????災難性地震襲擊日本，嚴重損害供應鏈，這種事發生的幾率有多大？火山灰云讓北歐大部分地區變成禁飛區，擾亂航空交通，破壞經濟活動，這其中的可能性有多少？某個大型金融機構在21世紀第一個十年里破產，把全球的金融體系都推向崩潰的邊緣，這又有多大的可能性？

????目前為止，人們還認為這類事情太遙遠了，因此并未引起企業董事的高度重視。就算有，也只有極少董事會把這類風險的超前評估納入自己的基本職責。但是，一系列類似事件發生之后，很明顯，管理職能的定義已經擴大，風險意識已成為董事會的本分。董事們不能繼續被動地參與，風險評估的流程必須由董事會首先帶動起來。

????在銀行業，監管層正在推動這種轉變。英國的銀行監管機構最近出臺了一項新的“反向壓力測試”，要求銀行識別潛在的災難性事件，比如禽流感、糧食供應中斷或政變等，同時制定抵御危機的方案。雖然反對者抨擊此舉是政府的鐵腕政策，但擁護者以最近在危機中準備不足的銀行為例，強調銀行業需要更系統的思維和審慎的規劃。

????在美國，《多得-弗蘭克法案》（Dodd-Frank legislation）賦予股東更多權力，讓其成為企業所有者，從根本上轉變了股東與上市公司董事會的關系，并迫使董事更加透明。在社交媒體的新世界里，董事會的行為會像病毒般迅速傳播。由此帶來的透明度的提高能否帶來更好的風險管理呢？

????最近的調查得出的結論并不一致。一項調查顯示，68%的董事自認為有能力監管風險管理計劃，減輕企業面臨的風險。但是，另一份報告指出，近三分之二的受訪董事表示，他們不監管風險管理流程，或者只進行臨時監管。

????一般的董事會將風險定義為戰略、經營、財務層面的問題，以及是否合規。而風險的定義需要擴大到包括無形資產，如企業聲譽；或不可預知的弱點，如企業業務上面臨的問題。盡管董事會無法預知每一個事件，但是僅僅按照在過去事件基礎上制定的既定路線，或者認為照章行事就是完成工作，顯然是不夠的。

????在風險評估的問題上，沒有一個放之四海而皆準的解決辦法。誠然，這個過程可能很耗時，令人沮喪，因為風險評估既需要直覺又需要數據分析。一些董事會選擇將這一問題交給某個風險委員會來處理。但是要想獲得有效的風險管理，整個董事會都需要全程掌握主動權。

????本文作者法耶?沃托頓系奧邁咨詢公司（Alvarez &Marsal）的常務董事兼某企業董事。

????What are the chances that a catastrophic earthquake could strike Japan and severely cripple supply chains? Or that a volcanic-ash cloud could turn much of Northern Europe into a no-fly zone, disrupting air travel and impairing economic activity? Or that a major financial institution could fail in the first decade of the 21st century, pushing the entire global financial system to the brink?

????Until recently, such scenarios would have been considered too far-fetched to warrant much attention from corporate directors. And few, if any, directors would have considered the proactive assessment of such risks to be among their fundamental responsibilities. In the wake of these and other events, however, it has become clear that the definition of governance has broadened and that awareness of risk has become a fiduciary obligation. Directors can no longer be passive participants; the process must start with and be spurred on by the board.

????In the banking sector, regulation is driving this shift. Britain's bank regulators recently rolled out a new "reverse stress test" that requires banks to identify potentially catastrophic events and develop plans to withstand crises such as flu pandemics, disrupted food supplies, or political coups. Though opponents slam the exercise as the heavy hand of government, advocates stress the need for more systemic thinking and prudent planning -- pointing to how ill-prepared banks were for the recent crisis.

????In the U.S. the Dodd-Frank legislation has given shareholders more power to act as corporate owners, fundamentally shifting their relationship with boards of publicly traded companies and forcing directors to be more transparent. In the new world of social media, board actions instantly go viral. Will this increased transparency lead to better risk management?

????Recent surveys offer diverging insights. One indicated that 68% of directors feel confident in their ability to monitor a risk-management plan that would mitigate corporate exposure. However, another report revealed that nearly two-thirds of surveyed directors indicated they either did not monitor the risk-management process or did so only ad hoc.

????Typically boards have defined risks as strategic, operational, financial, and compliance. That universe needs to be widened to include intangible assets, such as a company's reputation, or unpredictable vulnerabilities, such as issues facing enterprises with which the company does business. While boards cannot predict every event, it is no longer sufficient to follow a prescribed road map based on past events or assume the job has been done by checking the boxes.

????When it comes to risk assessment, there is no one-size-fits-all solution. Admittedly, the process can be time-consuming and frustrating, for it is as much an instinct as it is data-driven. Some boards opt to hand it over to a risk committee. But for risk management to be effective, the entire board needs to own the process.

????--Faye Wattleton is a managing director at Alvarez & Marsal and a corporate board director.