Column: Risk Management

Risk School for Boards

By: | March 1, 2016

Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at [email protected]

Topics: ERM | March 2016 Issue

Hard to believe it has been 15 years since we first heard the term Sarbanes-Oxley Act, SOX. Does anyone remember the Enron scandal anymore?


We’ve been bombarded with new scandals year after year ever since. They reveal unreliable financial reporting, appalling corporate governance failures, inadequate risk management, and now persistently weak IT security.

Regulators have been continually heightening their expectations of board oversight, particularly after the 2008 global financial crisis.

They insist that boards play a greater role in risk management oversight and ensure that the company’s risk management practices are in step with its strategic direction. Also, if risk-taking strays beyond the company’s risk appetite, it should be identified and escalated.

Seems reasonable, in theory. But we need a closer look at risk management processes and systems including boards.
Most boards consist of great people, who want to do a great job. But there is a problem with giving this oversight responsibility to our boards, especially if they are ill-equipped.

Board members often get little practical guidance on how to effectively oversee risk cultures and appetites.

“Many corporate failures can be attributed to the board’s inability to recognize the underlying risks faced by the company, and to take timely and appropriate mitigating actions,” according to Aon’s “Global Risk Management Survey 2015.”

Most boards consist of great people, who want to do a great job. But there is a problem with giving this oversight responsibility to our boards, especially if they are ill-equipped.

It goes beyond the boardroom. According to the “2015 Report on the Current State of Enterprise Risk Oversight,” by NC State and the American Institute of CPAs, 60 percent of the C-level received little or no risk management training and guidance.

So — no surprise — I’m fielding an increased number of requests for board and C-suite training on enterprise risk management, risk culture and metrics.

Ghislain Giroux Dufort of Baldwin Risk Strategies, who co-authored an article in March 2015 on board oversight, is seeing the same trend. He underscores the importance of providing practical training on risk management to directors. It is the only way boards will comfortably recognize the risks that should be taken or managed in order to achieve strategic objectives.


Business landscapes are constantly changing. But risks should never paralyze an organization. Businesses need to be alert to change, have adaptable strategies, and not only mitigate existing risk but also take informed risks.

Risk analyses that only focus on individual risks without any link to corporate strategic objectives deliver very little value and can also be dangerously misrepresentative. Boards need to be equipped to challenge this.

Before regulators get too heavy-handed with our boards, let us first offer them an understanding of what they should be seeing from management — a composite picture of risks clearly linked to objectives.

More from Risk & Insurance

More from Risk & Insurance

Risk Matrix: Presented by Liberty Mutual Insurance

11 Crucial Trends That Are Impacting the Construction Industry Today

Increased hurricanes, opioids, women workers and more are just some of the latest trends driving construction risk.
By: | November 1, 2019

The R&I Editorial Team can be reached at [email protected]