Resources

ro_resources

Risk Oversight Resources for Boards

At Risk Oversight Inc, our professionals are global experts in understanding developments in the board risk oversight field—and can provide the innovative, cost-effective solutions and training to help elevate high retained risk positions and emerging risk to senior management and boards.

Below are just a few of the important resources we draw on that board members and risk specialists should be aware of:

Source
Description
Link
↑ Back to the top
National Association of Corporate Directors (NACD)
  • NACD was founded in 1977 and its mission is to advance exemplary board leadership—for directors, by directors.

  • NACD offers two reports.

  • The more recent one published in 2009, “Report of the NACD Blue Ribbon Commission on Risk Governance: Balancing Risk and Reward,” is an excellent source of information. It offers questions and guidance of directors, and their overall Ten Principles to guide directors in their efforts to provide effective risk oversight.

  • The other, published in 2006, “Risk Oversight: Board Lessons for Turbulent Times” is the predecessor document.

  • Both can be purchased at member and non-member prices.

Visit Site
Corporate Board Member
  • Corporate Board Member, published quarterly, is the leading information resource for senior officers and directors of publicly-traded corporations, large private companies, and Global 1000 firms.

  • Provides readers with decision-making tools to deal with the strategic and corporate governance challenges confronting their boards.

  • Recent events offered include a one-day event on Risk Oversight. Also, their 2010 Supplement, titled “Boardroom Liabilities: Shining a Spotlight on Risk,” includes important questions for directors to consider.

Visit Site
View Boardroom Liabilities Shining a Spotlight on Risk article
Canadian Institute of Corporate Directors (ICD)
  • The Institute of Corporate Directors (ICD) is a not-for-profit, member-based association representing Canadian directors and boards across the for-profit, not-for-profit, and government sectors.

  • They offer events and directors education programs, such as the ICD.D certification, and more.

Visit Site
Compliance Week
  • A leading information source on governance, risk and compliance offering insightful and up-to-the-minute articles and information.

  • Offer a very well attended annual conference featuring leading directors and leading GRC experts.

  • Includes articles on risk oversight, such as a recent one entitled, “Directors Still Failing to Bring Risk Oversight Up to Par,” (February 1, 2011).

  • Editor, Matt Kelly, offers insights and guidance through twitter. This twitter feed, and Risk Oversight’s twitter page, is well worth signing up for.

Visit Compliance Week

Twitter
International Corporate Governance Network (ICGN)
  • ICGN is a not-for-profit body.

  • It has evolved into a global membership organization of over 500 leaders in corporate governance in 50 countries, with institutional investors representing assets under management of around US$12 trillion.

  • The ICGN’s mission is to raise standards of corporate governance worldwide.

  • Best practice guidance includes “Corporate Risk Oversight Guidelines,” an excellent document describing risk oversight guidance for the board and company, including disclosure.

  • Note: you can download an extract of this report but must be a member or contact ICGN to obtain a full copy of the guidelines.

Visit Site
COSO
  • COSO recently released guidance and surveys relating to the current state of board risk oversight.

  • The survey, “Board Risk Oversight. A Progress Report: Where Boards of Directors Currently Stand in Executing their Risk Oversight Responsibilities,” sought input directly from over 200 corporate directors to obtain deeper knowledge of the current state and desired future state of the risk oversight process.

  • They also offer another survey, COSO’s 2010 “Report on ERM: Current State of Enterprise Risk Oversight and Market Perceptions of COSO’s ERM Framework.”

  • Another document released in 2009, “Effective Enterprise Risk Oversight: The Role of the Board of Directors,” is a brief document on the role of directors in risk oversight.

  • More guidance is expected from COSO as they ramp-up efforts to support boards.

Visit Site
Canadian Institute of Chartered Accountants (CICA), Risk Oversight and GovernanceThe CICA offers research and guidance for boards of directors and senior managers on risk oversight and governance.

  • Formerly known as the Risk Management and Governance Board, the name has recently been changed to better reflect the nature of their directors’ oversight role.

  • Guidance includes the 20 Questions Series, which offers directors information relating to risk, strategy, internal audit, crisis management, codes of conduct and more.

Visit Site
Conference Board of Canada
  • The Conference Board of Canada is a not-for-profit applied research organization in Canada.

  • Offer publications such as the 2011 “Risk Oversight Practices: Two Success Stories”; the September 2010 Review, “Risk Watch: Thought Leadership in Risk and Governance.

  • Offer forums and conferences on risk management topics.

Visit Site
Senior Supervisors Group
Risk Management Lessons from the Global Banking Crisis of 2008 (October 2009)
  • Regulators in the world’s biggest financial powers got together to identify the root causes of the global financial crisis.

  • They identified weak board oversight of risk as a key element of ‘what went wrong?’

  • Their report proposes steps that companies and countries should take to prevent another global meltdown.

