Conducting a Risk Assessment
In the face of the recent global financial crisis, investors have become increasingly concerned about the risk profile of corporate compensation programs. Responding to this widespread anxiety, the Securities and Exchange Commission now requires public companies to address the relationship between their compensation policies and practices and excessive risk-taking in their proxy statement.
What Are We Required To Do?
Starting this year, a public company must discuss how it evaluates and manages the relationship between its programs for compensating its executives and other employees and risk-taking in its proxy statement to the extent that these risks are reasonably likely to have a material adverse effect on the company. In complying with this new requirement, there are four key points to keep in mind:
- Disclosure is required only if compensation-related risks are reasonably likely to have a material effect on your company;
- This material effect must be harmful to the company; and
- In making this determination, you
» Assess the impact of these risks on the company as a whole; and
» May consider your policies and practices (as well as other controls) that mitigate these risks.
How Do We Assess Our Compensation-Related Risks?
To determine whether disclosure is required, a company must first assess the risks arising from its compensation policies and practices – including those covering its non-executive employees. This involves establishing a process to identify the risks that are either introduced or encouraged by your compensation plans and arrangements and evaluate how you monitor and manage these risks.
While this process will vary from company to company depending on various factors, such as size, maturity, structure, industry, compensation philosophy, and program design, for most companies it will involve:
- Identifying your existing risk management framework and key business risks to understand the risks that may materially affect your company;
Identifying the compensation plans that are most likely to impact these risks – or introduce new risks (primarily executive compensation plans, but also significant non-executive plans, and any incentive plans without payout limits); and
- Balancing these risks against your existing internal control systems and compensation program safeguards to see whether these risks are reasonably likely to have a material adverse effect on your company.
It is important to remember that this is not a mandate to eliminate risk. Companies are in the business of taking risks and using compensation as a means to promote and reward risk-taking that furthers their strategic and operational objectives. Instead, this process is intended to confirm that a company has adequate controls in place to ensure that its incentives are reasonable and balanced, aligned to appropriate performance measures, and produce results that are both substantive and sustainable.
Who Should Conduct the Assessment?
Typically, the board of directors, or the board audit committee, is responsible for overseeing a company’s risk management process. We believe that, at many companies, the audit committee will direct the risk assessment, either conducting the evaluation itself or directing management to perform this task for its review. We further expect that the board compensation committee, given its central role in designing and administering the company’s compensation programs, will be actively involved in the risk assessment process.
Need Assistance in Developing or Conducting Your Risk Assessment?
Compensia has significant experience in helping companies evaluate the design and objectives of their executive compensation programs. We’ve also developed a series of tools to assist companies in designing and conducting a compensation-related risk assessment. If you have any questions on the subjects addressed in this Thoughtful Pay Alert or would like assistance in assessing the risks associated with your executive com-pensation policies and practices, please feel free to contact us.