Editor’s note: NeuGroup’s online communities provide members a forum to pose questions and give answers. Talking Shop shares valuable insights from these exchanges, anonymously. Send us your responses: [email protected].
Member question: “Do any members report specific risks or risk categories to the board? For example—technological risk, cyber, system implementation, environmental or carbon, weather risks, etc.”
Peer answer 1: “Yes, we just presented to our board this week and included the top five risks in our report. Of the five, I’d say two were specific risks and the other three were broader themes that each encompassed a few related risks.”
Peer answer 2: “We have been categorizing our risks into the following categories:
- Financial
- Legal, regulatory, compliance and ethics
- Human capital and talent management
- Business/strategic
- Operational
- Technological and new product development
- Brand/reputational”
Peer answer 3: “We update the audit and risk committee quarterly on top ERM risks (these are broad risks; physical security as an example).”
NeuGroup Insights: Nilly Essaides, NeuGroup’s managing director of Groups, Research and Insight, responds, “In this environment of persistent uncertainty, enterprise risk management has become an even greater imperative and a chief concern for CFOs and boards.
- “It is critical that treasurers and heads of internal audit (i.e., whoever owns this responsibility) keep the CFO and the board audit committee in the loop at each quarterly meeting, and present to the entire board annually. The board has the fiduciary responsibility to be informed.
- “Before approaching board members, it’s critical to settle on a top 10 (or fewer) risks, as outlined in answer 2 above. Which risks are most important may change over time and risks will vary by industry and company.”
