Less Than One in Four Proxy Disclosures From Standard & Poor's 500 Mention CEO Involvement or Responsibility for Risk Management, According to Deloitte Analysis

NEW YORK, Oct. 14 /PRNewswire/ -- In an analysis of proxy statements from the Standard & Poor's (S&P) 500, filed in 2010, Deloitte found that just 22 percent cited that the company's chief executive officer had any involvement or responsibility for risk management.  

In December 2009, the SEC released enhanced proxy disclosure rules requiring new disclosures regarding the board's enhanced role in risk oversight.  Deloitte's analysis included proxy statements from 398 of the S&P 500, which were filed in 2010 between Feb. 28 and July 1, 2010.  

"Most board members and C-suite executives mention that they discuss risk management issues on an ongoing basis, but that story may not be fully communicated in the proxy disclosures we analyzed," said Maureen Errity, director, Deloitte Center for Corporate Governance.  "The S&P 500's proxy disclosures may meet the requirements, but there is more to the story of effective risk oversight.  For example, only some companies discuss how they leverage risk in corporate strategy decision-making and how appropriate risks are taken to enhance value — two pillars of the Risk Intelligence Enterprise™.  As companies continue to enhance risk management practices and company culture, the 2011 proxy disclosures may offer even more visibility into what boards and executives are doing to oversee and manage risk."

Other infrequently reported risk-related items in the proxy disclosures analyzed were:

• Only one-third (34 percent) of companies disclosed that risk oversight and/or risk management were aligned with corporate strategy;
• 11 percent disclosed how the board is involved with regard to corporate risk appetite;
• Five percent mentioned that the board has oversight with regard to corporate culture; and,
• Just one percent of proxy statements noted the significance of tone at the top.

"New legislation — not the smallest of which is the Dodd-Frank bill — will change proxy disclosures, even if just for a small percent of corporate America, in the beginning," said Henry Ristuccia, partner, Deloitte & Touche LLP and U.S. leader of governance and risk management services.  

"While those new rules will affect the largest investment banks first, we often see a trickle-down effect when more highly regulated industries' practices become quickly adopted by other Risk Intelligent Enterprises," continued Ristuccia.

Within the analysis, industries with higher regulatory demands tended to more clearly disclose details on board members and C-suite executives' involvement in overseeing and managing risk.  Financial services company disclosures were four times more likely than average to have a separate risk committee on its board (16 percent), nearly three times more likely to mention a chief risk officer (31 percent), twice as likely to separately address reputational risk (30 percent) and twice as likely to mention board oversight with regard to corporate culture (10 percent).  Energy and resources firms were nearly twice as likely to disclose the presence of a management level risk management committee (36 percent).  

"It's encouraging to see that boards and executives in corporate America are not taking a 'one-size-fits all' approach to disclosing risk information," concluded Ristuccia.  "But, the more companies can share the full story when it comes to outlining risk management in their proxy disclosures, the more risk intelligent corporate America — and its investors — will become."

About the Study

Deloitte analyzed 2010 proxy disclosures from S&P 500 organizations that were subject to the SEC's December 2009 enhanced rules and specifically focused on the new disclosures with regard to the board's role in risk oversight. The analysis included companies subject to the new disclosures — those that had a financial year-end on or after Dec. 31, 2009 and filed their 2009 proxy statement on or after Feb. 28, 2010. Approximately 398 companies were included in Deloitte's analysis as of July 1, 2010.

The SEC website, specifically the Edgar platform, was used to obtain the organization's proxy statement for analysis.

The analysis was limited to the information included within the "board's role in risk oversight" or similar section or paragraph within the proxy statement. If such a section was not included, the analysis identified the "board leadership" or "board structure" paragraphs to obtain the information for the analysis. To the extent such disclosure with regard to the board's role in risk oversight was not identified in either section, Deloitte considered such company to not include such information. Further, while certain criteria may have been included in other parts of the company's proxy statement, to the extent it was not identified in one of the two sections noted above, a "no" response was provided. Note that a total of 21 companies of the 398 did not include specific risk disclosures within either of these two sections.

The analysis is based on certain criteria applicable to Deloitte's Risk Intelligent Enterprise™ point of view and should not be deemed an opinion as to the appropriateness or interpretation of the SEC disclosure rule.

As used in this document, "Deloitte" means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

SOURCE Deloitte