EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
Cultivating a high level of resilience is not solely the board’s role — it’s a shared responsibility with management. The survey indicates there is room for improvement here: directors were less likely than CEOs to rate their organizations as resilient across a variety of areas.
Modernizing governance and the use of technology in upskilling will be vital in building resilience; highly resilient boards are 1.8 times more likely to be very confident in their organization’s data management processes and technology risk framework, and 69% of boards have previously said they plan to increase their level of investment in data and technology for risk management.
With so many new and heightened challenges at play, and given the increasing complexity of the risk landscape, the board should continue to connect regularly with CxOs, specifically the chief risk officer (CRO). We asked board members how often they engage with CxOs, and only 57% of board members meet with their CRO on regular basis.
In the 2021 survey, EY teams discussed the rising importance of the CRO and why CRO and board collaboration is vital. This continues to hold true, with some advocating for the CRO to be made a permanent addition to the board agenda. Wherever the conversation lands, we believe boards need to transition away from the traditional view of risk management and mitigation.
Our top three takeaways for the boardroom:
- Foster a culture of resilience. Rather than focusing on returning to normal after disruptive events, highly resilient boards prioritize adapting to the new reality. They focus on developing overall resilience across various areas such as governance, talent and culture, sociopolitical factors, environmental sustainability and technology.
- Stay informed about emerging risks and disruptions. Continuously monitor and assess the evolving risk landscape that may impact your organization, via tailored board insight and discussion sessions, and seek the advice of independent experts. Ensure a baseline level of education around risk frameworks is in place, including how technology can play a role (via EY.com Australia) — which will create the foundation for a resilience mindset.
- Enhance collaboration with CxO roles that own material risks. Recognize the vital role CxOs play in effective risk management and consider assigning responsibility for material risks to existing committees. Engage with the CRO more regularly, as well as those responsible for the organization’s most material risks. Failing to do so could result in missing the most damaging risks, those “gray rhino” risks that are charging right at the organization.