to most businesses that haven't been addressed very much in governance in the past.
- Managing broader risk profiles: Additionally, future corporate governance may place a heavier emphasis on catastrophic risk even when the risk is low. Just because the probability of a catastrophic loss is low doesn’t mean a catastrophe won’t happen. Good corporate governance principles may account for standing ready to manage any potential catastrophe at any given time.
Embed risk management into your governance framework
As demands on corporate governance increase, corporations need to bear in mind their overarching goal: to create optimal value for their customers and shareholders. Ultimately, risk management in corporate governance is about implementing principles that guide companies toward strategic, profitable risks and away from excessive risk-taking.
What does that look like in practice? Download our governance checklist to learn how to establish a framework that drives board performance through better risk management.
