Handling risk should not be viewed as the domain of a boardroom “expert” but as an area for collective decision-making, where everyone recognises there is no such thing as certainty.
Executive boards have a responsibility for good governance and responsible stewardship, yet persist in treating risk as a control function, not a decision-making process. A board is required to take collective responsibility for the organisation’s risk appetite, yet in most board meetings risk is treated as the privileged domain of the head of risk, or chair of the risk and audit committee. Other directors defer to this person as a risk “expert”. Consequently ri