A couple of weeks ago, Jim DeLoach shared his views on effective [management] risk committees. I pretty much agree with what he had to say in NACD’s BoardTalk.
This, plus a question from a follower of this blog on the same topic, had me searching for the charter of the risk committee I established, with the strong support of the CEO, at Business Objects. Unfortunately, I couldn’t find it. But I can share some of the principles under which it operated.
The four members were all direct reports to the CEO and I served as staff and advisor. They included the executive vice presidents responsible for Product Development and Marketing (chair), plus the CFO and general counsel
The committee was responsible for oversight of management’s processes and policies around the management of risk. This included being evangelists for the consideration of ‘what might happen’ in all major decisions of the business.
We spent most of our time working to reach a consensus on the major risks and opportunities that might affect the company’s objectives. The members each represented a very different segment of our business operations and it took their collective insights to see the big picture.
But, the full executive committee would then consider the assessments made by the risk committee, led actively by the CEO. In fact, in some respects the executive committee wasthe risk committee.
In any event, the committee did not last very long for the simple reason that the company was acquired by SAP.
How does your risk committee function?
Why does it exist?
What value does it deliver?
How does it integrate with discussions on strategy and performance?