A recent analysis of 398 proxy statements filed by S&P 500 companies between February 28 and July 1 of this year found that only 22% of them mentioned that the CEO had any direct involvement in risk management. The study, conducted by Deloitte, also found that:
• Just 35% of companies described risk oversight/management as being in sync with corporate strategy.
• Only 11% described the board’s involvement in determining a company’s risk appetite.
• A mere 1% mentioned anything about the importance of “tone at the top” as it influences overall risk management.
Failure to cover these areas in the proxy may not fall outside the scope of current regulatory requirements, and it is possible that the proxies simply don’t capture the full extent of senior-level discussions around risk. But Deloitte chided companies for not doing more to communicate the breadth of their risk-management strategies via proxy statements.