INTRODUCTION

Risk management needs to occur at all levels of an organization because organizational risk is everywhere and it defines what might prevent an organization from achieving its objectives. Because of this, the board of directors, which exists at the very top of an organization, is expected to both exercise diligent oversight regarding an organization's principal risks and concentrate on those risk processes that, in turn, cascade throughout the organization, thereby managing and mitigating risk at the organization's lowest, operational levels. Accordingly, we have undertaken this study to survey the directors of several organizations about their organizational risk oversight practices to get a “view from the top.”

One of the ways in which directors can fulfill their duties with respect to risk oversight is to adopt a risk management/oversight framework. Frameworks supply directors with prescribed methods to use in exercising their duties as reasonable and prudent supervisors of the organization. The application of a framework not only gives directors reasonable assurance that they are meeting their required compliance guidelines in fulfilling their legal duties (i.e., ...