Risk Leadership: Should a board have a sub-committee overseeing risk?

Back in 2009 I wrote in my Blog about whether boards should have separate audit and risk sub-committees.  I argued the larger organisations should.

In 2012 I wrote in my Blog arguing that boards should not have sub-committees overseeing risk.  I said that they should have one assurance committee ensuring that what is presented to the board, whether they be financials or risk profiles, are valid and appropriately reflect the state of affairs of the business. BUT I go on to say that the board needs to be fully accountable for risk.  Meaning every director needs to be across the implications of the organisation’s risk profile and how the organisation is responding.

Recently I came across some research from Wharton University professor Christopher Ittner where he asks if the level of board engagement on risk makes a significant difference to organisational performance.  This is his high level summary of his answer:

“It turns out it matters a lot. You’d better have the entire board responsible instead of delegating this to an audit or a risk committee. And something really interesting was, even if you have a separate risk committee, it seemed to have zero impact overall in terms of what the company does in terms of risk management practices and performance. So there is an instance where it does look like it may be window dressing. Boards are putting this in, they’re setting up separate risk committees to look like “We’re paying a lot of attention to enterprise risk management,” but in truth, it really does not look like it makes all that much difference if you do that as opposed to using existing board structures.”

So, is your organisation window dressing or is it taking risk seriously at board level (whether or not there is a risk committee or an audit and risk committee or simply an assurance committee)?  If your organisation is not taking risk seriously, it is missing out on a real opportunity.