How Does Risk Management Relate to Corporate Governance?

UK Corporate Governance is largely dedicated to structuring risk management for organisations. The UK Corporate Governance Code clearly states that it is the board that is responsible for determining the nature and extent of the risks that the organisation is taking. Clearly, all businesses must take risks to earn revenue. But it is the responsibility of the board to manage that risk. The UK Corporate Governance Code must report on risk management in its quarterly and annual reports so that shareholders and other stakeholders are well informed of the types and level of risk that the organisation is taking.

Corporate Governance is all about managing risks

In the UK, as in the rest of the world, corporate governance practices have been developed with risk management as a priority. When corporate failures strike, meaning that risk has not been managed carefully, there is most often a corporate governance breakdown behind the crash. The recent debacle at the UK retailer BHS is a good example, as the report by the Institute of Chartered Secretaries and Administrators shows a breakdown of corporate governance led to excessive risk-taking. The board of BHS did not undertake sufficient due diligence about the prospective sale of the company, and the result was the assumption of too much risk, a company collapse and a pension shortfall.

UK Boards must manage risk — Corporate Governance Code

This is why the UK Corporate Governance Code clearly states that it is the board that is responsible for determining the nature and extent of the risks that the organisation is taking. Clearly, all businesses must take risks to earn revenue. But it is the responsibility of the board to manage that risk, under the terms set by the Corporate Governance Code, as a recent report from the Institute of Chartered Accountants in England and Wales indicates.

“Boards are also required to maintain sound risk management and internal control systems and have to confirm in their annual report that they have carried out a robust assessment of the principal risks facing the company, including those that would threaten its business model, future performance, solvency or liquidity. The Sharman Inquiry’s 2012 Final Report into going concern and liquidity risks identified lessons for companies and auditors in this area. As a result, the 2016 UK Corporate Governance Code states that directors must state whether, taking account of the company’s current position and principal risks, they have a reasonable expectation that the company will be able to continue in operation and meet its liabilities as they fall due, drawing attention to any qualifications or assumptions as necessary,” the report says.

Within the Corporate Governance board structure, the role of overseeing risk management usually falls to the Audit Committee, and it may be shared by the Risk Committee if the company has one. But assigning risk management activity to committees does not obviate the responsibility of the entire board.

Curious to learn how corporate governance structures can differ or overlap? Download this white paper to learn what types of structures other countries are using.

Guidance on risk management and the board’s responsibility

The UK Financial Reporting Council, which publishes the Corporate Governance Code, recently published additional Guidance on Risk Management. “Economic developments and some high profile failures of risk management in recent years have reminded boards of the need to ensure that the company’s approach to risk has been properly considered in setting the company’s strategy and managing its risks. There may be significant consequences if the company does not do so effectively. Good stewardship by the board should not inhibit sensible risk-taking that is critical to growth. However, the assessment of risks as part of the normal business planning process should support better decision-making, ensure that the board and management respond promptly to risks when they arise, and ensure that shareholders and other stakeholders are well informed about the principal risks and prospects of the company.”

The report continues to specify how Corporate Governance breaks down the risk management process. “Risk management and internal control should be incorporated within the company’s normal management and governance processes, not treated as a separate compliance exercise.” The board has responsibility for an organisation’s overall approach to risk management and internal control. This is not a general mandate for oversight; there are specific responsibilities that devolve directly to directors.

In addition, the report notes,“The board’s responsibilities are:

  • Ensuring the design and implementation of appropriate risk management and internal control systems that identify the risks facing the company and enable the board to make a robust assessment of the principal risks;
  • Determining the nature and extent of the principal risks faced and those risks which the organisation is willing to take in achieving its strategic objectives (determining its “risk appetite”);
  • Ensuring that appropriate culture and reward systems have been embedded throughout the organisation;
  • Agreeing how the principal risks should be managed or mitigated to reduce the likelihood of their incidence or their impact;
  • Monitoring and reviewing the risk management and internal control systems, and the management’s process of monitoring and reviewing, and satisfying itself that they are functioning effectively and that corrective action is being taken where necessary; and
  • Ensuring sound internal and external information and communication processes and taking responsibility for external communication on risk management and internal control.”

Clearly, corporate governance is the basic framework from which effective risk management takes shape. Corporate governance elaborates the division of responsibility within the organisation for risk management, and determines the means with which, at each level, risk management will be implemented. The board must establish channels with management that enable it to fulfil these responsibilities.

To learn more about how to digitalise your governance needs in the boardroom, check out the Governance Cloud and see how Diligent can meet your board’s needs

Diligent Governance Cloud keeps boards up-to-date

Board members can rely on the Diligent Governance Cloud to provide them with all of the materials they need for guidance and support. With the Governance Cloud’s ecosystem of integrated, digitised tools, board members will have access to searchable libraries of investment reports, earnings statements, easy-to-execute Conflict of interest questionnaires, and streamlined and secure communications, to name just a few features. Diligent understands what boards need today to uphold their responsibilities with features built to accommodate you. Our platform has real-time updates with constant improvements that respond to the evolving complexities of governance, risk and compliance.

The Governance Cloud ecosystem of products includes:

As board directors, leadership teams and general counsels continue to express their needs to digitise governance processes, Diligent will be the partner to grow with them. Collectively, these tools enable corporations to achieve a fully digitised and integrated governance ecosystem to mitigate risk, plan for strategic growth and, ultimately, govern at the highest level.

Board Portal Buyer’s Guide

With the right Board Portal software, a board can improve corporate governance and efficiency while collaborating in a secure environment. With lots of board portal vendors to choose from, the whitepaper contains the most important questions to ask during your search, divided into five essential categories.

Featured Blog