Risk Intelligence in the Boardroom: Take a Quick Test to Measure Your Company’s Maturity

Guest Post by Ronald Kral, MBA, CPA, CMA
Managing Partner of Candela Solutions LLC

Sound data, information and intelligence are clearly critical business success factors; however, is it getting to the right people? Too often we think of C-level decision makers as the ultimate end-user. Yes, they are collectively the company’s brain-trust and are directly responsible for executing strategy, but whom should be monitoring and why? The answer is the board of directors, who serves to protect and represent the interests of shareholders. The active engagement of directors needs to be the lynchpin of important corporate deliberation, which hinges on information. Now that we have the “who” and “why” identified, let discuss “how.”

First let’s be very clear on what “risk intelligence” entails. There are both macro and micro elements to this definition as used in this article.  From a macro standpoint it involves the governance structure, and relating policies and procedures, to help ensure that decision making is undertaken in the best interest of shareholders. From a micro standpoint, the decision making process hinges on the timeliness, accuracy and comprehensiveness of information. This includes the supporting data elements and assumptions. Data transparency (i.e., knowing the origin and history of information, assumptions,  ownership, biases and accuracy) is essential in making sound decisions. Finally, while “risk” is the possibility of an adverse event, “opportunity” is the possibility of a favorable event. These two potential outcomes are inseparable as every decision to create or protect shareholder value (i.e., opportunities) involves risk.

Trust & Transparency between Management and Directors is Essential
Corporate governance is about accountability to shareholders through elected directors, as well as accountability over executive managers whom directors select and monitor. Accountability hinges on transparency of information and relating actions to respond to internal and external developments.  A sound governance structure ensures that a proper amount of information is harvested and acted upon by management under the watchful eye of the board. This is essential for fostering opportunities and managing risks through a timely risk identification process. While all of this is common sense and nothing new, we are entering an era of increased investor expectations of the board taking a more robust role with risk. This goes well beyond traditional fraud prevention, cash flow management, asset protection, regulatory disclosure, etc. While these topics will always remain important, this article gets to the very core of a company’s pulse; that is the risk to long-term strategies in the face of known and unknown external market and internal forces. This type of risk is often referred to as the risk of value destruction or equity loss.

We only need to look back a year or two to find dozens of high-profile companies that have been battered, or even worse – gone bankrupt, due to management decisions to take on too much risk, or even fraudulent endeavors with no one to challenge them. Sometimes, it is the fault of management deliberately hiding important information from the board, in which case this is fraudulent behavior since there is intent to deceive.  If there are deceptive forces at play between management and the board of directors, it is incumbent upon the board to take immediate action, up to and including removal of those committing fraud. However, in most cases it is not overt deception at play but rather a lack of information, erroneous information, or simply a board that does not ask the right questions or process information appropriately.

Open and Frank Discussions

Decision making improves when directors engage in open and frank discussions with management on presented information, and even more important – information that is not presented, especially regarding risks.  While open and frank dialogue between management and its board are often lauded as part of a company’s culture, implementation shortcomings often are a reality. Here are some suggestions to counter shortcomings from a boardroom perspective:

1.    Ensure that both the management team and the board are aware of their risk identification and management roles. These should be formally defined in charters, policies and procedures. Keep in mind that while it is typically management’s role to manage risk, it is the board’s role to understand risk and agree to a risk appetite.
2.    The topics of risk identification and risk management should be a part of every regular board meeting agenda. The board ideally leverages its committee structure to help ensure efficient use of board time. Some companies have a unique committee dedicated to risk.
3.    Understand and gain comfort in information supplied by management. Consider an information audit to verify the timeliness, accuracy and comprehensiveness of information, including the supporting data elements and assumptions.
4.    Develop board expertise among a diverse group of directors regarding the industry, market forces, and relevant informational needs. Directors should:
a.    Inquire as to the completeness of significant information to the decision making process
b.    Ask probing questions and follow-ups of each other and of management
c.    Challenge key assumptions
d.    Offer competing analyses
e.    Consider competing options to ensure that alternatives are appropriately addressed
5.    Utilize sufficient external resources including; industry experts, GRC (governance, risk & compliance) advisors, attorneys, accountants, auditors and others as necessary to augment the board’s capabilities to best serve shareholders.

Remember that a clash of conflicting views is healthy for the decision making process. Different points of view, judgments, and logic are preferred to a passive board culture. However, it is essential that the company has the right information to support the decision making process. Smart companies are taking this very seriously by investing internal audit resources, using either the in-house internal audit department or an outsourced firm, to assess the inputs, assumptions and outputs relative to important decisions. After all, conscientious directors and managers who believe they are making good decisions, only to find out subsequently that they used flawed information, must answers to their investors. Class action lawsuits, on behalf of investors or other stakeholders who believe they were harmed due to materially flawed disclosures or gross negligence in the decision making process, are a reality.

A Quick Test to Measure Maturity of Risk Intelligence in the Boardroom

As a board, ask and answer the following ten questions:
1.    Are roles between management and the board formally defined in committee charters, policies and procedures regarding risk?
2.    Is risk a separate topic of discussion at regular board meetings?
3.    Does the board approve the risk appetite for the company? Risk appetite is the amount of risk an entity is willing to accept in pursuit of value.
4.    Does the makeup of the board include directors who are not afraid to dissent and disagree with other directors and the CEO?
5.    Is the board comfortable with the timeliness, accuracy and comprehensiveness of information used to support key decisions?
6.    Does the board ask probing questions and challenge management’s risk assessment assumptions?
7.    Is risk management coordinated throughout the organization?
8.    Are business units empowered to implement risk management?
9.    Is risk management embedded into the organization’s culture?
10.    Does the board utilize sufficient external resources in carrying out its duties?

If you answered “yes” to all of these questions, you have a robust board of directors with the highest degree of maturity.  Otherwise, your company still has some work to do.

In conclusion, good corporate governance is not an option, but rather a fiduciary obligation to shareholders. It is impossible to isolate a company from all risks; however, you must get close to home regarding risks to help avoid poor decisions. Do not guess, but direct and manage based on the best information available. Without a solid grasp of the underlying information for decisions, corporate governance is compromised and the risk of disservice to shareholders is increased. Simply put, good governance relies on good information. Finally, avoid complacency in the boardroom as the director’s role is absolutely critical in protecting long-term company value.

Ronald Kral is the Managing Partner of Candela Solutions. Ron is also the Lead Partner of the Firm’s SEC Compliance Practice and is available to address inquiries.  He can be reached at [email protected]

Candela Solutions LLC is a new breed of CPA firm building value for clients through strong governance, risk management and compliance services. Visit our website at www.CandelaSolutions.com for more information.

© 2009 Candela Solutions LLC, One South Pinckney, Suite 310, Madison, WI 53703.

Leave a Reply