Resilience – the ability to anticipate, prepare for, respond and adapt to a changing environment rather than attempting to “return to normal.”
Instead of codifying and responding to each risk, highly resilient boards focus on developing resilience overall, behaving differently in five key areas:
- Emerging risks
- Talent and culture
- Sociopolitical issues
- Environmental sustainability
- Technology
The character traits of highly resilient boards are informed confidence, agility and humility.
Some boards view risks as "black swans" (hard to predict and very impactful – such as the COVID-19 pandemic or the global financial crisis of 2008). However, highly resilient boards gain an advantage by also leaning into the concept of risks as known unknowns, i.e., gray rhinos, and they change their behavior in the face of these risks. The character traits of highly resilient boards can be articulated as follows:
- Informed confidence: Highly resilient boards know management has the right systems, processes and governance frameworks in place to scan the horizon and detect known, emerging and interconnected risks – and understand how they will impact strategic business objectives. “You can have a risk profile and you can have a risk assessment, but if you are not working through the strategy and tying it together, that becomes problematic in itself,” says Mike Millegan, Independent Director for Portland General Electric Company, Wireless Telecom Group and Axis Capital Holdings.
- Agility: These boards take a highly discerning and cautious view on their organization’s level of preparedness to respond to these interconnected and ever-changing risks. They ask “what if” questions to challenge groupthink and confirmation bias. According to the survey, highly resilient boards are 1.6 times more likely to be confident in their ability to respond to unexpected high-impact incidents.
- Humility: Highly resilient boards accept that both they and their organization need to continually update their skill set to ensure they keep an eye on the horizon while management has an eye on the ground in front of them.
You can have a risk profile and you can have a risk assessment, but if you are not working through the strategy and tying it together, that becomes problematic in itself.
Cultivating a high level of resilience is not solely the board’s role — it’s a shared responsibility with management. The survey indicates there is room for improvement here: directors were less likely than CEOs to rate their organizations as resilient across a variety of areas.
Modernizing governance and the use of technology in upskilling will be vital in building resilience; highly resilient boards are 1.8 times more likely to be very confident in their organization’s data management processes and technology risk framework, and 69% of boards have previously said they plan to increase their level of investment in data and technology for risk management.
With so many new and heightened challenges at play, and given the increasing complexity of the risk landscape, the board should continue to connect regularly with CxOs, specifically the chief risk officer (CRO). We asked board members how often they engage with CxOs, and only 57% of board members meet with their CRO on regular basis.
In the 2021 survey, EY teams discussed the rising importance of the CRO and why CRO and board collaboration is vital. This continues to hold true, with some advocating for the CRO to be made a permanent addition to the board agenda. Wherever the conversation lands, we believe boards need to transition away from the traditional view of risk management and mitigation.
Our top three takeaways for the boardroom:
- Foster a culture of resilience. Rather than focusing on returning to normal after disruptive events, highly resilient boards prioritize adapting to the new reality. They focus on developing overall resilience across various areas such as governance, talent and culture, sociopolitical factors, environmental sustainability and technology.
- Stay informed about emerging risks and disruptions. Continuously monitor and assess the evolving risk landscape that may impact your organization, via tailored board insight and discussion sessions, and seek the advice of independent experts. Ensure a baseline level of education around risk frameworks is in place, including how technology can play a role (via EY.com Australia) — which will create the foundation for a resilience mindset.
- Enhance collaboration with CxO roles that own material risks. Recognize the vital role CxOs play in effective risk management and consider assigning responsibility for material risks to existing committees. Engage with the CRO more regularly, as well as those responsible for the organization’s most material risks. Failing to do so could result in missing the most damaging risks, those “gray rhino” risks that are charging right at the organization.
Related articles
Summary
The risk environment has become more expansive and complex as the world has been reshaped by accelerating and interconnected disruptive shifts. Boards need a strategy that is not simply reactive but rather anticipates and adapts to emerging disruptions before they happen. They need to be resilient.