The Influence of Board of Directors’ Risk Oversight on Risk Management Maturity and Firm Risk-Taking

Christopher D. Ittner

University of Pennsylvania – Accounting Department

Thomas Keusch

Erasmus University Rotterdam (EUR)

March 12, 2015

AAA 2015 Management Accounting Section (MAS) Meeting


The Board of Directors’ role in risk oversight has come under increased scrutiny, resulting in shareholder lawsuits, increased regulation, and more extensive disclosure and listing requirements. While theory predicts that Board risk oversight can benefit stakeholders by mitigating risk-related agency conflicts, critics argue that changes in Board practices in response to external pressure may simply be window-dressing. Using both archival and survey data on corporate risk management processes, we examine the influence of Board risk oversight responsibilities and practices on the maturity of the firm’s risk management processes and risk-taking. We find the location of Board risk oversight responsibilities to be a major determinant of Board risk oversight practices, with greater oversight in firms that formally assign responsibilities to the Board as a whole as well as its committees. Supporting the view that risk oversight is conducted for economic reasons, the quality of Board oversight practices has a direct positive relation with the maturity of risk management processes, as well as a significant indirect influence on future stock return volatility and tail risk through the enhanced risk management maturity.

The Influence of Board of Directors’ Risk Oversight on Risk Management Maturity and Firm Risk-Taking – Introduction

A variety of external events, including numerous inquiries into the causes of the financial crisis, changes in regulations and listing rules, and more stringent interpretations of directors’ fiduciary responsibilities have fostered rising expectations for Boards of Directors to exert greater oversight of their organizations’ risk management processes (Tonello, 2007; Simkins and Ramirez, 2008; Adams 2012; Gupta and Leech, 2014). The primary impetus behind these external pressures is agency-based beliefs that stronger Board oversight over risk management strategies and activities will lead to substantive improvements in risk management and more informed risk-taking. Many observers, however, argue that Board members often lack the time, skills, and information necessary for effective risk oversight (Ingley & van der Walt 2008; National Association of Corporate Directors, 2013), and contend that the adoption of governance practices that are advocated or mandated by external parties is often window-dressing (Menon & Williams, 1994; Westphal & Graebner, 2010). As a result, symbolic theories of corporate governance suggest that the externally-focused adoption of Board risk oversight will have little effect on the firm’s risk management practices or risk-taking.

We examine these conflicting predictions using survey data on the Board risk oversight and organization-wide risk management practices of 297 publicly-traded firms headquartered in 28 countries. Combining these survey responses with publicly-available archival data, we investigate the risk management and risk-taking implications of two Board-level attributes that are prominently featured in Board risk oversight codes, rules, and regulations: (1) the formal definition and location of Board oversight roles and responsibilities, and (2) the risk oversight practices adopted by the Board to (in conjunction with top management) assess, monitor, and communicate the organization’s key risks, risk management strategies and activities, and emerging risk profile.

We first examine the influence of Board risk oversight roles and responsibilities on Board oversight practices. The issue has been a particularly contentious topic in the corporate governance literature: while some risk oversight advocates call for risk responsibilities to reside with the entire Board, others demand Board audit committee oversight of risk management processes, and a third group prefers firms to assign risk oversight responsibilities to a stand-alone Board risk committee. Consistent with calls for formal assignment of oversight responsibilities, we find the lowest Board involvement in risk oversight when firms have not formally defined Board oversight roles and responsibilities. Risk oversight involvement is significantly greater when responsibilities are defined in Board committee charters than when no responsibilities are assigned. However, delegating all Board oversight responsibilities to one or more committees is associated with lower Board oversight involvement than assigning risk oversight responsibilities to the Board as a whole. The highest level of Board risk oversight involvement is observed when responsibilities are defined at both the Board and committee levels. We find no evidence that the presence of a dedicated risk committee influences the extent of Board involvement in risk oversight.

Risk Management Maturity

See full PDF below.