Directors are generally aware of their fiduciary duties and know that an organization needs a comprehensive and holistic approach to risk, but there is still limited guidance available on the nature and extent of their oversight function, according to a report issued recently by The Conference Board.

“Outside of the financial sector, risk management as a coherent enterprise-wide initiative is a relatively recent topic of discussion among business leaders,” says Mark S. Bergman, co-head of the capital markets and securities group at Paul, Weiss, Rifkind, Wharton & Garrison LLP, and author of the report for The Conference Board.

The fallout from the financial crisis is creating greater demands on boards of directors and senior executives to strengthen corporate risk management practices, and this trend is no longer confined to banks and other financial institutions. The Conference Board report highlights a number of considerations for board members as they approach this increasingly important area of responsibility and assess their companies’ ability to adequately mitigate their exposure to uncertainties.

The report outlines regulatory developments as well as emerging corporate practices. In particular, it recommends greater scrutiny of the quality of information that management provides to the board, and the validity of the risk evaluation models it adopts.

The report states that a board’s responsibility is to ensure that senior management establishes risk management processes that are effective, tailored to specific types of uncertainties, and consistent with the company’s appetite for risk.

As part of its oversight function, the board should:

? Assess the quality of the information it is receiving from senior executives.
? Understand the company’s business and the risks to the company.
? Assess how management evaluates risks.
? Assess the quality of risk management procedures.
? Consider feedback from employees implementing the risk management program.