| Summary: | Internationally, Boards of companies are increasingly required by law to take responsibility for their risk oversight. For example, the Sarbanes- Oxley Act (2002) in the USA; 2010 UK Corporate Governance Code; The revised Code of, and Report on, Governance Principles for South Africa (King III), (2009) firmly place the onus on the Board for managing risk in the organization. There is appreciable evidence that a high proportion of Boards do not fully embrace these obligations (Beasley M.S et al., 2010, 2011, 2012; FSA, 2007; Deloitte, 2012), leaving businesses highly vulnerable and unprepared for risky events. The aim of this research is to understand why South African Boards, in view of their strict corporate governance regulatory obligations, manage their risks differently. The objectives of this constructivist research are to question Boards on the extent of their adherence to legislated risk management requirements; and by analysing their repertory constructs understand how Board members construe elements of their risk; and further to understand whether Boards suffer from cognitive bias when faced with risky choices as predicted by Prospect Theory; and whether this cognitive bias adds to the risk exposure of the organisation. The research uses empirical data to demonstrate the extent of the shortfall between legislative directives and company practice. As a result of establishing how Boards construe risk, the outcome also highlights reasons for the shortfall between what regulators regard as risk oversight and the challenges Boards face in meeting these risk oversight obligations. The research examines the causal relationships between certain variables and the risk attitude and processes adopted by the Board. The following issues are evaluated: the differences in attitude to risk between highly compliant Boards and weakly compliant Boards; the differences in risk attitudes between members of the Board; and between Boards of different companies. The results suggest that; South African Boards face extreme difficulties in making sense of the risk environment; Board members are subject to a high degree of cognitive bias when facing risk and uncertainty; it seems unlikely that Boards behaviour towards risk can be described fully by the tenets of Prospect Theory; Boards suffer from source dependence in assessing risk; Boards’ behaviour towards risk is linked to their degree of regulatory adherence in terms of corporate governance. A behavioural form of moral hazard is identified where Boards which have implemented enterprise risk measures develop a sense of overconfidence in the belief that such measures will automatically and fully protect the business in all circumstances which in turn adds to the overall risk of the business. A further important indicative result of this research is a ‘Common / Variable Characteristics of Risk’ hypothesis. Boards appear to possess a common set of behavioural characteristics which govern the way they manage their risk, and a variable set of behavioural characteristics, the extent of which is directly linked to the level of risk readiness of the Board, and which also impacts on the way they manage their risk. This research highlights a possible phenomenon referred to as ‘Reality Drift’ in which Boards of companies may gradually lose touch with key aspects of their businesses through a process of cognitive bias and false and inadequate information. This phenomenon may explain why Boards of many regulated companies make errors of judgement and overlook areas of major risks to their businesses. This research also briefly addresses many important research questions around risk and risk management as posed in recent relevant publications. Finally, this research appears to be unique in the study of intact Boards, and adds to the important body of literature in respect of ‘sensemaking’ and ‘group sensemaking’, particularly in the area of risk management. This research is likely to be of assistance to regulators and company stakeholders in understanding how Boards perceive their regulatory obligations relating to risk oversight, and will provide further insight into risk management processes.
|
|---|
