The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Articles   /  Risk Appetite, Tolerance And Board Oversight

Risk Appetite, Tolerance And Board Oversight

The business environment grows more complex, demanding and dangerous by the day. Expectations of profitability are always high. Shareholders expect returns while regulators insist on compliance. Stakeholders are becoming increasingly vocal about governance, and have no qualms nowadays about taking firms to task over perceived ethical breaches. Companies are finding it difficult to do business and stay in business, and the people who direct them – the Boards – have to constantly keep their balancing act together. Where do Risk Appetite, Risk Tolerance and Board Oversight stand, in today’s environment?

Clarity, understanding and setting boundaries
Many organisations question their relevance, particularly in conditions that are rocked by disruption and uncertainty. There may also be incomplete understanding of what risk appetite, tolerance and Board oversight are, and how they relate to Enterprise Risk Management (ERM). Risk appetite is usually regarded as how much risk the firm is attracted to in pursuing its objectives; risk tolerance is how much the firm can actually bear. But risk appetite is an operational risk management tool rather than an ERM tool. There is also a general perception in most organisations that what falls outside the firm’s risk appetite, cannot be undertaken.

However, this may not always be the best course to take; the firm may end up losing opportunities by adhering blindly to these parameters. To mitigate situations like these, the Board therefore sets BAU boundaries for management.However, management may be allowed to consider pursuin opportunities exceeding the firm’s risk appetite provided enhanced due diligence is done and the actions taken can be strongly justified for the Board to consider. The Board is, at best, made up of directors who are present only part of the time. Management, on the other hand, is constantly on site and hands-on with operations. It can therefore make properly informed recommendations for Board approval.

An evolving environment
But lapses in appropriate governance over the past decades have caused serious financial repercussions. This has made regulators and stakeholders more vigilant and more demanding of Boards and management. Increased disclosure is now the norm, and standards of oversight have tightened. The focus is on better governance and more transparency, accountability and personal integrity. All this is spurring Boards to greater involvement in managing their organisations. Boards are increasingly accountable and answerable to regulators, to the extent of personal liability. They are also increasingly being forced to micro-manage on unprecedented levels.

This has given rise to a conundrum. If the Board micro-manages, can it simultaneously strategise effectively? And will it be able to rise to the occasion when tactical management is required? Corporate strategy encompasses identifying opportunities as well as risks. Can the Board see one while trying to manage the other? Capitalising on opportunities increases the value of the company and moves it closer to achieving its objectives, but how does the Board strike an appropriate balance? It is a fact of corporate life that success factors are never aligned. They are inevitably out of synch. A major portion of corporate planning is spent on identifying and aligning them to achieve optimum value.

Giving rein to management
Management action plans are therefore necessary to drive the achievement of organisational objectives. When formulating a management action plan, putting in checks and balances in strategic positions is imperative. There should be a risk appetite statement that clearly sets out the organisation’s mission and objectives, and how far management can push boundaries in pursuit of these. Having committed these to a document notwithstanding, an organisation’s risk appetite is not written in stone. It has to be dynamic in order to allow the firm to adapt to the external business environment and to seize good opportunities as they arise. There should, therefore, be reviews of the risk appetite to allow for adjustments to changes in the firm’s circumstances or the environment. Limits should be set, and guidelines followed. Compliance is a must.

Setting up the management action plan will require close cooperation and interaction between Board and management. The lines have to be clearly drawn so that management knows what is expected of it. The Board, recognising the need for closer scrutiny ,commits itself to being more hands-on while also recognising that management needs a greater degree of autonomy where taking risks in the interests of the company is concerned. At first glance, it may seem quite complicated – letting go of control while simultaneously instituting more robust oversight. But it is ultimately bound up in the thrust for better corporate governance and transparency.

Leveraging at optimum level
The Board needs to demonstrate that the necessary levels of oversight are in place, and management is being empowered to do its job – without micro-managing at the same time. Determining the firm’s risk appetite and risk tolerance demands in-depth understanding of the business. Without this, it will not be possible to put itself in the shoes of management. And without the prerequisite levels of awareness, drawing boundaries for management will be next to impossible, nor can management be expected to perform at optimum level.

Boards must demand better information so that they can provide more robust oversight. Management, for its part, has to provide timely, relevant reports to the Board to demonstrate that the Board’s directions are being adhered to. Comprehensive documentation and regular reporting increase the credibility of management, and trust levels of shareholders. Corporate governance failures in the past have resulted in some bitter and very costly experiences. It is to the advantage of all parties to apply mitigative measures, to ensure history does not repeat itself.

Leave a comment

User registration

You don't have permission to register

Reset Password