IT Risk Tops List of Concerns for Board Members

A recent survey of Public Company Audit Committee Board Members about risk highlights the desire to focus more heavily on Information Technology ("IT") related risks. This is not surprising given that technological innovation continues at a rapid pace while it is also increasingly impacting every key facet of business today. The survey, conducted by the National Association of Corporate Directors and sponsored by KPMG, uncovered the following common board-level views about IT and other risk areas.

• They are not satisfied that their oversight of various IT risks is effective, or that the company's strategic planning process deals effectively with the pace of technology change and innovation.
• The one person they would most like to hear from more frequently is the CIO.
• They want to spend more time with the CRO and mid-level management/business-unit leaders; and few are satisfied that they hear dissenting views about the company's risks and control environment, or rate their company's crisis response plan as "robust and ready to go."
• The audit committee is devoting significant agenda time to legal/regulatory compliance risk, with the Foreign Corrupt Practices Act (FCPA), UK Bribery Act, and impact of the SEC's whistleblower "bounty" program of particular concern.

An integrated, enterprise-wide risk program is the key to addressing these items in a holistic and practical way.  If your company has not implemented such a program, meeting the demands of the board will be challenging.

A Call to Action for Risk Managers

Risk managers are waking up to the fact that as the world continues to change, they must also change. Upgrades to skill sets as well as the overall approach to risk management is essential for these professionals to provide the value that companies are demanding in the tumultuous global economic environment. Just this week, at the Federation of European Risk Management Associations annual conference in Sweden, a call to action is being made to risk managers around the world.  Here's a sample of the views expressed during the conference as reported by Business Insurance magazine.

During a news conference at FERMA's forum in Stockholm, FERMA executives said risk managers cannot isolate themselves from the financial turmoil in many parts of the world or the rapid changes in many industries because of technology. “You cannot put your head in the sand; you have to understand and live with it,” said Julia Graham, chief risk officer for London-based law firm DLA Piper U.K. L.L.P. and VP of FERMA.

Ms. Graham said the skills that risk managers need have changed in the past five years. Now, she said, risk managers need to look forward more than backward, have greater financial literacy to understand and talk the language that company boards use, and improve their management skills, among other things.

The purely quantitative, historical view of risk is no longer adequate in today's complex global marketplace.  Strong business acumen is required for risk managers to provide a better view of potential risks and opportunities facing companies today.