3 Questions Every Board Needs to Ask About Enterprise Risks
3
Learn how CBIZ can help you evaluate and manage your company’s uncertainties at www.cbiz.com/RAS RISK ADVISORY Our business is growing yours As today’s risk landscape continues to change and evolve, it can create challenges for Boards of Directors in their oversight of risks confronting their companies. A 2015 study conducted by the American Institute of Certified Public Accountants (AICPA) concluded that a majority of companies were affected by these emerging risks. 3 Questions Every Board Needs to Ask About Enterprise Risks Collectively, 65 percent of participating managers and directors admitted that they were caught-off guard by an operational surprise over the past five years. It is crucial that senior management and Board members are well-versed on the risks that confront their companies. Failure to adequately understand the areas at highest risk and the procedures in place to mitigate them can decrease the effectiveness of the Board’s oversight of management and its ability to constructively challenge proposed changes in the best interest of the company. Asking these three questions at your next Board of Directors meeting can help educate members on existing risks and procedures to make sure the entire committee is on the same page. How is our organization identifying risks across the enterprise? It is necessary that a corporation’s Board understands the risks across the entire organization, Members should also be aware of how they can affect operations and profitability. A Board can’t evaluate these risks, however, if the organization hasn’t identified what they are. Pinpointing risk factors early allows time to plan a strategy for mitigation, which could save a business from continuity-disrupting events in the future. Risk identification could be done at the Board-level, management-level or even individual business unit- level. Some strategies to consider integrating into a best practice enterprise risk identification program are:
Transcript of 3 Questions Every Board Needs to Ask About Enterprise Risks
Learn how CBIZ can help you evaluate and manage your company’s uncertainties at www.cbiz.com/RAS
RISK ADVISORY
Our business is growing yours
As today’s risk landscape continues to change and evolve, it can create challenges for Boards of Directors in their oversight of risks confronting their companies. A 2015 study conducted by the American Institute of Certified Public Accountants (AICPA) concluded that a majority of companies were affected by these emerging risks.
3 Questions Every Board Needs to Ask About Enterprise Risks
Collectively, 65 percent of participating managers and directors admitted that they were caught-off guard by an operational surprise over the past five years.
It is crucial that senior management and Board members are well-versed on the risks that confront their companies. Failure to adequately understand the areas at highest risk and the procedures in place to mitigate them can decrease the effectiveness of the Board’s oversight of management and its ability to constructively challenge proposed changes in the best interest of the company. Asking these three questions at your next Board of Directors meeting can help educate members on existing risks and procedures to make sure the entire committee is on the same page.
How is our organization identifying risks across the enterprise?It is necessary that a corporation’s Board understands the risks across the entire organization, Members should also be aware of how they can affect operations and profitability. A Board can’t evaluate these risks, however, if the organization hasn’t identified what they are. Pinpointing risk factors early allows time to plan a strategy for mitigation, which could save a business from continuity-disrupting events in the future.
Risk identification could be done at the Board-level, management-level or even individual business unit-level. Some strategies to consider integrating into a best practice enterprise risk identification program are:
Learn how CBIZ can help you evaluate and manage your company’s uncertainties at www.cbiz.com/RAS
RISK ADVISORY
Our business is growing yours
© C
opyr
ight
201
6. C
BIZ
, Inc
. NYS
E Li
sted
: CBZ
. All
right
s re
serv
ed.
■ Facilitate a brainstorming session: Invite key stakeholders, such as Board members, management and business unit leaders, to share the risks that they are aware of that may be unknown to others.
■ Conduct a SWOT (strengths, weaknesses, opportunities, threats) analysis: Focus on the weaknesses and threats to your organization. Take the learnings from the discussion to map out your current and emerging risks.
■ Use Information Technology resources: Organizations with robust IT departments can use their expertise to scan for potential digital threats against the organization, such as a cyber-attack or data breach.
■ Hire a third party to conduct analysis: Enterprise risk management specialists can review your operations, exposures and current risk management strategies and insurance to identify ways to improve them.
What emerging risks are we currently aware of?Even if a mitigation plan is developed based on identified enterprise risks, the plan needs to remain flexible and easty-to-update to account for rapidly changing or emerging risks. These risks can evolve quickly and often destroy businesses that are not prepared to face them. The emerging risk landscape is uncertain, but some key risks to watch out for in 2016 include:
■ Cyber-related risks and attacks: Any company that uses technology to conduct business and manage client information needs to know what’s at stake. When cybersecurity is not part of the business process, it leaves a company vulnerable to data breaches and the loss of financial, personal or proprietary information. IT risks should be continually monitored and systems need to be updated to keep pace with the ever-evolving cyber threat environment.
■ Predictability and uncertainty in foreign markets: The fluctuation of commodity prices and currency values has created uncertainties that make strategic planning difficult. In 2016, growth and volatility is expected to define the global economy, but with
this degree in variation comes tremendous risk to companies. Be sure that you understand the rules and regulations you face in the international market. Reassess your budgets and forecasts on a semi-annual basis to account for changes that could affect your cash flow or profitability.
■ Talent management and succession planning: Company leadership is essential to keeping your business running smoothly, but when executives move on or retire, they create important gaps that need to be filled. You should be sure you have a process in place to identify the right successor or shift the responsibilities to reshape the vacancy to a role better suited to the needs of your organization.
■ Third party vendor relationships: Each of your organization’s third party vendors poses unique risks. For example, a vendor that assists your company with payroll and billing has increased risk because that vendor handles sensitive, financial information. Conducting an annual vendor risk assessment and performing necessary due diligence can help you identify what each vendor will require in terms of controls and monitoring.
Does our existing reporting structure meet industry standards?How effective the overall risk management program is depends on how effectively the organization communicates. Risk reporting should be used by organizations to illustrate success, failure and opportunity to key stakeholders. These communications should be interactive, with time built in for the Board to ask questions and discuss components of the outputs. If your organization does not currently have a reporting structure in place, consider establishing this component to drive transparency to the process. If your organization does have a reporting structure, you could benefit from benchmarking your process and frequency against industry peers.
Enterprise risk management is an ongoing process. Identifying and reporting your risks a single time is not sufficient to keep your organization prepared for
Learn how CBIZ can help you evaluate and manage your company’s uncertainties at www.cbiz.com/RAS
RISK ADVISORY
Our business is growing yours
potential disruptions to day-to-day operations. Constantly revisiting your enterprise risk management program to account for emerging risks or changes to the reporting structure will ensure your business is always ready to respond to threats.
For More InformationIf you have specific comments, questions or concerns about your organization’s enterprise risk management strategy, please contact a member of the CBIZ Risk & Advisory Services team.
© C
opyr
ight
201
6. C
BIZ
, Inc
. NYS
E Li
sted
: CBZ
. All
right
s re
serv
ed.
