In a report (Risk Management Survivors Offer Cautionary Tales) by a professor who attended the World Economic Forum in Davos there is some excellent information on a variety of risk and governance issues. What caught my eye was the section under the heading -- “Redesigning the Board.”

Redesigning the Board

Here are a few quotes with my related comments, but you should read the whole section (and probably more):

The governing board is potentially one of the most pivotal places for the introduction of risk management practices”

Certainly, risk management practices are being driven into a growing number of organizations through pressure from the board. Directors anticipate either mandatory disclosures or questions (from regulators or investors) on the management of risk, and they are asking top executives to implement the necessary risk management activities.

Separately, a draft from the Canadian Institute of Chartered Accountants entitled “A framework for board oversight of enterprise risk” suggests that boards should be more active in understanding and managing certain risks to the organization -- where the source of the risk is the quality and effectiveness of the executive team, including the CEO. The author asks: “How does management critically evaluate the very strategy it developed or objectively assess its ability to execute?”

…the boardroom could serve as a barricade against the next crisis -- if properly redesigned. The board's traditional focus has been on "compliance, control and compensation," fulfilling the oversight function mandated by both government regulators and listing requirements. But that is no longer sufficient, suggested several panel members. Directors should also be engaged in "company strategy, talent development and risk management." It is a matter of not only "feeding the beast" -- providing investors with expected quarterly returns -- but also "building the business" -- advising executives on strategic direction and appropriate risk.”

In my experience, effective boards include a number of directors with a variety of experience and insights who contribute actively to the development of strategy. That enables them to contribute with penetrating questions to the identification, assessment and management of related risks.

An emerging best practice is for boards to have discussion sessions that address both strategy and related risks at the same time. After all, how can you determine appropriate strategies without understanding the risks to their achievement?

…directors should bring not just oversight capabilities to the boardroom. They should also be ready to challenge management practices, exercise independent judgment and resist when executive actions pose excessive risk.”

A number of commentators have questioned the effectiveness of boards that are too “friendly’” to management and with each other. While you don’t want a combative board, certainly you need skeptical and curious directors.

Smaller boards make better forums. ‘Seven to eight people can debate strategy, the way a board of 15 cannot.’"

This is intriguing. Boards need to balance the need for a sufficient number of directors to handle the increasing workload, provide insights and experience in all key areas, yet function effectively. I tend to agree that 15 is probably too many directors.

If well redesigned, company boards can thus help their companies in "a race to the top" -- building long-term value and avoiding excessive short-term risks -- rather than permitting a "race to the bottom" that had driven some companies into the cauldron of the crisis.”

Do executives sufficiently value their board and allow them to contribute? I wonder.

The Importance of Governance

I really liked these next two:

Working in extremely high stakes environments requires taking calculated risks, the antithesis of recklessness that had driven the sub-prime mortgage lending that sparked the financial crisis. And when critical decision points are reached -- going for a dangerous summit, landing a stricken aircraft -- a total focus on the task at hand and the ability to draw on a lifetime of experience are vital for surmounting the perils of the moment.”

Complacency will kill you, good governance is essential and learn from others' mistakes to avoid your own.”

One of my continuing complaints with the pundits pushing a view of GRC that includes only risk and compliance is that they ignore the role of governance. Effective governance is critical to any organization, and can be the difference between success and failure. It’s time for all pundits to embrace the business perspective of GRC as how you direct and manage the organization to optimize performance, consider risk and remain in compliance.