• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
pexels-polina-kovaleva-5717479.jpg

Ten ways corporate boards need to approach risk in 2021

January 13, 2021

As the pandemic crisis and lingering economic and political volatility increasingly threaten businesses and recovery globally, WomenCorporatDirectors Foundation (WCD) is seeing many companies consider establishing a stand-alone board risk committee. 

This is just one way the best-prepared boards are arming themselves in the current climate and as they look ahead toward 2021, says Susan C. Keating, CEO of WCD.  “2020 has forced companies to look at risk in a completely new way,” Keating says. “2021 will be a time for boards to really integrate risk and strategy on a long-term basis.” 

“While risk oversight is the role of the full board, many companies are now opting to form dedicated committees to drill down on new risks and make recommendations to the full board on ways to approach a mitigation strategy.  Risk has become an integral part of strategy development, as companies have seen what happens when threats come to light.”

In two recent WCD webinars, Catherine Allen (founder and chairman of The Sante Fe Group and a WCD member) led the panel discussions on board risk committees and best practices in approaching risk.  Panelists included Chris Burt (co-founder of the Risk Coalition), Jackie Daylor (KPMG audit partner) and Agnes Bundy Scanlan (president of the Cambridge Group LLC and board member at various organisations).  They discussed ten ways corporate boards need to approach risk in 2021:

  1. Create a Risk committee separate from the board Audit committee. “While expert with financials and investments, audit committee members often do not have the deep operational expertise required to evaluate risk in a broader sense” said Catherine Allen.  “A risk committee needs members with experience in areas such as cybersecurity, IT, compliance, third-party risk management, privacy, and reputational risk.”  With this knowledge and expertise, the risk committee can understand the significance of risk profiles for each business and establish metrics.

  2. Don’t spend too much time on risks you already know.  Boards tend to focus too much on known risks that already have mitigations in place.  “The real value is focusing on new and emerging risks where you may need to develop a solution or process to reduce or control a potential threat” said Chris Burt.  “An important quality to look for in a board risk committee member or a Chief Risk Officer is imagination.”

  3. Keep an eye on what can go very wrong, very quickly.  The liquidity crisis stemming from the Covid-19 shutdown put many companies in a dangerous financial position virtually overnight.  Many of these businesses had seen a liquidity crunch just twelve years earlier during the 2008 financial crisis.  These kinds of existential threats are where Risk committees must not get complacent, said Chris Burt.  “Pay attention to risks that are currently under control but have the potential to go very wrong, very quickly, when cascading consequences emerge from new risks.” 

  4. Reputational risk can stem from multiple other risks.  “A risk committee often has to handle reputational repercussions that happen as a result of other matters under their oversight going awry” said Agnes Bundy Scanlan. “Everything from regulatory issues, to an ESG failure, to a customer data breach can carry significant reputational consequences, which require a level of risk management beyond the initial incident.” 

  5. Risk management doesn’t mean being afraid to pull the trigger.  There can be a tendency when making strategic decisions, especially with certain boards in financial services, to keep asking for more and more data and not move forward. “Don’t paralyse the organisation by always asking for more data and refusing to act” said Chris Burt. “At some point, you have to make a decision.”

  6. Leverage a strong risk culture.  “The institutions that have come into the events of 2020 – the pandemic, the economic collapse, the social unrest – with a strong culture are managing better,” said Agnes Bundy Scanlan. “Organisations that have addressed risk in the past, in a strategic way, have been able to tap into this culture and adapt.  These companies are better at working remotely – they aren’t as disrupted by these kinds of changes that drag down the performance of those who can’t adapt.

  7. Make sure performance isn’t being driven by bad culture.  “What are the cultural elements – the tone at the top, the incentives, the pressures – that could create risk in an organisation?” asked Jackie Daylor.  “It’s important to look at the behaviours that are driving results and the culture that’s developing around the bottom line.”

  8. Don’t devote all attention to today’s headline crisis.  “Risk committees tend to focus on the current threat in the news, whether it’s a cyberattack or Covid,” said Chris Burt.  “They always need to look at the risks as a whole – the ongoing threats that are always there – and not ignore any of them.”

  9. Keep strategic objectives top of mind.  “Risk management isn’t just about preventing bad things from happening, it’s also about analysing opportunities to help good things happen,” said Chris Burt.  Risk committees should be involved closely in strategic decisions, and he even predicted that one day these committees will be renamed “Strategy and Risk” committees.

  10. Plan for risk management and review the strategy frequently.  “Strategy and risk are intertwined” said Jackie Daylor.  “It’s essential to have a strategic approach to risk management. Companies need organisational resilience to withstand black swan events, such as the current pandemic, so that their people and processes are prepared to respond in the right way.”

“Diversity plays a huge part in reducing management’s blind spots when it comes to risk,” says Jackie Daylor.  “A diversity of experience and social diversity help with problem solving, whether it’s Covid-related health and safety concerns, managing remote workforces or the acceleration of digital transformation that comes along with a remote workforce. 

The value of diversity is especially critical as risks grow in complexity, argues Susan Keating. “On your risk committee and for your board as a whole” she says. “You want to make sure the diversity of the team is broad enough to address the wide spectrum of risks that are multiplying quickly each day.”

The WomenCorporateDirectors Education and Development Foundation, Inc (WCD) is the only global membership organisation and community of women corporate directors. WCD members serve on numerous boards of large private and family-run companies globally. 

Tags: WCD
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson