Corporate directors’ responsibilities and fiduciary duties in relation to risk oversight has continued to escalate in line with increased regulatory scrutiny, requirements, sanctions and stakeholder activism. Expectations for board oversight of management’s risk appetite and tolerance are rapidly evolving, and most boards face significant challenges in meeting those new expectations. Many current approaches to risk oversight often fail to link risks to strategic business objectives. This program highlights a set of concrete emerging best practices for boards in this important area of responsibility and provides guidance on how boards can take action to implement a board-driven approach that links retained risk information to strategic and foundation business objectives and increase the certainty of achieving them.

The attitudes and actions of those viewed as leaders within a Company help to define corporate culture and are critical to implementing a successful ERM program. Boards should take the time to understand and appreciate that any ERM program will be only as successful as their involvement signals it should be. Tone at the top is more than a catch phrase; it is the genesis of a company’s culture and, consequently, necessary to establish a risk-aware and value-generating corporate environment. Participants will explore the challenges and benefits of creating a risk-aware corporate culture and provides suggestions and best practices on how the Board can facilitate the establishment of such a culture.

As a result of the various global financial crisis, regulators, rating agencies, and investors have heightened expectations for boards’ involvement in the establishment and tracking of their organisation’s attitude to risk taking. Significant confusion exists around the definition of, and appropriate processes and controls over, risk appetite and risk tolerance – resulting in the lack of risk focus, risk strategy and risk direction. An organisation’s risk management capabilities, along with the board’s risk governance processes, may be assessed according to their “maturity”—that is, where they reside on a curve that progresses toward Risk Smart and Risk Intelligent cultures. Whilst there is no definitive threshold that all organisations should achieve, there is a level of maturity that is right for each organisation, and it depends on how capable that organisation needs, or wants, to be in order to manage its risk profile. Regular assessments can help organisations determine their current maturity level, the level they aspire to reach, and whether the board is getting the amount of information it needs to fulfil its role.

Recent significant risk events, including catastrophic weather, cybercrime, macroeconomic issues, and supply chain interruptions, have resulted in an increased focus on risk and risk management by boards of directors. One of the board’s key oversight roles is to understand the organisation’s strategic risks and the relationship between risk and strategy. This module addresses the factors that are driving the need for strategic risk management, outlines a strategic risk assessment process, and offers recommendations for integrating risk management in strategy execution and measurement. However, the board decides to proceed, their leadership, direction, and overall oversight will be critical to the success of a strategic risk management process.

The world does not stand still for any organisation. Those that have processes ready to respond to change are generally more resilient than those that do not. The world of risk management is continuously evolving and adapting to change. Even though the risk management process detailed in ISO31000 remains valid for the management of emerging risks and black swans, organisations need to manage emerging risk differently than ‘business as usual’ risks. Nevertheless, the general atmosphere of fear and/or mystique around black swan events or an emerging risk that remains just over the horizon, makes us feel uncomfortable. There is often little or no data on which to base the risk response. Black swans and emerging risks may appear more challenging to identify, assess and manage. The use of different tools and techniques in addition to traditional methods, will help you work through these difficulties. It is clear that for an organisation to perform successfully and be resilient, there needs to be an appropriate approach to managing black swans and emerging risks. This is a valid concern given the uncertain times we are living in, and the challenges presented to many of the assumptions that underpin traditional risk management thinking and techniques (e.g., our ability to anticipate risks).

Civil charges against independent directors alleging negligence in the face of fraud serve as a sharp reminder for boards that ignorance of fraud risks and red flags is no excuse for inaction. The liability directors can face in a fraud case by doing nothing should serve a s a wake-up call that turning a blind eye to warning signs and red flags is not acceptable. Whole the ramifications can be serious, this new climate also brings to the forefront the positive impact of effective board governance in safeguarding organisations from fraud. However, an engaged and dedicated board can have a measurable, positive impact on an organisation by requiring, supporting, and overseeing a fraud risk management program. Learn how directors can effectively discharge their responsibilities, while helping to secure a financially and ethically sound future for their organisation by requiring, implementing, and overseeing a proactive fraud risk management plan.

Risk enters every decision in life, but clearly some decisions need a structured approach. The role of the board of directors in enterprise-wide risk oversight has become increasingly challenging as expectations for board engagement are at all-time highs in an increasingly uncertain environment. Risk is a pervasive part of everyday business and organisational strategy. Dealing with risk is part of governance and leadership, and is fundamental to how an organization is managed at all levels. Yesterday’s risk management practices are no longer adequate to deal with today’s threats and they need to evolve. These considerations are at the heart of ISO 31000 which delivers a clear, short and concise guide that will help Boards and their organizations use risk management principles to improve planning and make better decisions. Directors need to understand and address the factors contributing to effective Board Risk Management Committees (BRMC) as well as common BRMC pitfalls and potential overlaps between the BAC and BRMC and implement practical solutions.

Risk taking, the engine driving business, is vital to companies seeking market success. In an increasingly complex world, business risk poses threats, but also provides significant opportunities and possibilities for organizational innovation and new competitive advantage leading to short- and long-term profitability to create new competitive advantage as well as new ways to satisfy customers. To garner these benefits, however, risks and opportunities must be evaluated and handled within a system that adequately identifies, quantifies, and mitigates them. This robust treatment of risk and opportunity allows for rigorous management practices enabling organizations to capitalize on their expertise to identify and capture opportunities that can help to beat the competition. Measures developed and applied to counteract business risks can, and often do, illuminate some of the greatest opportunities for innovation to companies that are ready to see and seize them. In fact, risk and opportunity are a duality—like two sides to the same coin. Companies that are successfully exploiting and protecting present opportunities and exploring future innovations, all the while managing risk, have been called “ambidextrous organizations.

What would you do if your company was suddenly swept up in a media fire storm? Boom goes your great reputation. You never know when a product will fail, an accident will happen, or an employee will do something spectacularly dumb. And when the crisis hits, the bad news will spread faster than you can say “Tweet.” Everyone with a desktop or smart phone has access to throngs of people who can fan flames for a very long time. Even small crises, if not properly dealt with, can cause damage to company’s financials, reputation and value, which means that organisations, with appropriate Board oversight, need a way to prevent incidents from escalating into crises. Even though it probably isn’t in your job description as a Board Director, knowing how to play your role and, where necessary, lead in a crisis is a crucial part of a Director’s responsibility. Boards need to be able to provide leadership in not just surviving the onslaught of any crisis, but emerging after the crisis with a stronger business and wiser team.

Machine learning is all around us, getting smarter each day as we generate more data. It’s become such an integral part of our lives that we probably don’t even realize how omnipresent it is. Many industries now use artificial intelligence (AI) to transform huge amounts of data into the knowledge that drives suggestions and decisions. And, as machine learning continues to weave its way into everyday life, you can’t overlook the associated risk assessments and management strategies. Although, like many things in life, machine learning and AI introduce exciting new opportunities, they also introduce risk. These powerful technologies are always evolving, allowing risks to appear—and multiply—quickly. And, like many real-world applications, humans can manipulate these tools for more sinister purposes. This program is designed to help Board professionals approach machine learning from a risk-based perspective, rather than a technical one. We aren’t going to dive into decision trees or random forest algorithms, but we are going to review the role of risk identification, assessment, and management in AI and machine-learning applications.

Cyber-attacks and data leakage are daily threats to organisations globally, reminding us that we are all potential targets of this type of threat. Investors and regulators are increasingly challenging boards to step up their oversight of cybersecurity and calling for greater transparency around major breaches and the impact they have on the business. This has galvanised corporate boards who have woken up to the call that they must address cybersecurity issues on their front lines, as it is not just an Information Technology (IT) issue. In fact, cyber risks are an enterprise-wide risk management issue. Given this environment, it is not surprising that cyber risk is now near the top of Board, Board Risk Management and Board Audit committee agendas. This program guides Directors on how to ask the right questions, what the key considerations are, how they can be more effective in managing cybersecurity risk, as well as how synchronization and integration as the board wants to remain agile and responsive to the evolving and changing cyber threat landscape.

The terminology of Governance, Risk and Compliance, or GRC, has been bandied around as the latest buzz phrase as a result of various standards. In order for transparency, accountability and integrity to occur, companies should look at adopting one or more of the enablers such as adopting a culture of business integrity and ethical values, looking at GRC as a single entity as opposed to separate activities, and utilising technology to enable efficiencies and effectiveness. Organisations with effective Board GRC oversight ensuring efficient governance, compliance and risk systems tend to score highly in terms of business performance and business sustainability. They are generally characterised by their capability to invest to create value rather than to scrimp to save expense. Considerations here should also include Climate change and principles-based taxonomy (CCPT) practices. This program discusses why Boards should ensure GRC is treated as a single entity as opposed to separate ones. It also highlights how technology can be leveraged to maintain, monitor and report in real time the state of compliance for an organisation. Coverage also includes basic CCPT considerations.

ESG is changing the business world as stakeholders increasingly expect companies to make their operations more sustainable. There are good reasons to meet those expectations, but before starting out, it’s important to understand what ESG is and what it means for your company. Businesses face new risks as investors, consumers, employees and partners demand greater corporate accountability, transparency and sustainability. Stakeholders want to know how organizations are affecting the environment, how they treat their employees, clients and communities, and if they conduct their business ethically. These environmental, socioeconomic and governance variables, which are likely to affect the financial situation or operating performance of a company, are collectively referred to as ESG (Environmental, Social, Governance) risks. While ESG variables are diverse, they all have one thing in common: they can have a significant impact on a company’s long-term sustainability and profitability. A business that overlooks these risks could potentially incur large financial penalties and also lose investors, customers and stakeholder support. However, not all ESG issues are created equal, and their relative relevance varies by company, industry and sector. It can represent risks and opportunities that will impact a company’s ability to create long-term value. This means each organization must identify, manage and reduce its unique material ESG risks.

In an age of unprecedented business and supply chain connectivity supported by technological advancement and disruption, the ability of firms to transform themselves to remain agile and meet the needs of tech-savvy, connected and informed customers is crucial to their sustainability and survival. The current pandemic has also significantly accelerated customer technology and digital embracement, new ways of working (remotely) and new business models which further heighten the criticalness of pre-planned, preventive and effective technology and cyber risk management by firms. Technology today is more than an enabler, it has become a strategy. Yet, it is precisely this enabler and strategy which poses deep and hidden threats which, if not understood and managed properly, can pose a significant threat to the very survival of a firm.