When the New Companies Act came into being the role and responsibilities of the Directors changed – dramatically. The problem of course is that still today, most Directors out there have no clue what it is that they are responsible for!
One of the things that Directors will be held responsible and accountable for is managing the risks in the Business? Here are some of the risks that will need to be assessed and then managed.
There are three distinct types of risks. These are
Let’s have a look at these in more detail.
This is usually the “threat” of negative things that could happen to a business and it is usually the most common risk that Directors understand and it usually the only one that is discussed around the boardroom table.
This is usually about an opportunity that is lost due to decisions taking too long to be made, or when an opportunity is not recognized until it is too late. It is about the possibility of “positive” things not happening or taking place.
This is when potential is not realized. For example when forecasts and budgets are not met in reality.
All of these should be used to identify the risks.
There are Five Key Functions that the Board need to agree on when assessing risks.
– The Board needs to agree on three or four critical risks that the organization is facing. Solutions to the risk and/or solutions to managing the risk need to be identified and documented and then management needs to be monitored to ensure that the risks are in fact being managed.
– The Risk Management Policy must be approved by the Board and must also be monitored by the Board.
– In order ensure that attention is always focused on the Risks, KPI’s (key performance indicators) for the CEO (Chief Executive Officer) should be established.
– The issues around risk should be discussed at all strategy meetings and certainly at all the Board meetings, so it must be included on the agenda.
– A SWOR (strengths, weaknesses, opportunities and risks) analysis should be conducted for strategic planning purposes.
Next time we will have a look at some of the specific risks that many organizations have.