Role of board of directors in risk-management with possible suggestions



Role of board of directors in risk-management with possible suggestions


With increase of corporate scandals, role of board of directors is being emphasized as top decision-maker. Many scandals such as the Enron case, Citi bank case, and recent Volkswagen scandal has brought attention to causes of such scandals and responsibility of board of directors. There have been many questions of what the board of directors should do in order to prevent and manage corporate scandals. In this regard, board’s risk oversight role should be discussed in corporate culture, board fiduciary duties, and board composition. There are still a number of issues to be discussed and tackled, but selecting key issues and discussing possible suggestions could help develop the role of board of directors.

Ⅰ. Introduction

Recently, many companies have suffered from severe losses in corporate scandals, and it has become crucial to manage and prevent these scandals. There has been a myriad of corporate scandals including the Enron scandal, Olympus scandal, Wall Street financial crisis, and recent case of Volkswagen’s environmental fraud. With frequent occurrence of such cases, companies now face the need to assess and manage a possible future risk. The board of directors holds great responsibility in implementing efficient risk-management duties, preventing harmful events and taking responsible actions. Typical duties of board of directors include assessing company’s overall business strategy, compensating company’s senior executives, monitoring the company auditors, and most importantly, safeguarding corporate assets and interests of shareholders. With the growing importance of risk management, the board’s role of risk oversight needs to be examined. In this context, “risk oversight” represents the practices used by the Board to determine that the firm has a robust process for identifying, prioritizing, managing, and monitoring its critical risks.[1]

This paper aims to discuss the role of board of directors in risk-management and provide possible suggestions to improve highlighted problems. First, this paper would discuss the board’s risk oversight role in multiple dimensions. Among these variables, I would like to categorize the most influential ones and examine them in detail. Second, based on the issues highlighted in the first section, this paper would derive implications and offer possible suggestions for improvement.

Ⅱ. Board’s risk oversight role

  1. Tone at the top and corporate culture

“Tone at the top” refers to the ethical atmosphere that is created in the workplace by the organization’s leadership.[2] The board of directors and the CEO set the tone of the corporate culture, and that tone has a trickle-down effect on the employees of the company. The top management plays a crucial role in shaping the whole corporate culture and sending the message to all the employees. If the tone set by the board is high integrity and ethics, it is likely that employees will be more careful with ethical guidelines and compliance issues. However, if the board seems unconcerned of ethical issues and puts profits as the utmost goal of the company, employees are likely to become more risk-taking without thinking of consequences. It is important for the board to oversee the whole company and set the right tone for the company in terms of risk management.[3]

However, some problems may arise, such as the lack of risk awareness by the board of directors, and the lack of actual will to set the tone. Some argue that the Board members often lack the time, skill, and information necessary for an effective risk oversight. [4] In order to establish an ethical corporate culture, the board needs to be aware of possible risks, understand the importance of risk-management, and have strong will to enforce compliance practices.


  1. Fiduciary duties

Most company regulations and state law require fiduciary duties on board of directors to act in good faith, with reasonable care, and in the best interest of the corporation and shareholders.[5] In the US, fiduciary duties are categorized into two types of duties: the duty of care and the duty of loyalty. Regarding the duty of care, directors would need to abide by such duty when they make business decisions. For instance, directors need to be fully informed of business environment, industry situation, and other expert opinion. The duty of loyalty requires directors to put company’s interest ahead of their personal interests. The US court adds another as duty of obedience, which requires a director to avoid committing acts beyond the scope of the powers of a corporation. [6]

There have been several cases of board fiduciary failure that was blamed for corporate scandals. One of the primary examples is the Enron case. According to the US senate governmental affairs committee’s report, Enron board of directors failed to safeguard Enron shareholders and contributed to collapse of the company by allowing Enron to engage in high-risk accounting, inappropriate conflict of interest transactions, extensive undisclosed off-the-books activities, and lavish compensation of the executives. The directors were told of high risk activities by the company’s outside auditors and the board witnessed numerous signs of “red flags” over the years, but they chose to ignore them. The investigation committee harshly criticized the Enron Board for failing to recognize its fiduciary responsibility to oversee risk management and ensure safety of the company assets.[7] As demonstrated in Enron case, fiduciary failures of board of directors can become a direct reason for corporate scandals. Also, fiduciary failures can cause a lack of sincere effort to prevent, detect, and manage possible risks.


