Post on 20-Jan-2016
Keith Blacker Can Your Board Cope with Risk?
Keith Blacker: Can Your Board Cope with risk?
2
My Background• Executive board positions:
– Finance Director of Simplyhealth Group
– Operations Director of Carivita
• Non-executive (independent) board positions (current):
– Valley Leisure
– Protection & Investment
– AIFA
• Internal Audit, Business Development, Consultant/trainer
• Chartered Accountant, DBA - operational risk management
• Published papers
3
Agenda• The question in context
• The skill sets of a Board: five key questions
• Other issues for the board
• Risk and Board Maturity
• Is there a role for Internal Auditors?
• The signs of a failing board
Keith Blacker: Can Your Board Cope with risk?
4
The question in context
Role of the board:
“Provide entrepreneurial leadership of the company within a framework of prudent and effective controls which enables risk to be assessed and managed. In particular an ‘effective’ Board: provides direction for management; demonstrates ethical leadership; creates a performance culture that drives value creation without exposing the company to excessive risk of value destruction; is accountable, particularly to those that provide the company’s capital”
UK Financial Reporting Council
UK Corporate Governance Code (2010)
Keith Blacker: Can Your Board Cope with risk?
5
The question in contextApril 2012 - “These concerns are a ‘tempest in a teapot’”
May 2012 - “ We made a terrible, egregious mistake, there’s almost no excuse for it”
Jamie Dimon,CEO JP Morgan
…..yet another example of a rogue trader
Keith Blacker: Can Your Board Cope with risk?
6
The question in context
Does Your Board have the competencies to deal with risk?
Keith Blacker: Can Your Board Cope with risk?
7
The question in context
• Recent events in the financial markets
• Previous events - financial scandals
• Regulatory pressures - corporate governance framework
• Pressure on executive directors…….’nervous’ NEDs
• Risk management, a core competence?
• Corporate governance v corporate entrepreneurship
Keith Blacker: Can Your Board Cope with risk?
8
The result……• Boards being motivated by fear - mandatory visits to prison may
be part of the induction program!
• The “spotlight of blame” is on the board
• Extending director’s (NEDs) liabilities?
• Who wants to be a NED?
• More regulation
• Affect on relationships?
• Forensic doctors required? - scenario analysis
Keith Blacker: Can Your Board Cope with risk?
9
Five key questions: 1
Do sufficient board members have the ability to spot, and avert, a fellow
member’s unproductive or unhealthyambition?
Keith Blacker: Can Your Board Cope with risk?
10
Question 1• The greatest risk of all: the ambitions of the CEO?
• UK Examples include: Equitable Life, RBS, HBOS
• “The Board” has to act collectively
• Polite questioning versus adversarial challenge
• “Respectful uncertainty” (Lord Laming)
Skills: tenacity and inquisitiveness
Keith Blacker: Can Your Board Cope with risk?
11
Five key questions: 2
Is the risk reporting process as effective as possible?
Keith Blacker: Can Your Board Cope with risk?
12
Question 2•Influence/establish and sustain the quality of reporting
•Regular item on board agenda? - adverse economy risks
•Compliance with regulatory requirements
•Trusting the information presented?
•Systemic risks (e.g. Global Financial Crisis)?
Skills: ability to create, develop and fine-tune an effective risk reporting process, incorporating real-time
reporting
Keith Blacker: Can Your Board Cope with risk?
13
Five key questions: 3
Is the board fully conversant with all the organisation’s key functions
and activities as well as - in advance -all value impacting decisions? And are non-executive directors well informed
about the business?
Keith Blacker: Can Your Board Cope with risk?
14
Question 3
•What are the key functions and activities?
•Decisions must be “risk-based” as well as “value-based”
•All roads lead to the Accounts
•The important role of the NEDs - external perspective
•BUT NEDs must balance detail with oversight: being engaged without being engaged
Skills: tenacity, inquisitiveness and acumen
Keith Blacker: Can Your Board Cope with risk?
15
Five key questions: 4
Has an active learning process beenestablished to enable a board to
understand better what the corporate radar-screen is telling it?
Keith Blacker: Can Your Board Cope with risk?
16
Question 4
•Boards must learn to “sense” risk issues: internal/ external
•Interpreting expert knowledge: risk of going outside of your comfort zone
•Training
Skills: the ability to follow a learning curve
Keith Blacker: Can Your Board Cope with risk?
17
Five key questions: 5
Has maximum efficient delivery ofthe relevant risk information been
arranged?
Keith Blacker: Can Your Board Cope with risk?
18
Question 5
•Normal ongoing pulse-taking in a timely manner
•Information presented should draw out/relate to the board’s risk appetite and tolerances
•Board must shape what it wants
Skills: clarity, focus and leadership
Keith Blacker: Can Your Board Cope with risk?
19
Other questions for the Board (as at Sept 2012)•Must know the weakest link(s) in the chain
•How much control is enough?
