Chairing the session was Hanif Barma, founder of Board Alchemy and co-founder and director at the Risk Coalition. He was joined by NED, Alessandra Mongiardino; Tara Rajah, General Counsel, Corporate Risk at WPP and Trustee at War Child UK and the FCA’s Executive Director of Authorisations and Joint Interim COO, Sheree Howard. Panellists discussed current good practices and the challenges boards face today when it comes to risk.
Risk has always been central to corporate governance, but expectations of how boards approach risk are changing. Rather than viewing risk management primarily as a compliance exercise focused on prevention and control, organisations are increasingly expected to treat risk as an integral component of strategy and long-term value creation. Panellists explored how directors can strengthen risk oversight in an environment characterised by economic uncertainty, geopolitical instability and rapid technological change.
A recurring message throughout the session was that effective governance does not eliminate risk; it enables organisations to take the right risks with confidence.
Risk and strategy are inseparable
Traditional governance models have often treated strategy and risk as separate discussions. Strategy focused on growth and opportunity, while risk management concentrated on preventing negative outcomes. Speakers argued that this distinction no longer reflects reality when it comes to sustainable and resilient business decision-making.
Every strategic decision carries inherent uncertainty. Entering new markets, investing in technology, restructuring operations or launching new products all involve trade-offs between opportunity and risk. Boards therefore need to consider risk not as a constraint on strategy but as a lens through which strategy is evaluated and refined.
When risk discussions occur only after strategic decisions have been made, governance becomes reactive. Integrating risk considerations early in strategic planning enables more informed decision-making and helps organisations anticipate potential challenges.
Participants emphasised that strong boards regularly ask not only ‘What could go wrong?’ but also ‘What risks must we take to succeed?’.
Beyond the risk register
Many organisations rely heavily on risk registers, that is, structured lists of identified risks ranked by likelihood and impact. While these tools remain useful, speakers cautioned that they can create a false sense of security if used in isolation.
Risk registers tend to capture known risks but may fail to identify emerging or interconnected threats. Complex modern organisations face risks that evolve rapidly and may not fit neatly into predefined categories. Participants encouraged boards to supplement formal reporting with broader discussions about uncertainty and external change. Questions that effective boards frequently ask include:
- What assumptions underpin our strategy?
- What developments could invalidate those assumptions?
- Where might risks be building outside traditional reporting channels?
- What are we not hearing or seeing?
Such discussions help boards move beyond static risk assessments towards a more holistic and dynamic understanding of organisational exposure.
Creating visibility across the organisation
Another challenge highlighted during the session was ensuring that boards receive meaningful insight into risks as they develop at operational levels. Information flowing to the board is often filtered through multiple layers of management. While this process is necessary, it can unintentionally dilute or delay escalation of emerging concerns. Speakers stressed the importance of multiple information channels. Internal audit, employee engagement surveys, whistleblowing systems and direct engagement with management teams can all provide alternative perspectives and at an earlier stage.
Psychological safety plays a crucial role here. Employees must feel comfortable raising concerns without fear of negative consequences. Organisations where bad news travels slowly are more likely to experience unexpected crises. Boards therefore have a responsibility to foster environments where openness and transparency are encouraged.
Balancing oversight and management responsibility
The discussion explored the boundary between board oversight and executive responsibility. Whilst boards are accountable for overseeing risk management frameworks, they should avoid becoming involved in operational risk management decisions. Maintaining this distinction allows management to operate effectively while ensuring appropriate accountability.
Clear articulation of risk appetite is an important mechanism for achieving this balance. The board defines the level of risk the organisation is willing to accept in pursuit of its objectives, while management determines how to operate within those boundaries.
However, speakers noted that risk appetite statements are sometimes too abstract to guide decision-making effectively. Translating high-level principles into practical guidance for operational teams remains an ongoing challenge. Regular dialogue between boards and executives can help ensure shared understanding of acceptable risk-taking within an organisation.
Responding to an increasingly uncertain environment
The external risk landscape facing organisations has expanded significantly in recent years. Participants discussed a range of factors contributing to heightened uncertainty, including:
- geopolitical instability,
- economic volatility,
- cyber threats,
- supply chain disruption,
- climate-related risks,
- rapid technological change.
These risks are often interconnected, making prediction more difficult. For example, geopolitical tensions may trigger economic shocks, which in turn influence operational risks and workforce stability. Traditional planning models based on stable assumptions may therefore be insufficient today. Scenario planning emerged as a valuable tool for boards seeking to prepare for uncertainty. Rather than attempting to predict specific outcomes, scenario analysis encourages organisations to consider how they would respond to a range of plausible futures. This approach strengthens organisational resilience by improving preparedness rather than prioritising forecasting accuracy.
The role of board composition and diversity
Effective risk oversight also depends on the composition of the board itself. Participants highlighted the value of diverse perspectives, professional backgrounds and experiences in identifying risks that might otherwise be overlooked.
Boards composed of members with similar expertise may unintentionally share assumptions, thus limiting constructive challenge. Diversity of thought helps ensure that strategic decisions are examined from multiple angles.
Curiosity and willingness to challenge consensus were identified as particularly important qualities for directors involved in risk oversight.
Further, constructive challenge does not imply confrontation but rather a shared commitment to testing assumptions and strengthening decision-making.
From resilience to opportunity
A key shift discussed during the session was the move from risk management as defence towards risk management as a source of competitive advantage.
Organisations that understand their risks deeply are often better positioned to pursue opportunities confidently. For example, companies with strong cyber governance may adopt digital innovations more rapidly because safeguards are already in place. Similarly, organisations with mature risk cultures may respond more effectively to external shocks, enabling them to adapt while competitors struggle. In this sense, resilience becomes an enabler of growth rather than merely a protective mechanism. Boards play a critical role in ensuring that risk discussions remain forward-looking and connected to strategic objectives.
The evolving role of the board
As expectations continue to evolve, boards are increasingly expected to demonstrate active engagement with risk rather than passive oversight. This does not mean expanding governance structures indefinitely but rather improving the quality of discussions and insights available to directors. Effective boards create space for open dialogue about uncertainty, encourage diverse perspectives and ensure that risk considerations are embedded throughout governance processes.
Ultimately, the session concluded, risk oversight is less about predicting the future and more about preparing organisations to respond effectively when change inevitably happens. By reframing risk as an inherent element of strategy, boards can help organisations navigate uncertainty while pursuing sustainable long-term value.
