The Next Frontier for Boards: Oversight of Risk Culture

Submitted on 7th September 2017

Financial and securities regulators around the world are increasingly concluding that deficient board oversight of risk management processes generally, and risk culture in particular, has been a recurring root cause of major corporate governance failures. This article overviews the evolution of these new board risk oversight expectations, outlines handicaps boards face meeting these expectations, and proposes specific steps boards that want to meet the new expectations can take. Handicaps boards face of particular note include, ironically, traditional point-in-time internal audit processes and ERM programs built around an annual update of the company’s “risk register” that is seen as a compliance exercise not a way to integrate risk management in to core business processes, particularly strategic planning. An absence of tangible and practical guidance how boards should actually assess and oversee their company’s risk culture compounds the problem. Recommendations proposed by the authors focus on the significant changes many companies must make to ensure their boards are equipped with the information necessary to oversee management’s “risk appetite/tolerance” and the organization’s risk culture.

To avail of this paper, please contact the Society on  Further information on the paper is available here

EDPACS: The EDP Audit, Control, and Security Newsletter
Length of Resource
16 pages
Parveen P. Gupta, Tim Leach
Date Published
Publication Type
Resource Type