The Risk Oversight Challenge: Who Should Own Cyber Risk? (Part 1)
Wednesday, July 29, 2015
There is constant debate in the boardrooms of today’s companies about who should own the cyber risk oversight responsibility… the audit committee, the full board, or a dedicated risk oversight committee. Host TK Kerstetter poses the question to expert panelists who agree to disagree with some of his foundational beliefs.
This show also looks at the role of strategy with respect to risk management, as well as asks the question, “What is the outside auditor’s role in cyber risk?” All panelists confirm that, although it is ultimately a full board’s responsibility to oversee risk, in most companies it is currently “owned” by the audit committee.
As cyber risk continues to escalate — and with audit committees having little room in their agendas to deal with such growing concerns — other options for oversight must be considered.