Risk Committee Blueprint: Guidance for Board Risk Oversight

Over the past couple of years, challenges to most organizations’ risk management have come from many directions and diverse forms. As organizations evaluate where they stand among such challenges, responding with concerted actions will be necessary to remain resilient and agile to short-term and long-term shifts.

As a result, the demands and scrutiny on risk oversight and governance effectiveness are increasing across three dimensions:

  • The types of risks that boards must oversee continue to grow in their scope and severity. Those related to environmental impacts and artificial intelligence (AI) are just a few that boards should monitor due to their notability and outsized impact.
  • Boards must have a greater understanding of how their organizations are responding to and managing individual risks, risk aggregation, risk concentration, and complex interconnections.
  • Oversight perimeters are expanding to include risks inherited from the enterprise network—for example, cyber risks within critical third parties or ESG performance within supply chains.

Against this backdrop, IJAPP and the National Association of Corporate Directors (NACD) have partnered together on the Board Risk Oversight Blueprint which provides guidance for boards – whether the board has a dedicated risk committee or if risk oversight is allocated across committees.

Directors can use this Blueprint to assess if their board and its committees have the mandate, members, information, and agenda that allow them to execute on expanding risk oversight responsibilities. Executive teams can leverage the recommendations in this report to better support overall risk governance and engagement with the board on this topic.

The report recommendations were guided by extensive research and a working group of eight NACD members with board roles across diverse organizations, public and private companies and non-profits with a variety of risk oversight approaches. In addition, the report includes insights from IJAPP and research from the NACD and elsewhere.

Risk Committee Blueprint: Guidance for Board Risk Oversight