Boards can do more on risk management

IN Western Australia, there are many directors on boards of mining and other large organisations. With these positions, directors have enormous responsibilities.

It's their obligation to set the right tone at the top, to specify the risk appetite that's appropriate for the organisation and TO ensure management's actions and the organisation's culture are adapted accordingly.

The spotlight is likely to shine more brightly on risk management as economic times become increasingly difficult and volatile. Governments, shareholders, directors and management should expect a significant increase in scrutiny over the next few years. This makes oversight and review of risk culture and risk management practices for all types of organisations paramount.

Insync Surveys and Board Benchmarking (formerly Leblanc Diagnostics) has just released a study, 'Risk management in the boardroom', based on the views of 625 directors who sit on 79 different boards in Australian and New Zealand.

The good news is that boards are setting the right tone at the top, however some boards need to lift their game in terms of developing an appropriate risk culture.

It's also interesting to observe a difference in scepticism depending on director age, with younger directors seemingly asking the harder questions.

Encouragingly, the report shows that most directors (83 per cent) believe their board sets the right "tone at the top" for their organisations but there are large gaps in perceptions of the "right tone" between directors under 45 years (with just 66 per cent agreeing) and over 64 years (with an overwhelming 90 per cent agreeing).

Controversially, this shows that directors aged less than 45 are shown to be more critical, compared with their colleagues aged over 64.

The importance of directors individually and boards as a whole setting an appropriate tone for senior management, all employees and other stakeholders, cannot be overstated. That tone, which needs to be reinforced by the CEO and senior management, will ideally embody insistence on: a high standard of integrity and ethical behaviour; the integrity and accuracy in financial reporting and; excellence in integrated risk management.

Directors, CEOs and senior managers must be consistent and vigilant in their actions. A single inappropriate action or comment can quickly unravel previous good efforts.

Some boards and management need to do more to get on the same page in relation to their organisation's risk appetite. While the "tone at the top" results above are good, it's disappointing to reveal that only 49 per cent of directors overall say their board and management have an agreed view on the organisation's risk appetite for each significant risk.

Again, there's a big difference in views depending on director age. Just 40 per cent of directors aged less than 45 say the board and management have an agreed view on risk appetite but directors aged over 64 years are far more content, with 60 per cent in agreement.

If the board and management don't have an agreed view on the risk appetite that's appropriate for the organisation, and assuming the board has a proper understanding of the drivers of the business and related risks, one of two problems may occur: management may enter into transactions and activities that have an unacceptably high level of risk that may unnecessarily expose the organisation; or management may be overly conservative in relation to the transactions and activities they enter into, which may stifle innovation and add unnecessary bureaucracy to the organisation's decision making and the roll out of its business plan.

If directors and management don't have an agreed view on the risk appetite appropriate for their organisation, they need to spend the time to discuss, debate and fully explain their views to get on the same page.

An independent party that could assess and articulate differences in management's risk propensity and the board's tolerance for risk may be of assistance here.

During the period where full agreement hasn't been reached, it is the obligation and responsibility of the board to specify the risk appetite that they believe is appropriate for the organisation and ensure management's actions and the organisation's culture is adapted accordingly.

Once risk appetite is agreed, it is essential that the CEO and management team ensure the organisation's culture echoes its level of risk tolerance. However, the report shows that around 41 per cent of directors overall either disagree or are uncertain that their organisation adopts a culture that's consistent with the organisation's agreed appetite for risk.

Directors need to also ask themselves how well risk management is embedded in their organisation's business processes, including in employee inductions, job descriptions, performance management practices and at each level of management.

They need to understand whether the organisation's incentive plans strike an appropriate balance between risk and reward or whether they encourage inappropriate risky behaviour.

Younger directors aged less than 45 may have a role to play here too as they are more critical, with 10 per cent of these respondents disagreeing that their organisation adapts a culture that's consistent with the organisation's agreed risk appetite. These directors need to help drive appropriate changes.

About 20 per cent of the 79 boards in the survey are ASX listed, including in the top 10. Aside from ASX-listed organisations, the boards included in this study also represent a cross section of organisations ranging from associations, not-for-profits and government entities.

As for director gender, 25 per cent of responses are from females and 75 per cent are from males. The majority of directors in the sample are non-executive. Director age revealed the biggest contrast of views compared with the other demographic splits.

- Vanessa Franzen is WA practice leader at Insync Surveys.