Boards have generally identified experience and insight into risk management as areas where they need to improve. As risk management is integral to any organization’s success, helping it to identify and address risks to the achievement of its objectives, regulators and others expect boards to beef up their ability to provide effective oversight.
I congratulate the Directors and Chief Risk Officers group and The Governance Fund who have published Qualified Risk Director Guidelines. The team involved in developing the guidelines includes notable risk and governance experts, a number of whom I know and respect.
This is an excellent basis for discussion by the board and its advisors in management about how it will assess whether the directors they add to strengthen risk oversight have sufficient experience, training and ability.
I like that these guidelines are divided into groupings of attributes:
- Risk management acumen
- Personal attributes
- Business acumen
The guidelines suggest how a director may obtain the required majority of these attributes.
Points of Contention
I only have a few quibbles:
- I believe it is essential for a qualified risk director to understand the relationships between strategy, risk and performance -- and that the consideration of risk is an integral part of everyday decision making.
- The risk director should understand the need for every decision-maker within the organization to understand what the right risks are to take. It is insufficient to have broad risk management policies and standards that cannot be translated into guidance for everyday decision making
- The qualified risk director should also have an appreciation for the need to manage risk at the speed of the business (or, as a commenter on one of my blogs said, run the business at the speed of risk).
- An excellent source of qualified risk directors is experienced (including retired) chief internal audit directors.
I welcome your comments.
Title image courtesy of Mark Carrel (Shutterstock)
Editor's Note: To read more of Norman's thoughts on risk, see his Why I Worry About Uncertainty First, Then About Risk