Risk Management | Board Governance
KNOWING THE ODDS Establishing a risk committee enables the board to focus on potential critical issues
When the collective agendas of the full board and its standing committees are too packed to give risk oversight sufficient attention, directors may choose to form a focussed risk committee culture. Oversee remediation of issues to ensure they are addressed in a timely manner (e.g. limits violations, near misses, noncompliance, control deficiencies, etc). Coordinate risk oversight with other board committees As the board’s various standing committees typically address risks germane to their respective chartered responsibilities, coordinate with these committees to avoid gaps and overlaps in the board’s overall risk oversight process and identify risk interdependencies warranting consideration. For example, the audit committee may focus on compliance risk and certain technology risks; therefore, the scope of the risk committee’s oversight should consider that coverage and coordination undertaken with the audit
committee to ensure the organisation’s internal audit plan addresses the key risks. Report to the full board at least annually Present the committee’s appraisal of the company’s risk management programme, along with any deficiencies noted and input from the other board committees. Establish criteria for risk reporting to the board and recommend for board approval. Review the charter at least annually and update it as needed to respond to changing risk profi les, oversight priorities, and regulatory or other requirements, and submit it for approval to the board. Review disclosures in public reports related to risk and board risk oversight and provide input to the board and audit committee. Consult external experts as necessary Obtain outside advice regarding risk-related matters and when conducting investigations into any matters within the committee’s scope of responsibility. Align meeting activities with chartered responsibilities Monitor the committee’s activities against the various responsibilities outlined in the charter (general counsel can help with this). It is important that the committee fulfi ls
the terms of its charter. To that end, meeting frequency should be driven by the nature and volatility of the organisation’s strategy, operations and risks. A board risk committee is not a panacea, nor is it a substitute for independent directors possessing deep knowledge and experience in dealing with critical industry issues and risks. It enables focussed attention at the board level on the company’s most critical and complex risks and risk management capabilities. It fosters an integrated, enterprise-wide approach to identifying and managing risk and provides an impetus toward improving the quality of risk reporting and monitoring, both for management and the board. Thus, it can assist the board in focussing on the big picture from a strategic perspective.
Making a management risk committee effective
When management sees fit to form a management risk committee, another question arises: what makes that committee function effectively in relation to the board’s oversight? Spring 2019 | Ethical Boardroom 63