Decades ago, the notion of “risk management” boiled down to the simple act of buying insurance. These days, however, board members are expected to be much more involved in overseeing and evaluating their company’s level of risk.
According to PwC, risk management includes “the identification, assessment, and prioritization of risks and the application of resources to minimize, control, and mitigate the impact of unfortunate events on a business.
It is the job of a board to oversee that their management teams have adequate risk management policies and procedures in place.”
Overseeing risk isn’t a job that falls solely on outside directors, though. According to the Harvard Law School Forum, internal executives are expected to handle the day-to-day risks of their business operations, but directors should, “through their risk oversight role, satisfy themselves that the risk management policies and procedures designed and implemented by the company’s senior executives and risk managers are consistent with the company’s strategy and risk appetite.”
In other words, it’s the job of the board to ensure that the CEO and senior executives are completely engaged in systematic risk management behaviors.