Figure showing the two distinctive approaches to risk management at the leadership level.

A spectrum of practices

Board-level conversations and practices in relation to strategy and risk management take place along a spectrum, with many boards being nearer to one end of the spectrum or the other.

The extremes of the spectrum can be characterised as:

• The Principled approach, where discussions about risk are more likely to focus on the exploitation
of upsides and opportunities, and connect strategy and risk in an implicit and unstructured way, but potentially leading to inconsistent risk management decisions
• The Prescriptive approach, where risk-management activities are much more formalised and consistent, but a high degree of focus on internal control may mean that strategic opportunities are missed.

Board diversity drives “risk intelligence”

Diversity (in its broadest sense) enables the board to understand the “risk-reward equation” better. This diversity can be summarised as Risk Intelligence, Skills, Knowledge, Experience, Education, and Training (RI-SKeet). The enrichment and enhancement of strategic decision making brought about through RI-SKeet ensures a balanced collective board intelligence that is, allowing it to explore fully the dynamics of the risk–reward equation.

Reducing barriers

The process of making risk more visible to the board is fraught with difficulties as there are multiple barriers that inhibit this from occurring.

These barriers fall within two categories; “cognitive impediments”, which reduce a board‘s ability to make risk-sensitive strategic decisions, and “social obstructions”, which suppress risk-relevant dialogue in the boardroom.

Risk Intelligence, Skills, Knowledge, Experience, Education, and Training (RI-SKeet).

 Questions for reflection

Organisations and their boards may wish to reflect on the following questions, which may help
benchmark their board-level risk-management activities.

 1. How often does your board review and enhance its risk-management activities?
2. Does your board consider, from the outset, the risk implications of different strategic options, ie as a key component of strategy creation? How are these options and their associated risks presented to the board?
3. Where is your board on the principled–prescriptive spectrum? What are the strengths and weaknesses associated with your board’s position and do you need to consider becoming either more principled
or more prescriptive?
4. How do you review the diversity of risk intelligence, skills, knowledge, experience, education and training (RI-SKeet) across the board? How do you address any gaps in RI-SKeet?
5. How often do you consider the composition of the board, and its RI-Skeet? Do you review composition and RI-SKeet when changes, or proposed changes, to the strategic direction of the organisation are
being considered?
6. Do you create a safe-zone atmosphere for the discussion of risk-management issues? Are board members encouraged to challenge the status quo?
7. Are board members, and NEDs in particular, encouraged to get out into the organisation and to understand its people and culture?
8. Do NEDs act as critical friends to the executive and wider senior management team – helping them to exploit opportunities and avoid losses?
9. How much time do you devote to risk management at board meetings? Are opportunities to discuss risk management provided outside formal board meetings?
10. How effective are the board’s subcommittees in enabling the board to focus on strategic risk-management issues?

Full report available at http://www.accaglobal.com/gb/en/professional-insights/risk.html.