Corporate watchdog takes aim at boards, branding their approach to non-financial risk ‘immature’

In a report released on Wednesday, ASIC urged companies to apply a greater focus and sense of urgency to the oversight and management of non-financial risk.

Launching the director and officer oversight of non-financial risk report, ASIC chair James Shipton said the boards ASIC reviewed were challenged by important elements of non-financial risk management and their oversight of these risks was less mature than required.

“Our review revealed that boards – some more so than others – were grappling to oversee non-financial risk and their oversight was less developed than what we had hoped to see,” said Mr Shipton.

ASIC’s research looked particularly at the risk appetite statements as a foundational tool that boards of complex organisations can use to assist in their oversight of risk.

It found that the quality and content of these statements was only developing, and that the articulation of risk and metrics “were nowhere near as mature, or effective” as those for financial risks.

Of most concern, the watchdog said, was that management was often operating outside of board-approved risk appetites for non-financial risks for months, and in some cases years, at a time, without any serious attempt by boards to rein them in.

“Boards were not actively holding management nor themselves to account for prolonged failures to operate within the risk parameters the board itself had determined,” said Mr Shipton.

He pointed out that reporting to the boards on non-financial risk was wanting in a number of other ways.

“Board packs were so dense and voluminous that it was unclear whether their primary purpose was to inform directors in the most effective manner; or to avoid the authors having to make a call on what material to exclude or provide a hierarchy of those risks,” Mr Shipton said.

The average pack provided to the board risk committees in the companies ASIC studied was 300 pages long, with many directors acknowledging the problem of being overwhelmed with information before a board meeting.

Finally, ASIC looked at the functioning of the board risk committee, concluding that they were being “seriously underutilised”.

“While there is no 'one size fits all' solution to these findings, boards need to proactively identify and assess their own characteristics and processes,” Mr Shipton acknowledged.

He urged boards of all large listed companies to read ASIC’s report and review their governance practices and accountability structures with reference to its findings.

In August 2018, ASIC received funding to conduct targeted reviews into corporate governance practices of large listed entities to gain an insight on actual governance practices.