Oversight of a company’s enterprise risks has recently evolved into one of the board’s most critical fiduciary duties and responsibilities. Since enterprise risks do not remain static and are often interrelated and complex, it is imperative that boards maintain continuous risk oversight. Risks relating to cybersecurity, regulations and corporate reputation, for example, now, more than ever, necessitate effective board oversight. A 2015 study revealed that nearly 60% of surveyed companies believe they are facing a greater volume and complexity of risks than they were five years ago and less than half have boards that “extensively” or “mostly” include top risk exposures when discussing the company’s strategic plan. In response to this evolving and complex risk environment, corporate boards are increasingly considering whether it is in the best interests of the board, the company and its shareholders to establish a separate risk committee.
This corporate governance update (1) provides general information concerning a board’s fiduciary duty to provide risk oversight, (2) summarizes the current risk oversight policies and positions of several large asset managers and pension funds, a leading proxy advisory firm and certain corporate governance advocates, to provide insight into the expectations of these parties with respect to board risk oversight duties and responsibilities and (3) presents practical considerations for boards to help facilitate discussion on whether they should establish a separate risk committee.
This Corporate Governance Quarterly Update was republished by Law360 on April 1, 2016. Click here to read the Law360 article.