  1. Board composition

Board composition refers to a combination of executive directors and non-executive directors (commonly known as outside/independent directors) on the board to monitor the management. [8] Outside directors are generally appointed for their high qualifications, expertise, and experience in the field and may engage in decision-making process of the firm. Many scholars and financial analysts have discussed the relationship between the percentage of outside directors and firm performance. With the increasing trend of appointing outside directors on board, and many regulations specifying the number of outside directors on board, outsider directors are generally considered as better representatives of shareholder interests than inside directors are. For instance, the New York Stock Exchange NYSE) set a requirement that firms shall compose audit committees of independent directors only. The Federal Deposit Insurance Corporation (FDIC) mandated inclusion of independent directors with banking or financial expertise in new audit committee composition. [9] Regarding risk-management, outside directors can contribute to enhance the board’s role of monitoring the management, and to develop the independence of the board.

In terms of risk-management, as inclusion of outside directors could increase the board’s ability to monitor the management, the board could better prevent or manage possible risks without controlling the management. Beasley, professor at North Carolina State University, provided an empirical analysis on the relationship between the board of director composition and financial statement fraud, and found out that the percentage of outside directors is higher in no-fraud firms than that in fraud firms. This analysis was based on 150 firms, and concluded that the inclusion of outside directors can help reduce occurrence of financial frauds.

One of the board’s main responsibilities is monitoring the top management, and there have been concerns of board insiders being less objective and losing fairness in decision-making. The outside directors are likely to be more vigilant in monitoring the management’s action, to have less personal ties with the management, and therefore they can evaluate the management’s performance more objectively. Some argue that outside directors can resolve the problem of information asymmetry within the corporation. [10] As managers have a huge informational advantage due to their full-time status in management, the board of directors can easily become an instrument of the management. By including a certain percentage of outside directors on board, this information asymmetry can be alleviated. Moreover, the inclusion of outside directors can be related with the independence of the board. While internal managers should play a role in the board for their insider knowledge and information, board domination by insiders can lead to collusion. The insider-dominated board could abuse its power, or lose its effectiveness.[11] Therefore, it is deemed effective to include outside directors to arbitrate disagreements and engage in decision-making.

However, there could be some concerns over competence of outside directors, settlement of outside directors in new organization, and appointment of outside directors. Generally insiders tend to have more information regarding the organization than outsiders, and outsiders need to rely on insiders as a result. Sometimes many outside directors are part-timers and do not have any insider information of the firm. [12] Due to reputational concerns and lack of authority, outside directors are sometimes limited from making important decisions. Also, there could be a problem of outside directors adjusting into new corporate culture and new environment. Each outside director comes from different environments, and some of the outside directors may not be familiar with the decision-making process, internal corporate culture, or relationship with other board members. In order to facilitate the board’s role, adjustment and settlement process for outside directors should be accompanied. Lastly, appointment of outside directors, especially regarding relationship with the CEO, is questioned. Some studies argue that outside directors are the ‘creatures of CEO and tend to work for interests of the top management.’ [13] They claim that outside director candidates are known by CEO or other board members, and likely to result in the board being controlled by the management after all. In the WorldCom scandal, the board was composed of more than 50% of non-executive directors, but the board could not prevent the bankruptcy. [14] Although the set percentage of outside directors is deemed important in corporate risk-management, such possible concerns need to be addressed.


Ⅲ. Implications and possible suggestions

  1. Implications

This paper has discussed several issues regarding the board’s role of risk oversight. There have been issues regarding the lack of board awareness and will, board fiduciary failures; furthermore, board composition issues were examined. Among these issues, this paper has derived three implications to be discussed further. Those implications are first, lack of board effort and expertise, second independence of the board, and third lack of comprehensive risk framework.