Visit Site
Improving Board Risk Oversight: Eight Simple Steps Show You How
Mark Beasley, PhD (February 3, 2011)		A great article that describes the board's responsibility to understand management’s risk management processes and approve the process (as well as understanding the most significant risks the organization faces) and determine what risk responses have been taken to align to stakeholder appetite. Visit Site
U.S. Securities and Exchange Commission (SEC)
Speech by Carlo V. di Florio, Director, Office of Compliance Inspections and Examinations
CCOutreach National Seminar (February 8, 2011)		This speech includes information on risk management and the role of the board and senior management with regards to:

  • potential expectations from the SEC in understanding how risk management is embedded in key business processes and decision-making;

  • risk appetite and tolerances set by the board and senior management;

  • structure, resources and internal audit processes, and how the board of directors is staffed and structured to ensure it can effectively set risk parameters;

  • fostering an effective risk management culture;

  • overseeing risk-based compensation systems and effectively overseeing the risk profile of the firm.

Visit Site

Risk Oversight Resources for Audit and Risk Specialists

At Risk Oversight Inc, our professionals are global experts  in risk management, control, compliance and internal audit—and can provide the innovative, cost-effective solutions and training to help  companies find a better response to new expectations.

Below are just a few of the important resources worth noting:

RO RISK, CONTROL, COMPLIANCE & INTERNAL AUDIT RESOURCES

Source
Description
Link
↑ Back to the top
ISO 31000
Best Global Risk Management Guidance
  • ISO has published a guide (31000) that has risk management terminology definitions

  • The intent of this document is to encourage standard-setters in countries around the world to use standardized terms in regulatory guidance related to risk.

Visit Site
Australia/New Zealand Risk Management

Best Short Risk Management Guidance
  • Australia/New Zealand played a key role bringing structure to the risk management discipline with the release of risk management standard 4360 in the 1980s.

  • Every risk professional should have a copy of this short and powerful risk management standard in their library.

Visit Site
U.S. COSO Enterprise Risk Management (ERM) Guidance
  • COSO, the committee that was responsible for the 1992 COSO Integrated Framework, which formed the foundation for this framework, issued guidance on ERM in 2004.

  • The guidance was authored by specialists from a Big 4 public accounting firm, with input from the committee members of the five accounting-centric organizations that comprise COSO.

  • As ERM guidance, it has been criticised by risk specialists for: its length; the absence of a process to update and improve it; the distortion created by its foundation on the out-dated 1992 control framework; its lack of appeal to senior executives; and other technical deficiencies.

  • In spite of its deficiencies, it is heavily promoted and referenced by the IIA, AICPA, IMA and academics, and is listed as a “must read/have” for any risk practitioner.

Visit Site
Open Compliance and Ethics Group (OCEG)
  • The Open Compliance and Ethics Group (OCEG) is a relatively new but highly influential resource in the GRC space.

  • OCEG has produced an excellent resource in the form of the OCEG GRC Capability Model.(“the Red Book”)

  • This framework, in our opinion, is in many respects technically superior to the COSO ERM framework.

  • The OCEG framework, currently in Version 2, has already undergone one full round of improvements, and future enhancement based on input from users and OCEG members is expected.

  • Access to the full GRC Capability Model is restricted to full OCEG members however membership is relatively inexpensive – money well spent for those interested in corporate governance.

Visit Site
Risk and Insurance Management Society (RIMS)
  • RIMS stands for the Risk and Insurance Management Society.
  • The roots and primary focus of this organization has been on insurable risks; however, there has also been some coverage of the evolution of the ERM movement.

  • All GRC practitioners should be knowledgeable about the opportunities to share/transfer risk via insurance.

  • RIMS provides a resource to learn and track developments in the insurance area with some very good ERM commentary.

  • It’s our experience that many internal auditors and ERM practitioners are not knowledgeable enough, and don’t take adequate steps to learn and consider the impact of insurance coverage and self-insurance options on their findings and recommendations. Joining RIMS is a good way to “skill-up” in this area.

Visit Site
Risk Management Association (RMA)
  • For GRC practitioners in the financial services sector.

  • Provides coverage of relevant developments in the credit, market and operational risk arenas.

  • Although RMA coverage tends to be U.S. centric, many of the articles are relevant to financial sector entities anywhere in the world.

Visit Site
Global Risk Regulator
  • For those from the EU or that work for international financial institutions, an excellent resource that tracks global developments in the risk and compliance field is a monthly newsletter out of the UK called Global Risk Regulator.

  • A subscription is required for this resource.

Visit Site
Corporate Integrity
  • Michael Rasmussen has tracked and influenced the evolution of the GRC movement with an emphasis on the emergence of GRC related software offerings since the term GRC was first coined. (NOTE: There is contention about who first used the term ‘GRC.’)

  • His corporate website is a valuable resource that tracks many of the most notable GRC related developments.

Visit Site
Institute of Internal Auditors (IIA)

-Assessing the Adequacy of Risk Management
  • Resource for internal auditors, or any other assurance group for information on various topics.

  • Includes information such as a “Practice Guide on Assessing the Adequacy of Risk Management,” based on ISO’s 31000 guidance.

Visit Site
Enterprise Risk Management (ERM) Initiative

-North Carolina State University Poole College of Management
  • The mission of this group is to be a national and international thought leader in enterprise risk management (ERM) and in the implementation of ERM in strategy development and corporate governance.

  • They have partnered with COSO to release numerous documents on ERM and risk oversight.

Visit Site
FCPA Blog:
Anti-Corruption
  • An up-to-date blog, which is very informative on developments in the anti-corruption world

  • Tracks developments and enforcement on the Foreign Corrupt Practices Act (FCPA), as well as other developments around the world, such as the UK Bribery Bill.

Visit Site