BoardMember.com has published an interview with John B. Morse Jr, who chairs the audit committee for Host Hotels and Resorts.
In addition to talking about risk culture and what his company does about it, he talks about the importance of risk management to the audit committee.
It’s important to understand that risk is not a once-a-year topic — it’s continual. At every board meeting you’re talking about risk. Audit committees are charged first with overseeing risk related to financial statements. But there’s been some scope creep — a constant evaluation and assessment [of many other areas]. Second, today there is more effort to understand strategy and risk ahead of making an investment or doing an acquisition. It’s not that you’re going to catch everything, but you’re making sure you’ve addressed risk ahead of time, to the extent you can. Third, there is also more involvement now both in internal audit and external audit. Fourth, [audit committees are] overseeing an expansion of compliance programs. So I think that planning ahead, making sure you understand the strategies and the risk before you go into [new strategic areas], making sure you have a constant evaluation of risk and follow-up, getting the right people — both internal and external auditors — involved, and then having a good compliance partner makes a good combination of best practices.
Is this consistent with practices at your company? Is risk a continual part of audit committee discussions?