First, there is a lack of board effort and expertise in preventing and managing corporate risks. It is important that the board recognizes its risk oversight role and allocates sufficient time and resources in risk oversight function. As discussed in cultural dimension, the lack of board will and effort to implement risk oversight role could be the biggest obstacle in effective risk-management. Moreover, the board needs to understand the mechanism of risk-management and its company’s underlying business model in order to properly respond to the risks.

Second, the independence of the board is a key issue that can be interconnected to other problems. Board independence is crucial in risk-management, as it helps the board perform its monitoring function of the management properly. The inclusion of outside directors can be understood in this context of board independence. In this sense, mechanisms to enhance board independence should be discussed, such as related issues of outside directors.

Third, there is a lack of comprehensive risk framework throughout an organization. Many companies already have specific risk strategies, but they mostly lack a comprehensive framework and culture that is communicated throughout the entire company. As discussed in the cultural dimension, the lack of “tone at the top” and corporate culture could be one of the problems of risk-management. Lack of communication between each committees or groups could be part of the problems.


  1. Possible suggestions

Regarding the derived implications, this paper provides a series of suggestions for further improvement in risk-management. First, as for the lack of board effort and expertise, situating the risk oversight function and professionalizing the board could be a solution. In terms of situating the risk oversight function, the board needs to establish separate risk committees or subcommittees to deal with different kinds of risk management issues. According to the Dodd-Frank Act, financial companies should have dedicated risk management committees. [15] As the board cannot handle all the issues related to risk-management, it is important that the board establishes an effective committee structure. Instead of delegating duties to a single committee, the board should allocate the duties to an appropriate committee and promote coordination between the committees. Moreover, it is crucial that the board fully controls the risk-management process of the company and receives periodic reporting from each risk committee for coordination. For instance, banks often have credits or finance committees, and as such, food companies may have food regulations committees regarding food safety.

Also, professionalization of the board could help the directors recognize and respond to corporate risks. Board training and tutorial programs should be designed carefully to ensure the board professionalization. For instance, for new directors, orientation and training programs regarding nature of business, industry-specific models, and corporate strategy should be provided. For existing directors, training program should be implemented on regular basis. Those programs could involve seminars on changing social and economic climates, past risks that the company faced, and inviting inside or outside experts to different issues. Those programs could be implemented on a regular basis during board meeting schedule, in order to help directors be attentive to any possible risks. Moreover, the emphasis on occupational expertise of directors could contribute to professionalization of the board as well. Direct business or industry expertise, and experience in risk-management could be considered in hiring new directors or forming working committees.

Second, for independence of the board, problems related to outside directors should be addressed. In terms of outside directors, transparency of appointment procedure, and settlement issues could be pointed out as problems. First, assuring fairness in appointing outside directors is required. Such mechanisms could involve outside counsel recommending outside directors, and increasing voting power of minority shareholders in appointing outside directors. The most important thing is to exclude intervention of CEO in outside director appointment, as there have been criticism of CEO using his or her personal ties in appointment procedures. Moreover, professional background and experience of the field should be an important criterion in appointing outside directors.

Facilitating the settlement of outside directors is another issue. Training programs and tutorials need to be implemented on outside directors as well, especially involving organizational culture and decision making process of the company. In order to promote active participation of outside directors, open information sharing from the management, especially the CEO, should be provided. The CEO should provide sufficient and important information timely to the outside directors, thus building trust between each other. [16] The culture of open discussion and acceptance of new challenges would help outside directors to be more involved. Mechanisms such as individual evaluation system and peer review could be considered to ensure this.

Third, comprehensive risk framework should be established and stabilized throughout the organization. As the first step, corporate culture that emphasizes risk management and compliance should be established and communicated throughout the company. The board should set the tone at the top based on its risk oversight role and enhanced competence. Next, it is important to include all possible risk elements and decide scope of risk management. OECD report provides a wide scope of risk management that considers all types of risk aspects. Sometimes companies focus just on single area of risk and fail to see the changing dynamics. The companies could refer to the figure below as guidance for risk-framework, and develop specific strategies tailored to their own situation.

