Boards Take the Lead with ERM

Enterprise risk management is a governance tool.

March 21, 2014
KEYWORDS directors , ERM , governance , risk
/ PRINT / ShareShare / Text Size +

Gain an understanding of board responsibility, risk liability, and effective risk governance during the CUNA Enterprise Risk Management Institute for Directors and Executives, April 27-30 in Miami.

In 2009, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission released its report on effective risk oversight and the board’s role.

Reflecting on the 2008 financial crisis, the group stated, “Boards are being asked, and many boards are asking themselves: Could they have done a better job overseeing the management of their organization’s risk exposures, and could improved board oversight have prevented or minimized the impact of the financial crisis on their organizations?”

Credit unions have talked around the issue of governance and the necessity of change for many years, but talk is cheap and effective action takes time.

A Case for ERM

“The role of the board of directors in enterprise-wide risk oversight has expanded as expectations for board engagement are at all-time highs. Risk is a pervasive part of everyday business and organizational strategy.

But the complexity of business transactions, technology advances, globalization, speed of product cycles, and the overall pace of change have increased the volume and complexities of risks facing organizations over the last decade.

With the benefit of hindsight, the global financial crisis and swooning economy of 2008—and the aftermath thereof—have shown us that boards have a difficult task in overseeing the management of increasingly complex and interconnected risks that could devastate organizations overnight.

At the same time, scrutiny of boards’ and other market participants’ role in the crisis has increased. Boards are being asked, and many are asking themselves: Could they have done a better job overseeing the management of their organization’s risk exposures, and could improved board oversight have prevented or minimized the impact of the financial crisis on their organization?

Excerpt from Effective Enterprise Risk Oversight: The Role of the Board of Directors, COSO 2009

Increasingly, many credit unions and board members ask more stringent questions about the role and responsibilities of the board and directors’ requisite skills, along with more defined accountability structures within the governance process.

While we all understand good management is the engine that drives success for our credit unions, the board is the mechanic that determines long-term viability. The board makes performance adjustments and even overhauls the engine, if necessary.

Yet we remain comfortable with limited governance advancements within the industry and, in some cases, even place blind trust in management.

Boards and management both play an integral role in the success of the credit union and should engage in a healthy level of debate and discussion.

One of the basic tenets of this relationship is the deep understanding of the strategies and risks you leverage to carry out your credit union’s mission. While deceptively simple in concept, the reality is much different.

The complexity and pace of change are immense. Alternatives and unforeseen consequences of our decisions and actions appear endless.

It’s the board’s duty to understand and challenge direction, strategy assumptions, and risk levels to ensure sound organizational progress.

To accomplish this, the board must make this role a central tenet of its governance philosophy.

To this end, the board must understand:

  • The risks being leveraged to create returns (financial, member, and brand);
  • The potential unforeseen consequences of our strategic direction and priorities (What actions/results are we truly rewarding?);
  • The aggregate risk level being assumed by the credit union (How much risk can we handle? How much do we want to support?); and
  • The potential strategic risks that might cause us to fall short of our goals (What will get in our way?).

To make more informed decisions, credit unions must create a culture around such a philosophy and develop proactive, intelligent, and sustainable management processes.

This summarizes enterprise risk management. It’s not a compliance or risk mitigation control but rather a governance and management tool to better leverage the opportunities we take while balancing the risks we leverage to accomplish those goals.

TONY FERRIS is managing partner with The Rochdale Group. Contact him at 913-890-8001 or at

Post a comment to this story

What's Popular

Popular Stories

Recent Discussion

Who Should Be the 2015 CU Hero of the Year?

View Results Poll Archive