Tag Archive: Business Portfolio Risk

Six Principles for Improving Board Risk Reporting

Published by
Jim DeLoach

Jim DeLoach

Board risk reporting is a subject of debate within many organizations as directors often consider reports to be too detailed or not actionable. Simply stated, risk reporting should enable the board and its respective committees to understand and govern the organization’s risks. To that end, here are six interrelated “board risk reporting principles” intended to foster reporting that focuses directors on the risks that matter and enables them to bring to bear their knowledge and expertise in ways that add and preserve enterprise value:

  1. Focus on critical enterprise risks and emerging risks. The critical enterprise risks represent the top risks that can threaten the company’s strategy, business model or viability and consequently warrant the most attention from the board’s risk oversight process. The board also needs to be mindful of emerging risks triggered by unanticipated and potentially disruptive events of varying velocity, ranging from catastrophic events—for example, a pandemic or hurricane—to existing risks accelerated by external and/or internal factors in unexpected ways, such as the impact of deteriorating underwriting standards or the demand for an endless supply of mortgage-backed securities on the subprime market that led up to the 2008 financial crisis.
  2. Address ongoing business management risks on an outlier basis. Every business has myriad operational, financial and compliance risks. For those risks that are not critical enterprise risks, risk reporting should be integrated with periodic status reports on line-of-business, product, geographic, functional, or program performance. Reports on these risks should also be triggered by the escalation of unusual matters that immediate board attention, such as exceptions against established limits (i.e., limit breaches). The point is that reporting on the day-to-day risks should not be as frequent as the critical enterprise and emerging risks.
  3. Ensure risk reporting is linked to key business objectives. Realistic and measurable objectives support the organization’s overall strategy and business plan. Risks related to those objectives may impact the organization’s ability to achieve those objectives and execute the strategy and plan. The relevancy of risk reporting is more firmly established with directors when it is closely tied to strategic business plans and the critical objectives and initiatives management has communicated to them.
  4. Use risk reporting to advance dialogues around risk appetite. A winning strategy exploits the areas in which the organization excels relative to its competitors. The risk appetite statement serves as a guidepost for when a new market opportunity or significant risk emerges. Although dialogue around risk appetite has advanced at the board level over recent years, there is still plenty of room for improvement. Once executive management and the board agree on the drivers of—and strategic, operational, and financial parameters around—opportunity-seeking behavior, the resulting risk appetite statement is a reminder of the core risk strategy arising from the strategy-setting process. Risk reporting should call attention to the level of risk the organization is undertaking in the pursuit of value creation and disclose when conditions change and the agreed-upon parameters are approached or breached.
  5. Integrate risk reporting with performance reporting. When stakeholders (e.g., owners of corporate, line-of-business, product, geographic, functional or program performance goals) report on performance to the board, they should also disclose the related key risks. Linking opportunity seeking behavior and the related risks is important as it enables each stakeholder reporting to the board to engage in a dialogue with directors on: the underlying risks and assumptions inherent in executing the strategy and achieving performance targets; the “hard spots” (i.e., the aspects of the plan that are well within reach to be achieved) and “soft spots,” (i.e., the riskier parts of the plan) inherent in the performance plan; the implications of changes in the business environment on the core assumptions and desired risk levels underlying the strategy; and the effectiveness of risk management capabilities. The effectiveness with which risk reporting is integrated with performance reporting is a powerful indicator of the enterprise’s risk culture. If risk reporting is an appendage to performance reporting, risk is more likely to receive limited board agenda time.
  6. Report on whether changes in the external environment affect the critical assumptions underlying the strategy. Risk reporting should provide insights as to whether executive management’s assumptions about markets, customers, competition, technology, regulations, commodity prices and other external factors remain valid. Reporting should focus on whether changes in these environmental factors have occurred, which could alter the fundamentals underlying the business model. Boards place high value on “early warning” capability.

The above principles are not intended to prescribe specific reporting practices, but rather offer sound direction for the board and management to pursue in improving the substance and content of the reporting.

Questions for Boards

The following are suggested questions that boards may consider, based on the risks inherent in the entity’s operations:

  • Does the board periodically evaluate the nature and frequency of management’s risk reporting?
  • Do directors work with management to agree on risk information the board and its committees require?
  • Is the board satisfied that both full board and board committee agendas allocate sufficient time to risk?

Do directors think they receive sufficient information on changing risks to avoid surprises?


Jim DeLoach is a managing director with Protiviti, a global consulting firm.

Straight Talk on Sustainability

Published by

With all the noise on the topic, I recently decided to spend some time asking Gib Hedstrom to give me the straight scoop about how boards address the issue of sustainability. Gib has been the “expert in the room” on these questions at more than fifty board meetings with major global companies, including Air Products, Ashland, and AlliedSignal (Honeywell).  I asked him three simple questions. (OK, actually I asked him four):

  1. What’s the best way for a board to define sustainability?
  2. What do the “better boards” do in the area of sustainability?
  3. As an individual director, what should I know about the topic? What questions should I be asking?

Here’s how Gib responded:

1. What’s the best way for a board to define sustainability?

Sustainability is about achieving enduring growth and profitability in the harsh face of 21st Century realities. The “new world order” of a swelling population, oil depletion, global warming, water scarcity, and economic turmoil makes this the fiercest competitive battleground for the next 20 years. It means rethinking everything.

It’s what I call “The Messy Transformation.” Most companies face significant risks. Yet whether you sell technology or transportation or consumer products – the opportunities are massive.

2. What do the better boards do in the area of sustainability?

The better boards bring sustainability into their deliberations about both risk and opportunity. On risk, they do three things:

  1. Take a Business Portfolio Risk approach. For example, 20 percent of U.S. coal plants are scheduled to shut down by 2015. If that’s your energy source, it calls for a Plan B — and fast!
  2. Encourage action on managing the relevant risk profile (short and long term) on Carbon Risk. For example, we see Samsung announcing that by 2013 it will cut by 50 percent the greenhouse gas emissions from its own operations and from the use of its products. We see Sony announce its plans to achieve a zero environmental footprint by 2050.
  3. Keep Operational Risk management front and center. You don’t have to look far back in recent headlines for evidence about what a single disaster can do to your operations and public trust.

For the opportunity side, it’s about investment. Even in this uncertain financial climate, over $100 billion has been invested in renewable energy in the past two years. Companies like Cisco, IBM, Google and Microsoft are rushing to capture “smart grid” growth opportunities. P&G has a five-year goal to accumulate $50 billion in sustainable product sales by 2012, and will have “Sustainable Innovation Products” in 30 million U.S. homes by the end of this year. Bank of America recently announced it is ahead of schedule on its 10-year, $20 billion business initiative focused on addressing climate change.

3. As an individual director, what should I know about where a company stands on sustainability?  What questions should I be asking?

Directors really struggle with sustainability. In the 2009 NACD Public Company Governance Survey, directors rate their effectiveness at sustainability (corporate social responsibility) almost dead last. Meanwhile, in 2009 the number of shareholder resolutions on sustainability reached a record level. Investors care!

At the next board meeting (or better yet, before it), ask these questions:

  1. What would it look like to be a true sustainability leader? What would be the characteristics (e.g., zero waste, carbon neutral)? What would the portfolio look like (e.g., percent of sales from green products, services and solutions)? Is this just from our own operations or across our full supply chain?
  2. Do we have a robust sustainability strategy and a multi-year plan that identifies our risks and opportunities? Our own sustainability scorecard?

So that’s what we hear from the true expert. Now, what does your board do?