The board is responsible for oversight. This includes risk management and compliance. Regardless of the type of the company, failure to comply with the laws and regulations of the land presents serious risks to the business.
The board executes their role by effective application of the ‘tools of the board.’
The first tool of the board is a risk policy. The board’s risk policy provides for the formulation of the enterprise risk framework or strategy which also articulates the risk appetite and the risk management process, including providing for risk register.
In Uganda, MTN spent the bigger part of March 2018 justifying for their licence renewal. There had been some concerns that MTN’s quality of service had glitches especially network quality. However, when you look at what MTN has done, it is something very good for the growth of the telecom sector in Uganda. By the fact that may be after every ten years, a telecom company in Uganda is required to provide an account of what has been achieved and whether it met the minimum requirements of the licence. There is a risk that the licence may not be renewed. MTN Uganda has contributed significantly to the economy. It is the largest tax payer in the country. It is therefore unlikely that its licence renewal application can be denied.
But you cannot take anything for granted. Remember what happened to MTN Nigeria. They had a non-compliance issue. The company lost US$3.2b off their shareholder value. That is a huge loss. It happened because lack of risk management.
Using the risk policy, and specifically the board’s risk appetite. Key risk events like non-compliance with any law may be classified as “zero tolerance.” This means the board has pronounced themselves that they cannot accept any explanations from the CEO to justify having not complied to the laws of the land. It is through clear articulation of such issues which are tolerable or not tolerable, that the Board sets clear limits within which the CEO can run the business.
The role of the board is to identify any areas of risk that could lead to business collapse or failures and management them. Examples include any event that may lead to failure to comply with laws and regulations (external; and policies and procedures (internal); standards and leading practices (external) that must be in place so that they are adhered to?
In a typical board member’s file, there must be a report on industry intelligence, all the laws and obligations that the institution must comply to, procedures and processes that must be approved by the board. That’s how the board attains the role of oversight.