Risk is a challenge and an opportunity for all boards.
This is particularly relevant to Aboriginal and Torres Strait Islander (ATSI) Corporations that face the difficult task of considering cultural and legal obligations. Further, many ATSI Corporations have limited or no financial capacity, with voluntary board members and no paid staff members.
Still, if you’re a director of a small for-purpose ATSI Corporation, or a director of a large ATSI Corporation with significant resources, or a director of an ASX Listed Company, your legal duties remain the same. Similarly, the need to oversee risk is true for all directors. Without doubt, the ability of ATSI Corporations to effectively oversee risk is integral to self-determination.
This article is a brief introduction to risk management for ATSI Corporations.
We have also prepared a factsheet on tips for risk management of First Nations Corporations, to help directors of Prescribed Body Corporates (or Registered Native Title Body Corporates) to understand and manage risks by setting a risk appetite and designing a risk management framework.
Why manage risk?
Overseeing risk helps to address uncertainty of the future by:
o Maximising opportunities; and,
o Reducing the likelihood or consequences of disruptive events.
What is the role of the directors?
The role of the directors is to oversee risk and to add value to the corporation. This can be achieved through developing a risk management framework to achieve the corporation’s objectives.
A risk management framework provides for the:
o Identification of risks;
o Regular review of risks;
o Determination of the significance of risks;
o Development of plans to minimise impacts of risks;
o Formulation and updating risk management procedures for significant risks;
o Monitoring risk culture for consistency with the risk appetite;
o Ensuring effective implementation of risk management procedures; and,
o Monitoring and evaluation of key personnel responsible for risk management.
The risk appetite is an assessment by the directors about how much risk the corporation is willing to take to achieve its objectives. The risk appetite needs to align with:
o Expectations of members (and native title holders, for Registered Native Title Body Corporates);
o Purpose; and,
o The environment that the corporation operates in.
There are many different types of risks that a corporation could consider.
In developing a risk framework and setting the risk appetite, directors need to weigh up objectives that are sometimes competing.
Effective oversight of risk requires independent judgment.
Setting the scene
Corporation directors should set the scene for risk management and risk-based decision making. Directors must lead by example and should have risk and strategy as standard agenda items for board meetings. The effective oversight of risk is linked to proper strategic planning. Directors should consider setting aside time specifically for risk management and strategic planning in the annual board calendar.
One efficient way to help directors set the scene is to develop a risk sub-committee. The role of the sub-committee would be to oversee the risk framework by:
o Making recommendations to the Board;
o Monitoring significant risks; and,
o Contributing to the identification and evaluation of risks.
For those ATSI Corporations with staff, the sub-committee would work closely with senior management to ensure adequate reporting to the board. It would then be up to senior management to implement the risk framework and have the day-to-day responsibilities of managing risk.
Risks for ATSI Corporations
Each board needs to assess the risks relevant to that particular corporation. However, in our experience, many ATSI Corporations share five key risks. These risks are as follows, including some relevant questions that directors may consider reviewing.
1) Internal stability
- What is our relationship with our members, stakeholders and the broader community?
- How does that impact the well-being of our organisation?
2) Long-term financial sustainability
- How do we pay for our operations?
- What does the future look like, and what if that was to change?
- Are there other ways we can look after our own business?
3) Compliance landscape
- What are the key laws that apply to us?
- What could happen if they aren’t followed?
- How do we ensure compliance?
- How do we move beyond compliance?
4) Strategic direction
- Why do we operate?
- Where are we going, when do we want to get there and how will we get there?
5) Board composition
- Do we have diversity of thinking on our boards?
- Do we have succession plans and training programs to increase the capacity of our current and future directors?
For more information about risk oversight for corporations, contact MPS Law Principal Michael Pagsanjan.
Michael Pagsanjan is a member of the Australian Institute of Company Directors. This article is an adaptation of part of an assessment for the AICD Company Directors Course. See Australian Institute of Company Directors, ‘Risk management – Role of the Board’, available at https://aicd.companydirectors.com.au/~/media/cd2/resources/director-resources/director-tools/pdf/05446-5-12-mem-director-rob-risk-management_a4-web.ashx (accessed 10 September 2018).