In response to the increased focus on the effectiveness of board risk oversight practices, the Committee of Sponsoring Organizations, known as COSO, has released a new thought paper aimed at helping boards of directors strengthen their oversight of enterprise risks.

The four-page paper, The Role of the Board of Directors, is available for free download. The paper calls attention to COSO's 2004 Enterprise Risk Management - Integrated Framework and its definition of ERM.

"The challenge facing boards is how to effectively oversee an organization's enterprise risk management (ERM) in a way that provides improved oversight while adding value to the organization," said COSO Chairman David Landsittel. "While ERM is not a panacea for all the turmoil in the markets today, robust engagement by the board in enterprise risk oversight strengthens an organization's resilience to significant risk exposures."

Boards may also face new regulatory requirements or new interpretations of existing requirements regarding their risk oversight responsibilities. The Securities and Exchange Commission in July proposed rules that would expand companies' proxy disclosures about how compensation policies affect risk taking and the role of the board in the company's risk management practices. Congress has also introduced legislation that would mandate the creation of board risk committees. Meanwhile, Standard & Poor’s has begun incorporating enterprise risk management assessments into its ratings of non-financial companies.

The paper points to four areas discussed in COSO's 2004 ERM framework that contribute to board risk oversight: Understand the entity's risk philosophy and concur with the entity's risk appetite; know the extent to which management has established effective ERM of the organization; review the entity's portfolio of risk and consider it against the entity's risk appetite and be apprised of the most significant risks and whether management is responding appropriately.

COSO is also developing a thought paper to be released this Fall that it says will provide a more in-depth discussion on how senior management can strengthen risk management processes to improve the board's risk oversight processes.