This is not the most exciting subject to be talking about by a board of directors, but you should always be discussing various aspects of risk management as part of your oversight responsibilities. Some key areas that your board may want to focus on include:
1. Identifying and assessing the organization's key risks: The board should be aware of the risks that the organization faces and should be involved in the process of identifying and assessing those risks. 2. Developing risk management policies and procedures: The board should ensure that the organization has in place policies and procedures to manage identified risks effectively. 3. Monitoring risk management implementation: The board should monitor the implementation of risk management policies and procedures to ensure that they are being followed and that risks are being effectively managed. 4. Reviewing risk management reports: The board should review regular reports (at least every three months) on the organization's risk management activities to ensure that risks are being identified, assessed, and managed effectively. 5. Overseeing crisis management and business continuity planning: The board should oversee the development and testing of crisis management and business continuity plans to ensure that the organization is prepared to respond effectively to unexpected events that could have a significant impact on the organization. (a non-executive director should always be part of the crisis management team). 6. Reviewing and approving risk management budget: The board should approve the risk management budget and ensure that the organization has sufficient resources to manage risks effectively. 7. Reviewing and approving risk appetite: The board should approve the risk appetite of the organization, this is the level of risk the organization is willing to take to achieve its objectives.
Overall, the board of directors should be actively involved in risk management to ensure that the organization is taking appropriate steps to identify and manage risks, and that risks are being considered in the context of the overall strategy and goals of the organization.
Here are some examples of recent failures by boards to adequately deal with risk management and the problems that resulted
There have been many examples of organizations in which boards of directors have failed to adequately deal with risk management, resulting in significant problems. Here are a few examples:
1. The 2008 financial crisis: Many banks and financial institutions had boards that failed to adequately oversee risk management, resulting in excessive risk-taking and a lack of oversight of the complex financial products that were being traded. This ultimately led to the global financial crisis of 2008. 2. The Deepwater Horizon oil spill: The board of BP failed to adequately manage the risks associated with deepwater drilling, resulting in the Deepwater Horizon oil spill in 2010. This resulted in significant environmental damage, as well as economic and reputational harm to the company. 3. The Boeing 737 MAX crisis: The Board of Directors of Boeing failed to adequately oversee the development and certification of the 737 MAX, resulting in two fatal crashes, and a subsequent crisis that led to the grounding of the entire fleet. (this is still ongoing with new privately elections, taking place currently). 4. The Cambridge Analytica Scandal: The board of Facebook failed to adequately oversee data privacy and security risks associated with the use of Facebook data by Cambridge Analytica, which led to a significant data scandal and reputational damage to the company. 5. The Wells Fargo Scandal: The board of Wells Fargo failed to adequately oversee the bank's sales practices, which led to a widespread scandal involving the opening of millions of unauthorized bank accounts. 6. Enron: The board of Enron, an energy company, failed to adequately oversee the company's financial reporting, which led to a scandal involving accounting fraud. This resulted in significant financial losses for investors and reputational damage for the company. 7.
These are some major examples, but there are many more cases of organizations where boards failed to adequately deal with risk management and the problems that resulted. The common thread among these examples is that the boards failed to properly assess and monitor the risks facing the organization, and as a result, were not able to anticipate or respond effectively to problems that ultimately arose.
Here are a few examples of smaller companies where boards have failed to adequately deal with risk management and the problems that resulted:
1. Theranos: The board of Theranos, a healthcare company, failed to adequately oversee the company's operations, which resulted in a scandal involving the inaccuracy of the company's blood testing technology. This led to significant financial losses for investors and reputational damage for the company. 2. Valeant Pharmaceuticals: The board of Valeant Pharmaceuticals failed to adequately oversee the company's business practices, which led to a scandal involving the company's pricing and distribution of drugs. This led to significant financial losses for investors and reputational damage for the company. 3. Takata: The board of Takata, an airbag manufacturer, failed to adequately oversee the company's operations, which led to a scandal involving faulty airbags that resulted in multiple deaths and injuries. This resulted in significant financial losses for the company and reputational damage. 4. WorldCom: The board of WorldCom, a telecommunications company, failed to adequately oversee the company's financial reporting, which led to a scandal involving accounting fraud. This resulted in significant financial losses for investors and reputational damage for the company. 5. NHS Trusts: National Health Service (NHS) Trusts in the United Kingdom have been criticized for inadequate risk management practices, which have led to a number of high-profile cases involving patient neglect and preventable deaths. 6. Flint water crisis: The government of Flint, Michigan failed to adequately manage the risks associated with changing the city's water source, which led to a public health crisis involving lead contamination of the city's water supply. 7. The Grenfell Tower fire: The local government failed to properly assess and manage the risks associated with the Grenfell Tower building in London, which led to a devastating fire in 2017 that resulted in 72 deaths.
These are just a few examples of organizations where boards or management have failed to adequately deal with risk management and the problems that resulted. In all of these cases, the organizations were not able to effectively identify and manage risks, which ultimately led to significant financial losses, legal issues and reputational damage for the organizations/ companies? Causing also negative impact on individual people.
