The complexities of modern business and the constant pursuit for competitive advantage mean that boards must take on risk management as a key task. A survey conducted by EY of board members revealed that risk oversight is at best basic in many companies. Whether it’s the structure or format of risk reporting, or the quantity of times board members engage with this issue, many are struggling to keep up.
The good news is that there are few important steps that can help.
The first step is for boards to develop clear reporting structures that make it easy for them to understand the risks their companies face. This should include a clear breakdown of the kinds of risks that need monitoring (financial and operational, reputational, etc.). A clear and concise framework makes it easier for the board of directors to make sure they ask the appropriate questions for risk management and to know what answers are reliable.
The board should employ sophisticated tools to assess risks and decide on the most appropriate combination of taking risks. In addition to the more traditional options, such as Value at Risk (VaR) models, tools like Monte Carlo simulation can bring this process into the realm of science and allow the development of thousands of scenarios that weigh the probabilities of loss or profit against the impact on the company’s operating strategy and strategy.
Additionally, the board should be able monitor the leading indicators of the risks it is facing and have trigger-based actions which are activated when the trend is not in favor. This will allow the board to quickly respond in times of crisis, for example ransomware.