•Risk management is not intended to stifle risk taking: the risk is that it will
•Boards should be ‘promoting’ best practice
•You can’t eliminate human fallibility..….even at Board level
•Risk appetite - compliance issue or decision-making tool?
•Risk awareness vis-à-vis “false alarms”
•Board dysfunctionality
•How risk mature is your organisation?
Keith Blacker: Can Your Board Cope with risk?
20
A Risk Maturity Model
•Developed by Dr David Hillson in 1999•Based on the Business Excellence Model and the Capability Maturity Model (software engineering organisations)•Draws on the principles of both•Very useful for benchmarking and providing guidance on how to improve
Keith Blacker: Can Your Board Cope with risk?
21
A Risk Maturity Model
LEVEL 1NAIVE
LEVEL 2NOVICE
LEVEL 3NORMALISED
LEVEL 4NATURAL
Keith Blacker: Can Your Board Cope with risk?
22
A Risk Maturity Model
• NaïveUnaware of the need for management of risk and has no structured approach to dealing with uncertainty. Management processes are repetitive and reactive, with little or no attempt to learn from the past or to prepare for future threats or uncertainties
Keith Blacker: Can Your Board Cope with risk?
23
A Risk Maturity Model• Novice
Experimenting with the application of risk management, usually through a small number of nominated individuals, but has no formal or structured generic processes in place. Although aware of the potential benefits of managing risk, the Novice organisation has not effectively implemented risk processes and is not gaining the full benefits
Keith Blacker: Can Your Board Cope with risk?
24
A Risk Maturity Model
• NormalisedBuilt risk management into routine business processes and implements risk management on most or all projects. Generic risk processes are formalised and widespread, and the benefits are understood at all levels of the organisation, although they may not be consistently achieved in all cases
Keith Blacker: Can Your Board Cope with risk?
25
A Risk Maturity Model• Natural
Has a risk aware culture, with a proactive approach to risk management in all aspects of the business. Risk information is actively used to improve business processes and gain competitive advantage. Risk processes are used to manage opportunities as well as potential negative impacts
Keith Blacker: Can Your Board Cope with risk?
26
A Risk Maturity Model
• Does the Board know how risk mature the organisation is? Is it where it wants to be?
• Once benchmarked, a company can develop action plans to move through the levels
• There are barriers at each level which must be overcome if the next level is to be reached
Keith Blacker: Can Your Board Cope with risk?
27
A Risk Maturity Model
• Naïve to Novice – Define scope of the implementation project to introduce
risk management in the organisation– Train appropriate staff and undertake awareness
briefings– Top management support– etc..
Keith Blacker: Can Your Board Cope with risk?
28
A Risk Maturity Model• Novice to Normalised
– In addition to previous points…..– Undertake formal risk training– Continuously assess resources allocated to manage risk– Use external experts openly– Build risk management into routine management of
projects– etc..
Keith Blacker: Can Your Board Cope with risk?
29
A Risk Maturity Model• Normalised to Natural
– In addition to previous…..– Investigate novel applications of the risk process– Identify and counter incidence of risk fatigue– Continuous refresher training on risk awareness– etc..
Keith Blacker: Can Your Board Cope with risk?
30
A Board Maturity Model
Board
Competencies
•Knowledge
•Skills
•Abilities
•Contacts
Board
Behaviours
•Personality
•Values
•Norms
•Board-managementrelations
Board
Competencies
•Policies
•Processes
•Procedures
•Committees
Board
Dynamics
BOARD INTELLECTUAL CAPITAL BOARD ROLES
Strategy
CEO selection, monitoring andevluation
Monitoring
Risk Management
Compliance
Policy framweork
Networking
Stakeholder communication
Decision-making
Effective Governance
THE BOARD ENVIRONMENT
Keith Blacker: Can Your Board Cope with risk?
Note!
Source: www.effectivegovernance.com.au
31
Is there a role for Internal Auditors?
Keith Blacker: Can Your Board Cope with risk?
• What keeps the board members awake at night?
• Is the risk reporting accurate, sufficient and timely?
• Assessing risk maturity (as part of the approach to risk based internal auditing)
• Helping the board with systemic risks?
• Training for board members?
• What are the signs that the board isn’t coping with risk?
• Is the organisation prone to things going wrong?
• How much of your risk is outsourced to a third
party and how do they deal with risk management?
32
The signs of company failure…….William Mackey
Keith Blacker: Can Your Board Cope with risk?
• Rolls Royce with personalised plates• Fish tank, fountain or altrium in the reception area• Flag pole• Chairman honoured for services to industry• Recently moved into super-modern offices• Elderly or unqualified CFO• Products are market leaders• Recently announced change of bank• Audit partner went to school with the CEO• Chairman is a politician or well known for charitable work• Recently announced a huge order in (e.g.) Afghanistan• Recently announced a technological breakthrough• Salesmen (only) rewarded with exotic holidays
3 or more…..
call in the creditors!
33
…….and finally
Keith Blacker: Can Your Board Cope with risk?
“Non-executive directors need to both support and challenge the executive, but in general they tend to be
more supportive than challenging”
Anon NED