Ethics & Compliance Learning
How Boards Can Effectively Manage Risk
As regulatory oversight has grown globally, so too have expectations of corporate boards. In recent years, discussions have centered on the responsibility of board members to ensure their organizations have a strong risk management framework in place.
For example, a proposed update to the UK Corporate Governance Code would require a company’s board to include in their annual report a declaration of the effectiveness of risk management and internal controls. And the recently passed EU Digital Operational Resilience Act (DORA) specifies board members along with senior executives should take a leading role in managing Information and Communicatons Technology (ICT) risk in the financial sector.
The Importance of Board Training
To fulfill their responsibilities effectively, board members must be properly trained in risk management—an important organizational investment. They need to understand the different types of risks their organizations face, how to assess those risks, and how to mitigate them. They also must be familiar with the organization’s risk management processes and systems.
The types of risk often vary by industry, but all organizations need to be mindful of risks related to cybersecurity, finance, operations, compliance, generative artificial intelligence, the political landscape and the environment.
Board governance training, offered by either the company or a third-party partner, covers crucial topics including strategic leadership, decision-making, financial stewardship, corporate responsibility, board effectiveness evaluation, director best practices, and communication skills.
Consider, for example, that a board member trained in risk management may be more likely to ask the right questions at the right time about the organization’s risk management framework and challenge management’s risk assessments. This can ensure the organization is adequately protected.
A well-trained board member may be more likely to understand the implications of a risk event and therefore can more easily make informed decisions about how to respond effectively and efficiently.
A few benefits of board training on risk management include:
- Increased understanding of the risks that the organization faces
- Improved ability to assess and mitigate risks
- Enhanced confidence when making risk-related decisions
- Improved communication about risk management within the organization
- Developing skills and knowledge to manage risk
On that note, SAI360 offers risk-related courses specifically designed for boards in its Learning Library, including topics on:
- Building an ethical culture
- Cybersecurity
- Taking a proactive approach to address risk
- How to identify conflicts of interest in a risk situation
- Identifying antitrust risks and considering how various risks as well as their perceptions relate to an organization
Five Additional Steps to Take
1. Set the tone at the top
Boards must create a culture of risk awareness and accountability within the organization. This means setting clear expectations for risk management and holding management accountable for performance.
2. Review the organization’s risk appetite
The board must understand the organization’s appetite for risk and ensure alignment with strategic goals.
3. Understand the organization’s risk profile
The board must identify what risks the organization faces and assess their potential impact.
4. Challenge management on risk assessments and mitigation plans
The board must carefully review management’s risk assessments and mitigation plans and ensure they are both realistic and effective.
5. Monitor the organization’s risk management program
The board must regularly monitor the organization’s risk management program to ensure that it is effective and up to date.
Final Thoughts
Boards of directors play a critical role in risk management. They must ensure their organizations have the necessary processes and systems in place to identify, assess, and mitigate risks. They must also be actively involved in the risk management process and challenge management on their risk assessments and mitigation plans.
Ultimately, a well-informed board of directors can make or break an organization’s risk management decisions.
How SAI360 Can Help
SAI360’s Ethics & Compliance Learning solution is designed to empower organizations with dynamic training content. Tailored to address today’s complex regulatory and ethical challenges, our resources include a blend of interactive courses, microlearning, and customizable content.
