Risk oversight is a 'team sport': When considering a board-level risk committee, the board first must clarify its own oversight responsibility as well as the oversight responsibilities of its standing committees. Here is a way to get at that.

• Author: Keizer, Henry R.
• Position: RISK OVERSIGHT

THE LASER-FOCUS on risk--how a company manages it, and how the board oversees it--has sparked rigorous discussions in many boardrooms and in Washington, D.C., about the pros and cons of establishing board-level risk committees. It's certainly a healthy debate to have, but context is critical. The role of a risk committee cannot be considered in isolation; rather, it should be viewed in the context of the broader board/committee structure for overseeing the company's risk management system.

I would offer the following considerations to help boards put these "risk committee" discussions into context, and determine what makes most sense given an organization's specific risks, challenges, and oversight objectives:

* Recognize that it is unlikely any committee--including a risk committee--has the time, resources, and expertise to assume full responsibility for risk oversight. In fact, more and more boards are recognizing that risk oversight is a "team sport"--the full board and all standing committees have important oversight responsibilities for risk.

[ILLUSTRATION OMITTED]

* Clarify the role of the board and its existing standing committees for risk oversight. A growing number of corporate governance observers, as well as the National Association of Corporate Directors (NACD) with its Blue Ribbon Commission on Risk Governance ("Risk Governance: Balancing Risk and Reward," 2009 Report), recommend that primary responsibility for risk oversight rests with the full board, and includes:

--Helping management think through the company's strategy, understand the risks inherent in the strategy, and agree on the risk appetite, i.e., the amount of risk the company is prepared to undertake in pursuit of its strategy. (Given the important link between strategy and the risks inherent in that strategy, it is difficult to separate the responsibilities for oversight of strategy and oversight of risk.)

--Helping ensure that management has a system in place to manage risk, and that the system operates to inform the board of the major risks facing the company.

--Ensuring that the board's committee structure and oversight processes enable effective oversight of the major risks facing the business.

Each standing committee of the board typically has oversight responsibility for risks inherent within its area of oversight. For example, the audit committee is responsible for financial reporting risks. In addition to the board's audit, compensation, and...