Board Risk Oversight Questionnaire

In brief: Originally appearing in Director Essentials: Strengthening Risk Oversight, this questionnaire includes key questions about eight risk oversight practices to stimulate board discussion and enhance the board’s understanding of the organization’s risk management activities.

This resource can help your board

• Clarify the roles of the board, management, and committees

• Understand the company’s risk profile

• Define the company’s risk appetite

• Integrate strategy, risk, and performance discussions

• Access risk culture

Most relevant audiences: audit committee members, risk committee members, and chief risk officers  

The following questions align with the common risk oversight practices identified in Director Essentials: Strengthening Risk Oversight.

These questions help drive dialogue with management and obtain a robust understanding of the effectiveness of risk management activities throughout the organization. This list incorporates questions from the Report of the NACD Blue Ribbon Commission on Risk Governance.

Clarify the Roles of the Board, Committees, and Management

• Is there a common understanding among management, the board, and board committees about their respective roles, responsibilities, and accountabilities on strategy? For example, is the board and are the appropriate committees meeting regularly with a CRO? If there is a

  CRO, has the board ensured that the CRO and general counsel have adequate resources and appropriate reporting lines to bring any changes in material risks to the board’s attention?

• Are risk oversight activities clearly differentiated between the board and its committees, and among the various committees?

• Does the board have the appropriate committee structure for its significant oversight obligations in the risk area?

• How specifically are our board committees engaged in risk oversight? For example, how is our audit and/or risk committee discussing risk controls, risk assessment policies, and risk management polices? (Section 303A, NYSE Listing Manual.) How does the compensation committee evaluate potential risks in

  executive pay plans and in the company’s pay philosophy overall?

• How does the nominating and governance committee factor risk and strategy considerations into board succession planning and director recruitment needs?

• What is the threshold for risk-related reporting to the board (e.g., categories of risk, specific issues or incidents)? What situations may call for greater board engagement (e.g., perceived management failure to disclose or address a critical risk)? Do we have a protocol that defines these situations?