A recent report from the Institute of Internal Auditors found that directors of corporate boards are overconfident in their organization’s ability to handle major risks. This overconfidence affects top-down compliance strategy, which carries significant repercussions.

 

Fortunately, of all the industries surveyed, credit unions and other financial institutions employed the best, most robust risk management strategies out there. They were the least likely to see overconfident (or poorly informed) boards.

However, the survey revealed that almost 1 in 6 financial institutions did have overconfident boards. And come audit season, that overconfidence can quickly turn into an audit nightmare.

Signs that Your Board Is Overconfident

The board of directors plays an important role in the three lines of defense in risk management. Their advisory role in setting policy is a key part of compliance.

And, as if to solidify that take, regulatory bodies are beginning to hold boards accountable for their influence—or lack thereof—in the direction of risk management. Furthermore, management may get in hot water for misinforming the board.

Ultimately, your credit union should want no part of this “confidence gap.” Here are a few signs that your institution is that rare 1 in 6 that needs better alignment between the board and the management team.

1.    They don’t appear to think risk management is their job

If negative audit findings, repeat findings, or other compliance foibles don’t seem like big issues to your board, they may think that compliance is not their responsibility. And yet it very much is.

Every part of every organization is responsible for some level of risk management. The board of directors must also do their part. If your credit union’s board doesn’t demand complete, accurate, and timely information, then it’s time they start.

2.    They’re very close with C-level management

One of the upsides of close working relationships is that you build in a healthy level of trust. Trust is great for friendships, but auditors and NCUA examiners are far more interested in performance.

The problem with trust is that it can be abused. Boards that trust their management too much may not check in as often. Or they may approach problems with more leniency. Or they may believe that issues are handled when they aren’t. Or, as the IIA report shows, they may think they’re getting the whole story—even when they’re getting only part of it.

While close relationships are great, they shouldn’t affect compliance and risk management. Approach audits and examinations with a Zero Trust mentality.

3.    Lack of information

One of the main takeaways from the IIA report has less to do with the board of directors—and more to do with who informs them. Unfortunately, a lack of information isn’t always because of close relationships between boards and management. More often, management just doesn’t provide enough of it.

If you suspect that your management team ever breezes through reports, glosses over details, sugar coats information, or dumbs things down for your board of directors…

Then your management team is creating a long-term compliance issue that could affect your credit union’s culture.

Takeaways from the IAA Report

Credit unions are at less risk of overconfidence than most American businesses. However, that risk is still present. The best solution is complete, accurate, timely information, all communicated frequently with the board.

Ultimately, a better informed board will strengthen your culture of compliance and ensure that your three lines of defense are stronger.

Although credit union risk management starts at the top down, the real rock stars are the audit teams. If you want to present good, consistent, and repeatable results to your board, your audit team will need an audit management platform to match.

Credit unions have cut audit times by 33% with Redboard’s audit management software. We welcome you to explore some of the new features here.

Or, if you’d like to see if your credit union would benefit, schedule a free consultation now.