Article from Our Partner

A Call to Action: Elevate Board Risk Oversight

By Reid Sawyer


Future of the American Board Report Directorship Magazine

Boards and their organizations face an increasingly complex risk environment, a demanding risk agenda, and rising stakeholder expectations. Against this backdrop, the demands and scrutiny on risk oversight and governance effectiveness are expanding across three dimensions. First, the breadth and range of issues requiring board oversight continue to expand. Second, boards must explore with greater rigor how their organizations are responding to and managing individual risks, risk aggregation, risk concentration, and complex risk interconnections. Third, oversight perimeters are expanding to include risks inherited from across the enterprise value network—for example, cyber risks within critical third parties. 

Boards can elevate the execution of risk governance and oversight to meet these challenges by focusing on the four critical areas below. 

Oversight Structure
The expanding risk agenda requires boards to reconsider how to allocate oversight responsibilities. Many boards are responding to this challenge by expanding existing committee mandates, establishing new committees, or establishing a risk committee. However, this puts greater demands on committee and full board coordination.

Boards must ensure that there are clear committee charters that define risk oversight responsibilities, roles, and management structure and processes to support those responsibilities. It is important to avoid both gaps and overlapping responsibilities that could occur through overly inclusive charters.

Committee chairs play a vital role in ensuring effective committee alignment by structuring calendars and agendas. In addition, their formal and informal communications support information flow between committees and the full board to avoid information silos. 

Expertise and Board Composition
Boards need the capacity to provide oversight of an array of risks. Some boards may need to increase board education and the use of external advisors or refresh board composition.

The NACD 2023 Board Trends and Priorities Survey flags a mismatch between director skills and top issues that could impact organizations over the next three to five years, such as cybersecurity and climate risks. Boards should assess director expertise and board composition against the evolving risk landscape, the entity’s risk profile, and the ideal skills matrix to identify gaps to address.

Directors should also consider whether they have experience with robust risk management processes. Organizations’ enterprise risk management approaches, as well as the board’s capacity to probe management on the maturity of its risk management framework and the systemization of complex processes around risk identification, assessment, quantification, and modeling, must evolve. 

Reporting and Communications
Directors rated “information flow issues between the board and management” as the second biggest barrier to a board’s high performance in the 2022 NACD Public Company Board Practices and Oversight Survey. Directors’ challenges with risk reporting are primarily caused by insufficient information on the aggregated and correlated impacts of dynamic risks on strategy and performance.

Improving risk reporting starts with gaining clarity on the board’s risk responsibilities as they guide the content, structure, and cadence of information flow. A clearly defined risk appetite is also important as it helps the board and management identify, assess, and monitor relative risk impacts against the organization’s risk capacity and resilience. Many organizations may also need to mature risk identification and assessment processes by increasing quantitative risk metrics and the use of scenarios, war-gaming, and other assessment tools. These improvements can advance risk reporting and dialogue so that the board can better help management “see around corners.” 

Calendar and Committee Agenda
Careful consideration of the board and committee calendars and agendas enables directors to prioritize their focus, address a wide risk agenda, and remain in sync with internal processes and external reporting requirements. Agenda structure is particularly important for risk oversight, where information flow and committee activities must be sequenced. 

Despite crowded board agendas, directors should ensure that they allow time for discussions on emerging and evolving risks and impacts. In addition, agendas should allow for independent insight from external experts, such as academics and industry specialists. They can provide insights into emerging trends and risks and the evolution of best risk management practices at other organizations, helping directors upgrade their knowledge and challenge management’s “conventional wisdom.”

Directors can use the Future of the American Board Risk Oversight Blueprint to assess if their board and its committees have the mandate, members, information, and agenda that allow them to execute on their expanded risk oversight responsibilities. ■

Marsh McLennan is a NACD strategic content partner, providing directors with critical and timely information, and perspectives. Marsh McLennan is a financial supporter of the NACD.


This article is from the Directorship Special Issue 2024: The Future of the American Board.

Reid Sawyer is managing director and head, Emerging Risk Practice with Marsh Advisory.