risk management and the role of the board risk oversight and good governance dugald ross jeito board...
TRANSCRIPT
Risk Management and the role of the Board
Risk Oversight and Good Governance
Dugald Ross
Jeito Board Reviews
November 2013
Who are we?Dugald Ross; B.Econ Jeito Pty Ltd
Australian & UKExpertise in financial market operational
risks and board oversightJeito Pty Ltd
Consulting firm with a global focus on the Web delivery of reviews of third sector
Boards
‘Jeito’ (pronounced ‘J2′ ) is Brasilian/Portuguese slang meaning “the knack,” which sums up
our vision to find the right solution to our client’s needs.
Points to Understand – focus that RM begins with good governance
• Good risk management is a key component of good governance
• Risk failures are usually a result of poor governance
• The boards role in risk management is of oversight
• Risk oversight is a continual process of questions, decisions, feedback and review.
Risk Failures at the Heart of the Financial Crisis
“It is clear that governance failures contributed materially to excessive risk taking in the lead up to the financial crisis. Weaknesses in risk management, board quality and practice, control of remuneration, and in the exercise of ownership rights need to be addressed in the UK and internationally to minimise the risk of a recurrence
Walker Review of corporate governance of UK banks and other financial entities: July 2009
Why did some financial institutions fail or need public rescue, some came close to the brink but many others weather the storm and continue to operate profitably?
Part of the answer is differences in business models….. But a significant part, was the differences in the quality of their corporate governance.
THE IMPORTANCE OF GOOD GOVERNANCE speech by JOHN F LAKER Chair of Australian Prudential Regulation Authority to the Australian British Chamber of Commerce, Melbourne 27 February 2013
Why the Failures?
Risk Oversight Failures – a Governance Issue
The inability of many Boards to accurately identify and understand the risks inherent in their businesses is seen as the main governance failure leading to the crisis. …………………….
Their risk appetite was vague.
THE IMPORTANCE OF GOOD GOVERNANCE speech by JOHN F LAKER Chair of Australian Prudential Regulation Authority to the Australian British Chamber of Commerce, Melbourne 27 February 2013
Egregious Cultural failures
Corporate culture is widely seen as a difficult and complex issue, but the egregious cultural failures that lie behind the lamentable story that is now emerging in relation to the conduct of some banks make action essential.
Values and ethical standards, and the overall culture in which they are embedded, are keystones of governance in any corporate entity.
‘Banks must solve the problems of ethics’ by Roger Ferguson, John Heimann, William Rhodes, Sir David Walker .Times newspaper August 22 2012
What is happening in the world today?
Focus world wide is increasing on risk management and good governance
• What is new?
• Comply or Explain
• Insurance wont save you from poor performance
Board‘s Role in Risk Oversight
Risk Oversight v Risk Management
The board should provide oversight and guidance for ‘the systems and processes concerned with ensuring the overall direction, supervision and accountability of an organisation.’
Chris Cornforth Governance Overview, Governance and Participation project, Co-operatives UK, 2004
Management should provide the risk management implementation
Risk Complacency
“Just 15 per cent of directors reported a very good understanding of the risks their company faces, 54 per cent a good understanding, while almost one third (29 per cent) said they either have a limited or no understanding. The remaining two per cent said they did not know.”
There is little variation from a previous study in 2011
Improving board governance Mckinsey global survey results 2013
Co-operatives UK Findings
• The Boards role in risk oversight is misunderstood
• They see it as managements role to report and provide instruction.
• They forget the board has the ultimate responsibility and is responsible for oversight
Risk Governance and Risk Management Cycle
Identify and Accept
Risk
Control and Manage Risks
Monitor risks
Test Review Report
Procedures
Board Reviews
BOARD understand and relate to strategy
BOARD oversight and adequacy
Management to Implement
Risk Oversight Foundations
Risk oversight IS NOT a process with a beginning and an end.
It is continual process from which to make sound decisions in two areas of oversight.
1. oversight of critical risks and risk decisions (risk governance)
2. oversight of enterprise risk programs (risk management).
Appropriate Risk Oversight – ‘No one size fits all’
• Strategy and risk management are linked.
• An Intelligent risk management culture is never an impediment and should more than just a supplement.
• It should fit the organisation, and the role of the board is to ensure the risk management framework is appropriately designed, adapted, implemented and becomes an integral part of an organisations decision making culture.
