Board members weigh in on effective risk management. Corporate fundamentals are crucial: culture, talent and strategy

Transcription

1 Board members weigh in on effective risk management Corporate fundamentals are crucial: culture, talent and strategy

2

3 Board members weigh in on effective risk management Corporate fundamentals are crucial: culture, talent and strategy Ernst & Young held a series of roundtable sessions with seasoned board members from across Canada to get their perspectives on today s risk management practices. Our goal was to gauge their views on the shifting nature, extent and quality of risk management discussions at the board level, and to leverage their ideas on leading practices that will contribute to a more effective risk management program in a changing environment. Our discussions confirmed our perspective that, in order for boards to go beyond simply protecting the business and actually enabling it through risk management, they must take a broader view of risk, adopt more leading practices and ask the right questions. However, we also noticed that, regardless of the activity in question, the dialogue always reverted back to three fundamental elements: culture, talent and strategy. While a robust risk management program can certainly provide valuable structure and information, the basics are fundamental. Risk management is much more effective if it s based on a solid foundation of a communicative, risk-aware culture, an engaged, diverse group of employees and leaders, and a well-thought-out strategy. 1

4 Culture An organization s risk culture is crucial to its approach to risk management. It s the foundation on which risk decision-making is based, regardless of any official risk management practices. Creating a strong risk culture does not happen overnight from screening potential executive hires for their fit with the organization s risk culture to coaching executives on the importance of risk-based decision-making, it s an ongoing process. Our research has shown that effective risk management starts at the very top, with proper oversight and accountability at the executive and board levels. Although the board doesn t handle the day-to-day running of the business, it does have a responsibility to ensure that management s actions are consistent with the corporate strategy, and reflect the culture of the business and what it represents. In turn, the management team must set the tone for the rest of the organization through its own approach to risk management, and through consistent messaging to employees regarding everyone s risk management responsibilities in their day-to-day activities. To make this happen, directors agreed that the organization must avoid the siloed approach to risk management in favour of cultivating a culture of openness, trust and collaboration at all levels. What and how the board, CEO and other leaders communicate is a true indicator of their organization s values. They must earn and maintain the trust of both internal and external stakeholders by fostering a risk-aware, no surprises culture that is characterized by timely, clear, transparent communication of the risks that matter throughout the organization as well as between senior management and the board. During our discussions, some directors in certain sectors voiced the opinion that their organization s tone is often too focused on complete risk elimination. This mindset stands in stark contrast to the entrepreneurial spirit that is needed for growth. While management is paid to effectively handle an organization s risk, it is also rewarded for taking well-calculated risks that create value. It is the board s role to thoroughly evaluate the opportunities brought forward by management, and gauge the associated risks. Directors are expected to achieve a certain balance they must do their homework and be close enough to each other and to the business to understand and analyze its risks, while still maintaining enough distance to be effective. Given their critical role as challengers and assessors of how executives are performing in managing risk, directors shouldn t get too cozy. Some directors expressed frustration that key discussions around the management of risks are often deferred to off the table conversations. This congeniality can detract from the type of frank conversations that are required on matters that are fundamental to the organization s strategic direction. Relevant performance and risk indicators should be reported consistently through standardized self-assessment and reporting tools. Keep in mind, however, that the CEO may tend to convey the risk culture that he or she wants to project to the board which may or may not reflect reality. Some directors shared that, in order to get deeper insight, they often invite senior professionals from various areas of the business to present firsthand to the board rather than relying solely on the C-suite to relay high-level information. Others suggested monitoring the organization s engagement scores and independently surveying senior leadership in order to get a more unfiltered sense of the risk culture. Early identification of potential problems maximizes the options available to address them. Volatility is increasing with the frequency and magnitude of disruptive events, and with changes in the competitive or operating environment that could introduce emerging risks. Having the right risk culture is crucial for organizations to move with the speed and agility required to react effectively. 2

5 Talent Directors told us that they place a premium on the talent of the individuals tasked with managing the companies they oversee. They see a direct connection between the quality of the strategies and the execution against objectives, and the skills and experience of the management team. Directors depend on management to effectively navigate the labyrinth of risks faced by their organization, and to support the board as it articulates alternative futures. And, at a more micro level, directors expect management to leverage the range of talent at its disposal as it assesses matters of risk, including functions such as internal audit, general counsel, corporate compliance and environmental health and safety. Directors are also looking with a keen interest at the talent sitting next to them in the boardroom when significant issues are deliberated. It s no surprise that board members across the country spoke of the need for diverse talent in terms of professional experience, gender and cultural backgrounds. What we also heard is that directors with deep industry and international experience are valued, as are those with the inclination to ask the uncomfortable questions, go against the grain, and speak firmly about what s on their minds when it comes to the strategy and the risks that matter most. A changing business environment translates into changing business needs in the C-suite as well as at the board level. One of the directors proposed an interesting exercise for boards: Evaluate your CEO against the required competencies, skills and experience, and then ask yourself if you would hire the current CEO if the position were vacant. This highlights the importance of directors always having a clear understanding of the organization s succession strategy and plans in light of the changing environment, and hiring and developing suitable executives accordingly. One key factor that s inextricably linked to hiring and maintaining quality talent, of course, is compensation. An organization s compensation practices should be tied to performance, and competitive enough to support desired retention targets. Although goals should obviously link to the organization s growth plan, related incentives such as bonuses should not encourage the C-suite to take unacceptable risks that could endanger the business in the future. CEOs and other executives should be compensated based on their ability to manage, monitor and find opportunity in risk, and in many cases this may mean that compensation plans will have to vary from person to person. Strong governance is important to encourage behaviours that are consistent with the organization s core values and culture. 3

6 Strategy Every organization s success is due in part to a sound corporate strategy, and the disciplined planning and execution of that strategy. Strategic opportunities will come with risks that, if well managed, could increase the value of the organization. However, these risks must be carefully considered in light of the organization s risk tolerance and their potential impact on its competitiveness. There should be absolute clarity on the goals and timelines associated with each strategic initiative, the risks that could prevent the organization from achieving results, and the risks associated with not achieving results. Directors shared their view that risk and strategy cannot be decoupled risk should be considered in real time as part of strategy discussions. This is reflected in the trend of no longer having risk committees on the board, and carries important ramifications for directors. Going forward, a base level of risk management vocabulary and sophistication will be a prerequisite for being an effective board member. During the business planning process, planning and risk reporting cycles should be coordinated so that current information about risk issues is incorporated. These communications do not always have to take the form of an official agenda item they should be part of an ongoing business dialogue that s embedded at all levels in the day-to-day culture. The discussion of strategy and risk at the board level is no longer limited to the specific risks related to a chosen strategy. One director made the observation that the risks that were hardest to predict and assess were often those caused by the interaction of multiple, seemingly unrelated risks. She shared her organization s approach to identifying such risks something she termed future planning. During strategy development, she and the rest of the board spend time going through various scenarios to explore potential outcomes of different approaches in order to identify strategy derailers that could have otherwise gone unnoticed. Equally important are the risks that the strategy introduces to the organization as a whole, including the interests of an increasingly disparate stakeholder group that may have conflicting strategic interests. Directors are increasingly asking more pointed questions of management: How much risk are we prepared to take? How much risk are we carrying at the moment? Are these risks within our risk appetite? How will our stakeholders react? These are important questions that are now used as filters for decisions on the allocation of capital, for example. As one director put it, if he is approached for new funding but is not given a clear answer to these fundamental questions, his vote is very simple. Ultimately, not every risk can be avoided. Crises will happen, and it s therefore crucial that your organization has a well-planned, flexible approach to crisis management. There is no way to anticipate all eventualities, particularly those caused by external factors. The board members we spoke with encouraged preparation to minimize an event s impact, and position your organization to recover quickly. The board and management team can review various unexpected scenarios together in order to develop the principles and protocols necessary to guide an effective response to different situations. Directors recommended that the board agenda include a briefing on emergency preparedness and contingency plans, including crisis management, security policies and procedures, and clearly defined roles and responsibilities, so that you are well prepared in the event of a crisis. 4

7 The financial crisis of the past few years has left most boards dealing with a legacy of uncertain economic conditions and a plethora of new regulations with which to comply. Added to the mix is an expanding, increasingly diverse and vocal stakeholder community. It s a tough job directors are expected to do their homework and be close enough to the business to understand its associated risks, while still maintaining enough distance to be effective in their often contrarian role as assessors of how well executives are managing that risk. And in the end, how that risk is managed is what will guide an organization towards success or failure. The media has been full of stories of organizations negatively affected by catastrophic failures not because they took on too much risk, but because the risks simply weren t put into perspective and properly managed. Our discussions with board members confirmed that a robust, systematic risk management process is a necessity, but in order to be truly effective it must be supported by three fundamentals: culture, talent and strategy. If directors can foster an open and positive corporate culture, help attract and retain top-notch talent, and assist in setting a sound corporate strategy, they can help maintain a thriving business, mitigate risks that threaten the organization s viability and provide true value to all of its stakeholders. 5

8 Ernst & Young LLP Assurance Tax Transactions Advisory About Ernst & Young Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 167,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential. For more information, please visit ey.com/ca Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. ey.com/ca 2013 Ernst & Young LLP. All rights reserved. A member firm of Ernst & Young Global Limited This publication contains information in summary form, current as of the date of publication, and is intended for general guidance only. It should not be regarded as comprehensive or a substitute for professional advice. Before taking any particular course of action, contact Ernst & Young or another professional advisor to discuss these matters in the context of your particular circumstances. We accept no responsibility for any loss or damage occasioned by your reliance on information contained in this publication. ED Contacts East Anne-Marie Hubert Managing Partner, Advisory Services Canada anne-marie.j.hubert@ca.ey.com Tanya Khan Risk Leader, Canada tanya.khan@ca.ey.com Vincent Cartier Partner, Montréal vincent.cartier@ca.ey.com West Jeanie McKibbon Partner, Calgary jeanie.f.mckibbon@ca.ey.com Fiona Macfarlane Partner, Vancouver fiona.j.macfarlane@ca.ey.com Kirsten Tisdale Partner, Vancouver kirsten.tisdale@ca.ey.com Wayne Thompson Senior Manager, Vancouver wayne.thompson@ca.ey.com