ARCHIVED CONTENT
You are viewing ARCHIVED CONTENT released online between 1 April 2010 and 24 August 2018 or content that has been selectively archived and is no longer active. Content in this archive is NOT UPDATED, and links may not function.By Matteo Tonello
Over the past 15 years expectations for board oversight have skyrocketed. In 2002 the Sarbanes-Oxley Act put the spotlight on board oversight of financial reporting. The 2008 global financial crisis focused regulatory attention on the need to improve board oversight of management’s risk appetite and tolerance. Most recently, in the wake of a number of high-profile personal data breaches, questions are being asked about board oversight of cyber-security, the newest risk threatening companies’ long term success. This post provides a primer on the next frontier for boards: oversight of “risk culture.”
Weak “risk culture” has been diagnosed as the root cause of many large and, in the words of the Securities and Exchange Commission Chair Mary Jo White, “egregious” corporate governance failures. Deficient risk and control management processes, IT security, and unreliable financial reporting are increasingly seen as mere symptoms of a “bad” or “deficient” risk culture. The new challenge that corporate directors face is how to diagnose and oversee the company’s risk culture and what actions to take if it is found to be deficient.
Read the complete article at: The Next Frontier for Boards, Oversight of Risk Culture