Ensuring the flow of information between directors, committees, and senior management is fundamental. The board can play its risk oversight role properly after receiving sufficient and credible information. Possible risk exposure, current risk strategies implemented in each committee, and internal risk environment are types of information that should be communicated to the board. Appropriate mechanisms to ensure the flow of information should be adopted to build an effective risk framework. Next, monitoring and periodic review of risk-management should be established. Regular monitoring of risk oversight policies in committee and board level could enhance consistency and objectivity of risk-management framework. For more objectivity, including outside consultant could be an option in review system.


Ⅳ. Conclusion

This essay has focused specifically on the role of board of directors in risk-management, as risk management is growing in its importance due to frequent corporate scandals and diversified risk environment. As the top position in the company, the board of directors holds great responsibility in preventing and managing corporate risks. In cultural level, board risk oversight role was discussed with two variables of tone at the top, and board fiduciary duties. Also, board composition was discussed with detailed analysis regarding inclusion of outside directors.

Next, three implications were derived from two dimensions of board risk oversight role. The first problem was the lack of board effort and expertise. To solve this problem, this paper has suggested professionalization of the board and establishment of an effective risk management structure. The second problem was an interconnected issue of board independence. Mechanisms to promote fairness in an appointment procedure of outside directors and to facilitate participation of outside directors were suggested. The last problem was the lack of comprehensive risk framework. In order to tackle this, this paper suggested establishing risk-based corporate culture and extending the scope of risk management. Also, it is important to establish a stable flow of information between the board and other functions. With provided suggestions, this paper hopes to contribute to raising awareness and fostering improvement in board of director’s role in risk-management.


* This essay was submitted in Professor Eunice Kim’s class of ‘Compliance, control and ethics’ in 2015-2 semester.

[1] Effective Enterprise Risk Oversight, The Role of the Board of directors (2009), pg2, COSO(Committee of Sponsoring organizations of the Treadway Commission)

[2] Tone at the top: How management can prevent fraud in the workplace, Presentation by Association of certified fraud examiners, p1

[3] Risk Management and the Board of directors, (2011), Wachtell, Lipton, Rosen & Katz, Bank and Corporate Law Reporter, Volume 45, Number 6, p2

[4] Ingley, C  and N. Van Der Walt (2005) Do board processes influence director and board performance? Statuatory and performance implications, Corporate Performance: An International Review 13 (5): 632-653.

[5] The role of the board of directors in Enron’s Collapse (2002), Committee on governmental affairs United States

Senate, p11

[6] The Risk management duties of the board of directors (2013), Chirstoph Van Der Elst, Financial Law Institute, p 27

[7] The role of the board of directors in Enron’s Collapse, Committee on governmental affairs United States

Senate, July 8, 2002

[8] Board composition, board leadership structure, and firm performance: Bangladesh, Afzalur Rashid

Abu Dhabi University, United Arab Emirates, p7

[9] Beasly, An empirical analysis of the relationship between board of director and financial statement fraud, (1996), The Accounting Review, Vol.71, No.4, pg447

[10] Ozawa, N (2006), Corporate Governance and Investment Incentive of Japanese Firms, Unpublished Ph. D. Dissertation, University of Toronto, Canada, p104

[11] Dalton, D. R. and C. M. Daily (1999), What’s Wrong With Having Friends on the Board, Across the Board, 36 (3): 28-32.

[12] Brennan, N. (2006), Boards of Directors and Firm Performance: Is There an Expectations Gap? Corporate Governance: An International Review, 14 (6): 577-593

[13] Brickley, J. A.; J. L. Coles; R. L. Terry (1994), Outside Directors and the Adoption of Poison Pills, Journal of Financial Economics, 35 (3): 371-390

[14] Kaplan, R. S. and D. Kiron (2004), Accounting Fraud at WorldCom, in Cummings, L and B. Millanta (eds), Financial Accounting Theory and Practice, 2nd Edition, Sydney: McGraw Hill Australia Pty Ltd.

[15] Risk Management and the Board of directors, Wachtell, Lipton, Rosen & Katz, Bank and Corporate Law Reporter, Volume 45, Number 6, February 2011, p5

[16] Jeffrey A. Sonnenfeld, What makes Great boards great, September 2002, Harvard Business Review,

Posted in Spring 2016.