The Qualified Risk Directors Governance Council of the Directors and Chief Risk Officers Group (“the DCRO”) based in the US with members from “over 100 countries” has recently published Qualified Risk Director Guidelines. The guidelines outline the skills and experience Boards and shareholder groups should be looking for when appointing Board members to boost oversight of Risk Management.
The guidelines state that Risk Directors should have the majority of skills and experience they outline in these four areas:
• Risk Management Acumen
• Personal Attributes
• Business Acumen
Looking at the guidelines as a whole, the positive from this approach is that they highlight the reality that many Boards still don’t fully appreciate that there is more to Risk Management than putting in a few rules and guidelines that can be assessed by audit to confirm compliance to regulators. The guidelines send a clear message that a consummate risk professional (director) requires specific skills and expertise.
The downside is that the guidelines can be seen as self-serving of the risk profession. A push that says most Boards don’t have the skills to oversee risk and that risk professionals are the future saviours for organisations.
Unfortunately the guidelines do add a little ammunition to this latter way of thinking as many of the attributes the guidelines suggest are important for a Qualified Risk Director are, in my opinion, requisite qualities of any Board director. For example, directly from the guidelines:
Independence, integrity, honesty, and ethical conviction, with the determination to act above personal interests in the conduct of their role
Being unafraid to ask basic and necessary questions
The ability evaluate different kinds of strategic options, including financial, operational, technological, or market-based investments
The ability to see both the upside and downside of risk-taking
While I do not at all dismiss these Qualified Risk Director Guidelines as being a good resource for Boards, I do feel they should have recognised the general skills of Board directors and highlighted the less prevalent skills not always found in an experienced Board director. Those skills that come from the understanding that risk is not a compliance function, it is all about performance.