Corporate boards increasingly are considering whether it is in the best interests of the board, the company and its shareholders to establish a separate risk committee. Investors, proxy advisory firms and other corporate governance advocates also have developed expectations with respect to board risk oversight responsibilities.
Oversight of a company’s enterprise risks recently has evolved into one of the board’s most critical fiduciary duties and responsibilities. Since enterprise risks do not remain static and are often interrelated and complex, it is imperative that boards maintain continuous risk oversight. Risks relating to cybersecurity, regulations and corporate reputation, for example, now, more than ever, necessitate effective board oversight. A 2016 study revealed that nearly 60 percent of surveyed companies believe they are facing a greater volume and complexity of risks than they were five years ago and less than half have boards that “extensively” or “mostly” include top risk exposures when discussing the company’s strategic plan. In response to this evolving and complex risk environment, corporate boards increasingly are considering whether it is in the best interests of the board, the company and its shareholders to establish a separate risk committee.
This article was published by Insights: The Corporate & Securities Law Advisor in its September 2016 issue and a full PDF of the article is republished with permission. This article is an updated version of a Corporate Governance Quarterly Update originally published in March 2016.