Enterprise Risk Management in the Boardroom

Thanks to Stephen Davis, editor of Global Proxy Watch, for highlighting a recent study about enterprise risk management. The three Conference Board authors - Carolyn Kay Brancato, Matteo Tonello, and Ellen Hexter -- suggest that board members may need to do a lot more work when it comes to (a) recognizing relevant risks and (b) managing them to avoid liability.

According to "Role of the U.S. Corporate Board of Directors in Enterprise Risk Management", there is a big gap between knowledge and action.

"The Conference Board study finds: Although 89.5% of directors say they fully understand the risk implications of the current strategy,

Only 77.4% of directors say they fully understand the risk/return tradeoffs underlying the current strategy.

Only 73.4% of directors say their companies fully manage risk.

Only 59.3% of directors fully understand how business segments interact in the company's overall risk portfolio.

Only 54.0% have clearly defined risk tolerance levels.

Only 47.6% of boards rank key risks.

Only 42% have formal practices and policies in place to address reputational risk.
Directors are, however, sensitive to the need for additional information:

While 71.8% of directors believe they have the right risk metrics and methodologies in making strategic decisions, 47.6% of directors would like to see more data analysis related to the company's risk profile."

So what does this have to with pension plans?

Simply put, a lot...

As more and more companies contemplate the financial and human capital impact of offering employee benefits, it's imperative to remember that pension management cannot be separated from corporate governance responsibilities, embedded in regulations such as the Sarbanes-Oxley Act of 2002 ("SOX").

Jeffrey D. Mamorsky, Employee Benefits Group Chairman with Greenberg Traurig, states: "What companies sometimes overlook is that this SOX Section 404 Management Assessment of the Adequacy of Internal Control Procedures requirement applies to pension and benefit expenses. This is an issue that cannot be overlooked since SOX includes draconian sanctions of $2 million and up to 10 years imprisonment for non-willful ($5 million/up to 20 years imprisonment for willful) certification of any statement that does not comply with SOX requirements." (See "Today's Retirement Plan Environment Leaves Much for Concern".)

In a speech to business editors, following the passage of SOX, U.S. Department of Labor Assistant Secretary Ann L. Combs sang its praises, adding that: "Some reports have criticized the Sarbanes-Oxley provisions as inadequate response to the problems brought to light by Enron and its progeny. The fact is, they are important provisions and will prevent future instances of corporate officers unloading their stock while workers are trapped in a sinking ship."

My own research in the areas of governance, compliance and litigation suggests an inextricable relationship between corporate and pension governance. Directors simply cannot ignore ERISA when making enterprise-oriented decisions. To do so could invite the possibility of financial loss, litigation, harm to reputation and/or regulatory action.

Author's Note: There are many articles that address the deficiences of SOX and regulation in general. Free marketeers advocate complete industry self-regulation or some variation thereof (and I have written elsewhere about the economic and philosophical merits of best practices versus regulation). However, whatever your opinion about regulations, including SOX, existing law is a reality. posted by Susan Mangiero at 6/24/2006 10:55:00 PM