Why good boards fail: part 5

Principle 5: Risk management

Germany’s automobile sector accounted for 14 per cent of the country’s GDP in 2015 and Volkswagen, the largest vehicle manufacturer in the world, accounted for one in four cars sold in Europe.

The company had deliberately been making its cars appear less polluting than they actually were (40 times more polluting than permitted) and in September 2015, US authorities went public with the revelation that Volkswagen had been deliberately cheating in car emission tests. With 11 million vehicles affected, fines and potential law suits, shareholders have seen some $30bn wiped off the company’s value.

According to a BBC article, dated September 29, 2015, Volkswagen board member Olaf Lies said: “We only found out about the problems in the last board meeting, shortly before the media did.”

Unfortunately, just like ignorance of the rule of law excuses none from compliance, ignorance of corporate risks does not excuse boards. Boards are the ultimate owners of the risks their organisations take to generate a return on investment for their shareholders.

I spent 10 years working for PwC in their global risk management practice, working with both global and Middle Eastern boards. Risk management was a relatively new concept that boards typically knew little about. Chief risk officers were and often continue to be ‘subject matter experts’ (SMEs) who find it difficult to synthesise complex risk management data into a form that is comprehensible by the board. Few board members, other than banking board members, understand loss given defaults, probability of defaults, value at risk or risk models.

The board should request a regularly updated risk inventory, ranked by priority (impact and probability combination), and focused on the top 20 risks facing the organisation, along with recommended risk controls either in place or currently being implemented. One board I worked with insisted on an independent audit of the corporate risk identification process so as to obtain comfort that the risks being shared by the executives with the board were all the risks the organisation was facing.

As my work with this board evolved along with the board’s risk management know-how and understanding, we culminated the exercise by defining the board’s annual evolving risk appetite in a visual chart. This allowed the executive to measure major corporate risks against the board’s risk appetite and take the appropriate corrective/preventative action. As a board member, there is no excuse for not knowing that your organisation is taking a particular risk.

Jan Bladen is managing partner of Governance Creed