In recent years, corporate failures have emerged in a wide range of industries and organizations around the world, significantly undermining shareholder confidence in their boards of directors' ability to control and mitigate risks in accordance with strategic objectives. The result is a growing awareness of the need for stringent corporate governance guidelines and financial and accounting reporting requirements—and greater responsibility and accountability on the part of board members to provide assurance to shareholders that their income and investments are protected.

The goal of effective corporate governance is to create, protect and enhance shareholder value by managing the uncertainties surrounding the achievement of an organization's objectives. Well-designed corporate governance processes focus on the organization's sustainability, performance and compliance. Corporate governance should provide direction, authority and transparency for the company's shareholders, resulting in greater understanding about internal controls, which in turn leads to improved top- and bottom-line performance.

In addition to shareholders, governments and regulators around the world have sharpened their scrutiny on corporate governance processes in efforts to stabilize earnings and reduce stock-price volatility. Well-known legislation such as Sarbanes-Oxley, Turnbull, Basel and Basel II have permanently changed the business landscape for organizations of every size, industry and location.

The Role of the Board in Risk Management and Corporate Goverance

Rising expectations from shareholders and heightened regulatory attention have led to greater demands on boards of directors to provide a systematic, accurate and effective assessment of and response to business risks. Most boards have realized that by investing wisely in a system of risk management, their organizations will be able to control risks and achieve their business objectives while also complying effectively with existing corporate governance guidelines and reporting requirements. As a result, enterprise risk management (ERM) has become an essential component of a comprehensive corporate governance initiative.

As the owner of the governance process, the board of directors cannot be directly responsible for risk management; the task must be delegated, with board members providing direction and authority by defining key risk and performance indicators. This role includes:

• Setting risk-adjusted corporate strategy and effective monitoring objectives.
• Approving the risk inventory, which includes a risk register of key risks to the organization's strategic objectives.
• Defining the organization's risk appetite, giving a high-level view on how much risk the business is capable of undertaking while focused on its strategic objectives.

Senior management's role is to implement a solid risk management practice with effective monitoring processes in place, ensuring that strategic directives cascade down through the entire organization and that monitoring information is filtered back up in an accessible but powerful form. It is also their responsibility to identify and assess any risks that may affect the organization's ability to deliver its objectives. With guidance from the board on the company's risk appetite, the management team can determine the acceptable level of variation in risk likelihood or impact, and within this framework risk response strategies and control activities can be determined.

In other words, risk management must be more than just a loss prevention compliance exercise. It should also deliver processes to identify long-term strategic threats and opportunities, and to bring them to the attention of the board. In order to establish an effective corporate governance culture, those processes must be implemented throughout the organization.

RMIS as a Bridge

An effective risk management information system (RMIS) can serve as the bridge linking corporate governance, enterprise risk management and day-to-day operations. A RMIS can monitor the risk elements in corporate governance and analyze key risk metrics, such as control effectiveness and likelihood.