Adding a risk expert to your board


An international group of directors and chief risk officers has drawn up a guide to help organisations better govern risk by recruiting qualified risk directors to their boards and risk committees.

"An understanding of risk and its proper governance is not just about protecting organisations from large, unexpected losses, although that is very valuable," says David R Koenig, CEO of The Governance Fund Advisors and executive chairman of the Qualified Risk Director Governance Council. "Risk governance is equally about how organisations can pursue the goals they have established with more success. Qualified risk directors make those goals more achievable."

The Qualified Risk Director Guidelines were designed by the Directors and Chief Risk Officers group (DCRO), which consists of more than 1,600 directors, chief risk officers and other C-level executives from over 100 countries whose work involves the governance of risk.

In keeping with the spirit of the "audit committee financial expert", as defined by the US Securities and Exchange Commission in response to the Sarbanes‐Oxley Act of 2002, their task was to define the attributes and experiences that would be optimal for a qualified risk director to be successful.

They found that any board member designated as a qualified risk director is likely to require personal, business, and educational experiences that are somewhat unique to the role. These are detailed in the guide. The guidelines, designed for voluntary adoption, are being distributed to companies around the world and to regulators that have shown an interest in advancing the governance of risk at the board level.

However, the guidelines note: "It is not sufficient that organisations simply adopt the Qualified Risk Director Guidelines in their selection of board candidates. Successful governance of risk requires that the proper corporate environment be established by the board and then developed by the executive." In many cases, such success may be predicated on positive answers to the following five critical questions:

  1. Does the organisation have the appropriate risk governance policies for its business?
  2. Does the organisation have sufficient and robust risk management processes along with timely and actionable risk reporting?
  3. Does the management culture around risk foster an open discussion of decision-making that includes and affirms risk explicitly?
  4. Does the organisation have appropriate talent in place to identify and manage risk?
  5. Does the board properly oversee (govern) the organisation's risk?

Email Banner