How to Talk Enterprise Risk Management to the Board
Developing and executing effective enterprise risk management programs start with getting corporate leaders engaged, including board members. But as risk management teams often realize, this is much easier said than done.
With numerous corporate issues demanding their attention, board members may often place proactive risk management strategies behind more pressing, immediate corporate concerns that promote growth and innovation.
So how do you get their attention? In my experience it comes down to aligning risks with high-level corporate concerns as well as creating clearly defined roles and responsibilities for board members and the larger leadership teams.
Interrelate What Matters
The most essential strategy for presenting risk management processes to the board is connecting risk with larger enterprise concerns, including financial loss and brand reputation.
Consider the financial burden of a cyber breach, for example. A recent Ponemon Institute and IBM study found that the average total cost of data breaches in the U.S. reached a record-breaking $7.35 million in 2017, with the average cost to businesses per record lost or stolen at $225 across all industries. For most enterprises, these can be crippling losses.
In addition to the financial costs, reputational impact can also build the case for leadership involvement. With each major newsworthy risk, enterprises may face year-long battles to restore their reputation. Once consumers lose trust in your brand, enterprises are likely to face high customer turnover, lower profits and as a result, lost market share.
By attributing enterprise costs and reputational impact to various risk areas, risk management teams can build the case for more efficient strategies and engage board members to understand the importance of being involved in policy execution.
Educate the Board on Risk Processes
Though many companies and organizations have improved their communications with board members about risk oversight, a 2017 PWC study suggests that nearly 20 percent of surveyed corporate leaders still need clarity on how their roles influence risk management.
Too often board members aren’t properly educated on their roles and responsibilities as they pertain to enterprise risk, which is a breeding ground for brand nightmares. When proper education is provided, the board benefits from clearly defined responsibilities, a greater understanding of enterprise risk factors, and the knowledge to lead a successful corporate risk management program.
For board members, they must feel confident in their abilities to clearly and efficiently respond to risk concerns, both in enterprise operations and media management.
Because of the increase in demand for board members to have greater understanding of risk management, you want to make sure members are provided sufficient information to be successful. This is best achieved by ensuring they understand the benefits of an established enterprise risk management program as well as their individual roles in executing this plan.