TFL Vsebine / Revija SIR*IUS

Obravnavanje tveganj na ravni organa nadzora

Upravljanje tveganj je sistematično prepoznavanje dogodkov in situacij, ki utegnejo ogrožati organizacijo, in omogočanje, da bo organizacija lahko izkoristila morebitne priložnosti, ki se bodo pokazale v prihodnosti. Veliko je bilo napisanega o pristopih k upravljanju tveganj, veliko manj pa tem, kako obravnavati nadzor nad tveganji na ravni upravnega odbora ali nadzornega sveta. Običajna napaka je, da nadzorni svet sprejme oceno tveganj, ki jo pripravi poslovodstvo, z veliko premalo trdnih dokazov. Druga napaka pa je, da se nadzor nad tveganji obravnava skoraj izključno samo na ravni komisije nadzornega sveta za tveganja brez poglobljene razprave in pozivov organa nadzora k utemeljevanju. Posebno vprašanje je tudi povezovanje med komisijo za tveganja in revizijsko komisijo nadzornega sveta. Organ nadzora je sam po sebi največje tveganje organizacije, zato bi moral imeti direktor upravljanja tveganj tak položaj, da bi organe nadzora lahko opozoril, kako se to tveganje ne zmanjšuje dovolj. Organ nadzora se mora zlasti posvečati obranavi strateškega tveganja.

Risk management is about systematically identifying events and situations that may threaten the entity and positioning the entity to be able to exploit potential opportunities that may arise in the future. Much has been written on approaches to risk management but much less on how the oversight of risk should be dealt with at the level of the board of directors. A common failure is that the board accepts management’s assessment of risks with too little robust challenge. Another is that oversight of risk is handled almost exclusively at board committee level without in-depth discussion and challenge by the board itself. Handling the interface between the board risk and audit committees is another issue. The board itself is the biggest risk of the entity, and chief risk officers should have the status to be able to indicate to boards the ways in which this risk is being insufficiently mitigated. The board in particular must engage in the consideration of strategic risk. There are many definitions of ‘risk’, some impenetrable; and risk management is bedevilled by technical terms that serve to exclude many directors and others from meaningful conversations about risk management. Risk can be defined as: ‘the uncertainty of an event or situation occurring that may impact the organisation.’ This definition captures the reality that risks are not just possible events but may also be found in situations such as low staff morale or negative cash flow. The definition also implies that the board’s consideration of risk should embrace those events or situations that may have positive impacts, not just those that threaten negative outcomes. We might describe these respectively as ‘upside’ and ‘downside’ risks.