The board of directors is responsible for overseeing all risks associated with the activities of a business and establishing a strong internal control environment and risk framework that fulfills the stakeholders’ expectations of the organization. The board periodically reviews the risk management framework and policy statement, depending on the organization’s circumstances.
The board has overall responsibility to ensure that a dedicated compliance risk management function and practices are established, and such risk management practices include performing compliance risk assessment and management. The board delegates the responsibility for compliance risk management to the senior management team led by the Chief Executive Officer or CEO.
The company’s CEO periodically reviews the results of compliance risks related to different areas and functions for reporting to the board. It is important to understand that the top management, including the CEO or Board of Directors, has the ultimate responsibility for the organization’s conduct.
The Board of Directors Net Responsibility
A Board must act in good faith in the exercise of its oversight net responsibility for its organization, including making inquiries to ensure:
- A corporate information and reporting system exists.
- The reporting system is adequate to assure the board that appropriate information relating to compliance with applicable laws will come to its attention timely and as a matter of course.
A corporate reporting system is a key compliance program element, which keeps the board informed of the organization’s activities and enables an evaluation of the potentially illegal or otherwise inappropriate activity. Board is encouraged to use widely recognized public compliance resources as benchmarks for their organizations.
The Federal Sentencing Guidelines and Organisation for Economic Co-operation and Development or OECD guidelines can be used as baseline tools for boards and management in determining what specific functions may be necessary to meet the requirements of effective maintenance of the tone at the top.
The guidelines offer organizations incentives to reduce and eliminate criminal conduct by providing a structural foundation from which an organization may self-regulate its conduct through an effective compliance and ethics program. Regarding corporate compliance, although the compliance program may not be a «one size fits all» issue, the company’s board is expected to put forth efforts to review the adequacy of compliance functions and systems.
The board should develop a formal corporate compliance plan to stay abreast of the ever-changing regulatory landscape and operating environment.
The board conducts the following key activities:
- Define the roles and relationships, including those of compliance function, legal function, internal audit, human resources, quality improvement function, etc.
- The board should set and enforce expectations for receiving particular types of compliance-related information from various management members regarding the organization’s risk mitigation and compliance efforts.
- Identify and audit potential risk areas.
- Encourage accountability and compliance.
A board of directors is a group of people who represent a company’s shareholders’ interests. It also advises and guides an organization’s CEO and executive team. A board of directors oversees general operations without becoming involved in day-to-day operations.
In general, the board makes decisions as a fiduciary on behalf of the company and its shareholders. Issues that fall under a board’s purview include the hiring and firing of senior executives and their compensation, dividends, major investments, and mergers and acquisitions.
In addition, a board of directors is responsible for helping a corporation set broad goals, supporting senior management in pursuit of those goals, and ensuring the company has adequate, well-managed resources at its disposal.