NYSE Governance Services

Hot Topics in Risk Management

Corralling Risk: Should You Use a Separate Committee?

Corporate Board Member Magazine Q4 2015

By Charles Keenan

The challenge of overseeing public company risk looms larger all the time. Will a dedicated committee help your company keep risk oversight under control?

In the 2015 proxy statement of Tetra Tech Inc., an investor with a careful eye would have noticed a slight change from 2014 when it came to the name of one of the company’s board committees. For Tetra Tech—a consulting, engineering, and technical services company based in Pasadena, California—the former title of “strategic planning committee” didn’t fully show its enterprise risk management function, so the name was update to “strategic planning and enterprise risk committee.”


The Confidence Game:
How Boards Can Get More Risk Insight From Company Forecasts

October 27, 2015

From Deloitte

Three critical responsibilities of the board are to (a) guide corporate strategy, (b) consider how strategic risks might impact the company, and (c) approve the financial budgets expected to drive strategy in a risky world. Directors have become increasingly attuned to a growing array of risks, including the risk of poorly defined or executed strategic decisions. Although there is no fail-safe formula for setting and delivering a winning strategy, there is something the board can ask management to do to improve the quality, robustness, and insight delivered by forecasts: take a risk-adjusted approach to planning, budgeting and forecasting.


Real Scenarios for Real Performance in Risk Management

January 29, 2015

By Brian Barnier

Technology change, competitor action, cyber attacks, supply chain disruption, regulatory change, product blunders and executive departures–the risks to business performance are unceasing in a dynamic environment. Yet, in the need for performance lies the seed of improved risk management.

The board is accountable for protecting and growing value. Boards seek to drive a culture of find early and fix fast to ensure the range of risks to return are managed, especially those most painful to explain to investors or regulators.


January 29, 2015

By Brian Barnier, ValueBridge Advisors

The ominous message read, “There’s been a drowning.” I was serving on the board of a non-profit that provided community arts and recreation services. We had our own facilities and managed one of the city’s swimming pools. My mind raced through our procedures. In the end, it kept coming back to, “What improvements should we have implemented more quickly?”

While it was no consolation to the victim’s family, the drowning did not occur in the pool we managed. Yet, it struck home for our organization. It was one of many lessons learned; that capabilities need to be strengthened in the face of unfolding situations. This is real risk in the real world.


How to Sharpen Focus on Risk to Performance (and Avoid the “Emerging Excuse”)

January 29, 2015

By Brian Barnier, ValueBridge Advisors

Stop being alarmed by the clanging bells of so-called “emerging” risks. There is very little new in the world—including to observant people in your organization, industry and beyond. “Emerging risk” noise hurts when it distracts from the full range of risks to the business. As board members, we need to help management keep their eye on the ball—turning risk into performance.

Recent noise on cyber risk is really just about one of many cyber risks, data breaches of personally identifiable information (PII). Even this isn’t new. THE FIRST DATA BREACH LAW is a decade old. Further, actual risk didn’t arise with the law; it arose decades earlier with technology and bad guys.


34 Corporate Olympians & Key Lessons for Your Company

January 29, 2015

By Brian Barnier, ValueBridge Advisors

Olympians take risk striving for the gold. In business, some companies are better managing risk in pursuit of return. Only 34 S&P 500 members in second quarter 2012 earnings reports won medals in the risk-return balanced growth games. This elite group had 12 month net income growth over 3% plus 5 year average annual revenue growth over 10%. While growth usually burns cash, these companies also reported a quick ratio of 1.25 or greater.

Olympic winners result from body mechanics, training and attitude. Winning companies result from strategy, business model, execution and a humble, continual improvement attitude. This is tough to sum up in a number, but painfully clear in real life.


Embracing Risk Oversight - The Board's Role In Setting The Right Culture

October 6, 2014

From NYSE Governance Services and Thomson Reuters

Board members have a legal, fiduciary duty to oversee risk, but it is less clear as to where “the buck stops” when it comes to ownership for corporate risk oversight and setting the proper risk culture within the context of the boardroom today. What role does management play and what role does the board play? Recent research from NYSE Governance Services and Thomson Reuters suggests that some board members worry fellow directors do not understand the risk culture within the company, and overall, directors rate management’s understanding of risk higher than their own.

Where should boards’ priorities lie with regard to risk oversight? What improvements are needed to ensure boards are fully invested in both understanding and overseeing risk? Though the amount and scope of risk information is improving, the results of our survey point to several gaps in board members’ knowledge, raising the question of how well directors are equipped to fully vet risk scenarios or tackle strategic risk decisions.


Managing Cyber Risk: Are Companies Safeguarding Their Assets?

August 4, 2014

From RSA

In the last few years, companies both in the United States and abroad have witnessed the steady growth of cyberattacks and corporate espionage. The financial losses and, worse, often irreparable reputational harm such incidents wreak have served to place a target squarely on the backs of board members to ensure they are properly overseeing cyber risk.

To get a better grasp on how U.S. boards are handling cybersecurity roles and responsibilities, NYSE Governance Services, Corporate Board Member and RSA, in association with EY, surveyed more than 200 audit committee members this spring on a variety of issues regarding their cyber risk oversight program. This paper will outline the top-line issues surrounding cyber risk oversight and highlight the findings of our study on directors’ opinions related to their role in cyber risk oversight.


Dodd-Frank At 4: Where Do We Go from Here?

July 23, 2014

From Morrison & Foerster

Where do we go from here? As we mark another milestone in regulatory reform with the fourth anniversary of the enactment of the Dodd-Frank Act, it strikes us that although most studies required to be undertaken by the Act have been released and final rules have been promulgated addressing many of the most important regulatory measures, we are still living with a great deal of regulatory uncertainty and extraordinary regulatory complexity.


Insider Threats

May 8, 2014

By Samuel Visner

The insider threat challenges not just the public sector but the commercial sector as well, placing in peril personal information, operational data, and critical intellectual property, which can be as valuable to some as the public sector’s classified information.

We have seen in the retail world how clever cyber adversaries can be, using a company’s supply chain and point of sale network to identify and exploit dangerous vulnerabilities.


2014 "What Directors Think" Study

February 28, 2014

By Deborah Scally and Kimberly Crowe

What kind of board does your company need to maintain a competitive edge? Industry and leadership experience are obviously important factors and most boards have added a financial expert thanks to Sarbanes-Oxley, but does your board have IT expertise? Social media savvy? How about an international perspective?

Given the meteoric rise in IT risk, it is likely your board either already has a director who is well versed in information technology and data security or is looking for one to help it better understand the company’s IT risk profile. The same is true for the fast-growing realm of social media; its increased use as a competitive strategy in recent years has brought correspondingly greater risks. And if your company is contemplating expansion outside of the United States, bringing in a board member with international experience is a must. At the same time, more attention must be paid to the tricky arena of anticorruption and FCPA compliance, with its minefield of risk.

The results of the 2014 Corporate Board Member/Spencer Stuart What Directors Think survey, a long-running annual study based on the input of public company directors nationwide, reveal directors’ views on rejuvenating the board, risk oversight, say on pay, and more. In many areas, this year’s findings align with more than a decade of What Directors Think results and demonstrate that CEO succession and the desire for more time for strategic planning continue to be chief challenges for U.S. public company boards.

In addition to the core areas of study, this year we posed a number of questions around board structure, turnover, and guidelines to better understand the methods and processes boards are employing to maintain their vibrancy and effectiveness. Interestingly, quite a few directors wrote in to comment that these latter issues, while topical, should never become a distraction from their primary responsibility of improving the bottom line.