The Upside to Oversight and Good Governance
Healthy risk oversight is not just about risk avoidance
Setting Culture
Improved education, communication and innovation
Preparation for crisis
Better understanding of processes across an organisation
Building Morale
Better decision making
Governance Codes & Risk
Good Governance
Good governance should be thought of as a floor – not as a ceiling
Good Governance is all about
• Recognising and accepting risk – don’t be afraid• Setting the appropriate risk oversight.• Setting the culture from the top• Question, question, question• Ensuring the board is a high performance board• Review and assessment
What the code wants from Societies
High Performance Board meeting
minimum standards
Support the code in your rules
Comply with requests for Information
Provide statements of recommendationsProvide reasons for non
compliance
Provide Reasons for appropriateness
Four Themes to Improve Risk Oversight
Financial Stability Board (FSB) Thematic Review on Risk Governance Peer Review Report 12 February 2013
Board Capabilities
Board Values and Culture
Board Information
Risk Governance
Board Capabilities
‘Many boards simply lacked the financial industry experience and understanding of market complexities needed to ensure they could perform their fundamental role of independent and objective oversight. They had inadequate skills, technical expertise or confidence — to challenge a dominant or ‘imperial’ chief executive officer (CEO) pursuing aggressive growth strategies.
JOHN F LAKER Chair of Australian Prudential Regulation Authority speech to the Australian British Chamber of Commerce, Melbourne February 2013
Not Just Skills - but Behaviour
Too often directors were unable to dedicate sufficient time to understand the firm’s business model and too deferential to senior management.
Financial Stability Board (FSB) Thematic Review on Risk Governance Peer Review Report 12 February 2013
Understanding Your Board Capabilities
Attitudes & Values
Knowledge Skills
Performance Assessments of Board & Members
Skills Self Assessments by Members
‘The crisis exposed significant shortcomings in the governance and risk management of firms and the culture and ethics which underpin them. Thisis not principally a structural issue. It is a failure in behaviour, attitude and in some cases, competence.’
Board Values - Culture and Ethics
Sants, H, Delivering effective corporate governance: the financial regulators role, Speech at Merchant Taylors’ Hall, April 2012.
Board Values - Culture and Ethics
Values and ethical standards, and the overall culture in which they are embedded, are keystones of governance in any corporate entity.
‘Banks must solve the problems of ethics’ by Roger Ferguson, John Heimann, William Rhodes, Sir David Walker .Times newspaper August 22 2012
Risk Culture – an example of poor standards
A poor risk culture was not consistent with the risk appetite and can manifest itself in a number of ways.
• Lack of understanding • Lack of candour in the relationship between board
and management• Headstrong front-office leaders always looking to
push the risk control boundaries, that passes the ownership of risk to the risk management function or internal audit. Business areas must be the owners of risk.
JOHN F LAKER Chair of Australian Prudential Regulation Authority speech to the Australian British Chamber of Commerce, Melbourne February 2013
Setting corporate culture as ‘Risk Intelligent’
• The board should encourage and set the tone for an organisations risk culture.
• The board should understand how their strategies and incentives reward and encourage people to take risks intelligently.
• This is why risk oversight is a continual process of defining, measuring, reviewing and questioning.
Board Information - What is Needed
• Timely, relevant & comprehensive information• Reports that can be easily digested by the board • A holistic view of the risk exposures of their institution
Reports• Information not heavily filtered by management hierarchy
nor reaching the board late and/or distorted.
JOHN F LAKER Chair of Australian Prudential Regulation Authority speech to the Australian British Chamber of Commerce, Melbourne February 2013
CIMA Performance Reporting to Boards. A Guide to Good Practice
Board Information - Integrity in Financial Reporting
• Can I trust the data?• Does it cover the critical
issues?• Is it sufficiently up to date?• Can I digest it quickly ?• Does it cover future as well as
historical?• Does it include a holistic
perspective?• Is it in relevant time context?
Risk Governance Issues
• Inability to accurately identify and understand risks • Inability to ensure robust structures for managing and
reporting on these risks
o Unclear definitions as to the degree and nature of risks.
o Vague risk appetite. o Lacking the stature, authority and independence to
challenge the business areas;o Unclear accountability and lines of reporting to the
board o Inadequate experience or independence from
management or the board
JOHN F LAKER Chair of Australian Prudential Regulation Authority speech to the Australian British Chamber of Commerce, Melbourne February 2013
Independent Assessment of Risk Framework
• Independent assurance that the risk governance framework works and works as intended.
• However, such internal or external audits and assessments tend to be compliance-focussed.
• Internal audit don’t reveal external trends and/or align with best practices.
JOHN F LAKER Chair of Australian Prudential Regulation Authority speech to the Australian British Chamber of Commerce, Melbourne February 2013
Questions About Your Risk Processes
• Does your risk management method work?
• Would anyone on the Board know if it didn’t work?
• If it didn’t work what would be the consequences?
Blank thoughts?
Assessing Board Performance – is your board adding value in terms of its risk management and performance?
The most valuable outcome of a board evaluation is that it helps to bring “issues to the surface”; and allows directors to “stand back” from day to day matters and improve the performance of the board as a whole.
Evaluating the Performance UK Boards: Lessons from the FTSE350 – The All Parliamentary Corporate Governance Group 2007.
