Enterprise-Wide Risk Management and Corporate Governance

Loyola University Chicago Law Journal Volume 39 Issue 3 Spring 2008 Article 6 2008 Enterprise-Wide Risk Management and Corporate Governance Betty Simkins Oklahoma State University, Spears School of Business Steven A. Ramirez Loyola University Chicago, School of Law, Follow this and additional works at: http://lawecommons.luc.edu/luclj Part of the Law Commons Recommended Citation Betty Simkins, & Steven A. Ramirez, Enterprise-Wide Risk Management and Corporate Governance, 39 Loy. U. Chi. L. J. 571 (2008). Available at: http://lawecommons.luc.edu/luclj/vol39/iss3/6 This Article is brought to you for free and open access by LAW eCommons. It has been accepted for inclusion in Loyola University Chicago Law Journal by an authorized administrator of LAW eCommons. For more information, please contact . Enterprise-Wide Risk Management and Corporate Governance Betty Simkins* Steven A. Ramirez** I. INTRODUCTION: THE MANY FACES OF BUSINESS RISK There has always been a fundamental tension between basic corporate governance precepts and the complexity of the business of the modern public corporation. Specifically, every corporation is to be 1 managed by (or under the supervision of) the board of directors. Directors are not generally required to have any particular expertise, other than being a "natural person." 2 Yet the modem corporation may well face a myriad of risks from disparate fields of business ranging from complex financial risk 3 to quality control regarding material manufactured in China.4 If the board cannot understand and manage the full breadth of risks facing the modern public corporation, then such risks may not be disclosed to investors and impounded into decisions 5 regarding the allocation of investment capital. * Betty Simkins, Ph.D., is the Williams Companies Professor of Business and Associate Professor of Finance at Oklahoma State University, Spears School of Business, Stillwater, Oklahoma. ** Steven A. Ramirez is Professor of Law and Director of the Business and Corporate Governance Law Center at Loyola University Chicago School of Law. The authors appreciate the helpful comments of John Fraser, Chief Risk Officer and Vice President, Internal Audit, at Hydro One. 1. See DEL. CODE ANN. tit. 8, § 141(a)(2007) (stating that every business "shall be managed by or under the direction of a board of directors"). 2. See id. § 141(b) (noting that any additional qualification may be prescribed by the certificate of incorporation or bylaws). 3. Most recently, the subprime mortgage crisis seems to have had its roots in a systemic failure to identify and manage risks inherent in subprime lending. Because many such mortgages were securitized and distributed throughout the world financial system, large defaults caused large losses "roiling global credit markets." Glenn R. Simpson, Lender Lobbying Blitz Abetted Mortgage Mess, WALL ST.J., Dec. 31, 2007, at A 1. 4. In 2007 Mattel saw its stock price plunge sixteen percent while it recalled millions of dangerous toys manufactured in China. Andrew Leckey, Mattel Playing Better Overseas, CHI. TRIB., Jan. 13, 2008, at C8. 5. It appears that a precipitating cause of the subprime mortgage crisis was non-disclosure of material risks to investors. Thus far, state and federal regulators have launched numerous Loyola University Chicago Law Journal [Vol. 39 Recently, federal law imposed expertise requirements in connection with the management of the audit function for public companies. Under the Sarbanes-Oxley Act of 20026 (SOX), the "independent" auditor of a public corporation must report to an audit committee 7 which generally must include one "financial expert."8 These requirements limit CEO control over the audit function and assure that there is some degree of appropriate financial expertise within the audit committee. Nevertheless, the audit function alone cannot comprehend all of the risks facing the modem public corporation. This Article will explore the intersection of enterprise-wide risk management and corporate governance. The article concludes that enterprise-wide risk management can enhance the functioning of the corporation as well as the ability of capital markets to respond to risk, but that the current legal framework fails to facilitate this process. The Article suggests that disclosure requirements with respect to risk management would encourage superior transparency and management within the public corporation. It seems axiomatic that today the public corporation too often fails to identify and manage the risks it faces. In late 2007, for example, a crisis in the subprime mortgage sector arose from one of the "worst miscalculations in the annals of risk management." 9 In fact, such systemic episodes of risk mismanagement can threaten macroeconomic performance and lead to financial crises. 10 Historically, risk investigations relating to disclosure deficiencies in connection with the sale of subprime mortgages and securities backed by subprime mortgages. Karen Freifeld & David Scheer, N.Y., Connecticut Probe Wall Street Loan Disclosures, BLOOMBERG.COM, Jan. 12, 2008, http://www.bloomberg.com/apps/news?pid=20601087&sid=a8ry4S5dGsFs&refer=home. Naturally, the inability to comprehend risks results in a misallocation of capital, and the subprime mortgage crisis certainly is a "grotesque misallocation of capital." See Larry Elliott, When Money Lenders Cry for Handouts,THE GUARDIAN, Sept. 10, 2007, available at http://www.guardian.co .uklbusiness/2007/sep/10/businesscomment.ukeconomy (noting that "liberali[z]ing financial markets" has not in fact ended the misallocation of capital, as promised). 6. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, 116 Stat. 745 (codified in scattered sections of 15 & 18 U.S.C.). 7. Id. § 204 (defining audit as an examination by an "independent public accounting firm"). 8. Id. § 407. 9. Shawn Tully, Wall Street's Money Machine Breaks Down, FORTUNE, Nov. 12, 2007, availableat http://money.cnn.comlmagazines/fortune/fortunearchive/2007/11/26/101232838/ index.htm. 10. See George Soros, The Worst Market Crisis in 60 Years, FIN. TIMES, Jan. 22, 2008, available at http://www.ft.com/cms/s/0/24f73610-c91e- 1 ldc-9807-000077bO7658.html (stating that risk mismanagement regarding subprime mortgages "spread to all collateralised debt obligations, endangered municipal and mortgage insurance and reinsurance companies and threatened to unravel the multi-trillion-dollar credit default swap market"). Soros also suggests that regulators failed to comprehend the risks posed by credit derivatives; this Article, however, is 2008] Enterprise-Wide Risk Management management within corporate America has not always inspired confidence. Consider the following scenarios. A. Bet- Your-Company Litigation Pennzoil v. Texaco proved to be the ultimate exemplar of litigation risk.'' On January 3, 1984, the Getty Oil Company board (along with affiliated entities) approved an oral agreement in principle t (...truncated)