The importance of risk management in organizations has increased over the past few years, as companies are subject to more regulations, including mandatory SEC disclosures, cyberrisk disclosures and reviews of ERM practices by rating agencies. But communication about risk still seems to be lacking between directors and executives, according to the Oliver Wyman report "Risk Communication: Aligning the Board and C-Suite."
Public company executives said that 30% of their time is spent on risk issues, but their biggest challenge is an unclear understanding of the "goals of risk management process and structure," the study found. This was listed as the sixth of seven concerns by directors. However, directors and executives were closely aligned on "director/management overload and competing priorities," which was ranked second by managers and first by directors.
The study established four essentials for effective communications between directors and executives: defined risk governance roles, a shared view of risk, a concise risk appetite statement and focused risk reporting and dialogue. Organizations that have made efforts to implement ERM but are still having trouble communicating risks "may need to revisit some or all of these components to close the gap."