Deloitte has released the results of an interesting review of proxy disclosures relating to risk management. Their report is called Risk Intelligent Proxy Disclosures: Transparency Into Board-level Oversight.
They used a list of 20 questions in the survey. We can argue whether the questions were the right ones or not, and whether they provided the best information. But, some of the results were interesting.
The vast majority disclosed that the full board is responsible for the oversight of risk management.
More than half have tasked the audit committee with oversight of risk management, and very few (4%) have a separate risk committee.
Only 12 percent have a chief risk officer.
Only just over half say the compensation committee is responsible for overseeing risk in compensation plans.
80 percent of the time, the individual responsible for risk management reports directly to the board. Unfortunately, we don't have details on what this means — the incidence of a CRO is low and the role of the CEO in managing risk is only disclosed 22 percent of the time.
Many questions are left unanswered, such as whether the board is involved in approving risk appetite. The study reports that only 11 percent of organizations (16 percent of financial services companies) disclose this — but doesn't say what they disclose. We are left wondering whether the board approves risk appetite or not.
Are you surprised by the results of the report? Deloitte has some suggestions at the end for board to improve both practices and disclosures.
I commend Deloitte for their continuing work on risk intelligence and am looking forward to more.