Risk is part and parcel of business management and taking risks usually underpins success, so risk can never be entirely eliminated. But it does need to be managed.
OK, so you can’t make an omelette without breaking eggs… where do you start?
It is the responsibility of the board to establish the ‘risk appetite’ of the business (how much risk the organisation will accept), and the ‘risk tolerance’ (degree of variance to the appetite).
Non-executive directors with their wealth of external experience are expected to hold executive directors to account in this regard. They should not be part of a cosy club. Their role is to provide effective checks and balances.
What is the top priority when it comes to risk management by a board?
Almost certainly, the choice of chief executive – it’s their influence above all others that determines the risk appetite of a business.
How do you assess 'risk'?
Impact and likelihood are the two key principles involved in the majority of risk assessments, and these then help to identify the board’s priorities.
And who should be involved in this?
It’s very much bottom up – identifying risks requires the involvement of as many people as possible. The banking crisis showed what happens when the board is not aware of risks involved in complex trading operations.
How do you define the boundaries?
Not easily – it could be what is simply too risky relative to the potential returns, the attitude of stakeholders, the culture of the organisation, the regulatory environment...
And what happened to learning from our mistakes?
Yup, it’s just as important to learn lessons from the past.
What follows should then be a clear strategy from the board for dealing with risks that have been identified and a system of internal controls to manage and assess risks on an ongoing basis. Incidentally, it is not the board’s job to execute the strategy – that falls to management.
What if a board thinks 'life’s too short' and chooses to avoid risks altogether?
The business is unlikely to flourish. The idea is not to 'bet the company', but to understand that the greater the risks, the more monitoring is required.
But what if you’re a young and thrusting company taking risks because that’s where the biggest rewards lie! Live fast, die young and all that...
Awareness is everything. You could end up soaring to the heavens or, like Icarus, as a messy bunch of feathers and wax. It’s up to directors to know/accept what the opportunities or consequences of failure could be.
- Dr Roger Barker is director of corporate governance and professional standards at the Institute of Directors