Risk Management Blog
Content for Risk
Management Professionals


December 31, 2018

Risk Management and the Board of Directors

Are Board Members Personally Responsible for the Company’s Risks?OK, so it's not criminal, but you're at risk.

Ignorance is not bliss in business. In fact, ignorance when it comes to a company’s risk exposure can actually lead to personal liability.

Most of us would assume that a company’s leaders – the CEO, the COO, the CFO – would be held responsible for their own actions in leading a company down a risky path. In the world of activist investors, Board Members can also find themselves a target.

The responsibilities for a Board of Directors can be outlined in state and federal law, stock exchange requirements and established best practices. Law established by Delaware state courts has formulated national legal standards for the responsibilities of a Board of Directors.

Courts establish criteria for risk responsibility

In a series of cases, Delaware courts have declared that Boards have a duty to monitor risk as part of their obligation to prevent harm to the corporation. In the landmark Caremark case, the court found that Directors can be liable for a failure of Board oversight where there is “sustained or systemic failure of the Board to exercise oversight – such as an utter failure to attempt to assure reasonable information and reporting system exists.”Court Decision

In 2006, they went on further in Stone v. Ritter, writing that Board Directors breach their duty to monitor when they either “utterly fail to implement any reporting or information system or controls” or if “having implemented such systems or controls, consciously fail to monitor or oversee its operations, thus disabling themselves from being informed of risks or problems requiring their attention.”

Recommendations for Risk Management

In its 2012 update on Risk Management and the Board of Directors,” the Harvard Law School Forum on Corporate Governance and Financial Regulation reviewed these important cases and provided guidance. The update described the actions of an effective risk management system:

  1. Identify material risks that the company faces in a timely manner
  2. Implement appropriate risk management strategies that are responsive to the company
  3. Integrate consideration of risk and risk management into business decision-making
  4. Transmit necessary information to senior executives and the Board

They also advise that any risk management solution should be tailored to the company it is serving. When it comes to choosing the tools to assist your company in risk management, it’s important to select a solution that is flexible, agile and highly configurable.

Contact Us

If you're interested in an Governance, Risk and Compliance (GRC) and Enterprise Risk Management (ERM) solution, contact our team to get a demo of Procipient. See how monitors and controls can protect you and your company.