Beyond Risk Registers: Strategic Risk Oversight for Modern Boards

Programme Overview

The risk landscape facing boards today is structurally different from a decade ago. The World Economic Forum’s Global Risks Reports 2024 and 2025 point to an increasingly fractured world where misinformation and disinformation, extreme weather, cyber-espionage/warfare, and escalating armed conflict sit among the most severe short-term threats, while climate and environmental risks dominate the long-term outlook. For boards, this means risk conversations can no longer be siloed into “financial, operational and compliance”, they must integrate geopolitics, technology, climate, social stability and information integrity into strategy and oversight.

In Malaysia, this reality is hard-wired into governance expectations. The Malaysian Code on Corporate Governance 2021 makes it explicit that the board is responsible for the company’s risk management and internal control systems, must set appropriate policies, and must ensure that risk management forms part of the organisation’s culture. Bursa Malaysia’s Statement on Risk Management and Internal Control (SORMIC) – Guidelines for Directors of Listed Issuers and the updated 2025 SORMIC guide reiterate that boards retain ultimate responsibility for risk and controls, even where processes are delegated, and must explain their governance and risk arrangements transparently in annual reports.

At the same time, the risk profile of organisations is being reshaped by technology and cyber threats. The World Economic Forum’s Global Cybersecurity Outlook 2025 underlines how cyber risk is becoming more complex due to geopolitical tensions, emerging technologies and deeply interconnected supply chains, with “cyber insecurity” identified as a major global risk across multiple time horizons. For Malaysian boards overseeing increasingly digital and data-driven businesses, this complexity translates into difficult questions about resilience, concentration risk, third-party exposure and crisis readiness.

Experience shows that breakdowns are rarely due to a lack of risk registers or policies. Post-mortems of major governance failures in Malaysia and globally consistently point to blind spots in the board’s risk lens, weak challenge, cultural deference, and poor escalation rather than an absence of documents. SORMIC disclosures from Malaysian issuers repeatedly emphasise that boards “recognise and affirm” their overall responsibility for risk and internal control, yet enforcement actions and scandals reveal gaps between statements and practice.

This 4-hour, in-person programme is designed for sitting Directors and Senior Directors who want to elevate their approach to risk beyond templates and heatmaps. Rather than teaching tools or frameworks, it focuses on how boards think about, talk about and act on risk: how risk is framed in strategy, how uncertainty and downside are surfaced, how culture supports (or suppresses) candour, and how directors use their positions to probe, reframe and respond. Through data-driven briefings, real-world risk narratives and a “board lab” format, participants will challenge their current assumptions and leave with a sharper, more integrated philosophy for risk oversight.

Learning outcome

By the end of this programme, participants will be able to:

1. Re-frame the board’s role in risk in light of current global risk signals and Malaysian governance expectations, distinguishing clearly between what belongs with the board and what belongs with management.

2. Read the evolving risk landscape through a board lens, connecting macro threats (conflict, climate, cyber, disinformation, societal polarisation) to strategic choices, capital deployment and organisational resilience.

3. Identify patterns of weak risk oversight and culture – such as optimistic bias, information asymmetry, over-reliance on a few voices, and symbolic risk reporting – and recognise them in their own boardrooms.

4. Shape higher-quality risk conversations at board level, using sharper framing and questioning (rather than technical tools) to surface uncertainty, test assumptions and drive more coherent, forward-looking risk oversight

Who Should Attend

• Sitting Directors and Senior Directors of PLCs, GLCs, financial institutions, private and family-owned companies.
• Board Chairs, Committee Chairs and Lead/Senior Independent Directors who play a key role in shaping the board–management relationship.
• Executive Directors and CEOs who also sit on boards and wish to sharpen the way they engage with their own boards and leadership teams.
• Nominee and representative directors of GLICs, institutional investors or strategic shareholders who must balance multiple expectations in the board–management interface.