1. To agree and approve the risk management strategy and policies. The design of risk policy will take into account the environment, the strategic posture towards risk, the product type and a range of other relevant factors.
2. Receiving and reviewing risk reports from affected departments. Some departments will file regular reports on key risks (such as liquidity assessments from the accounting department, legal risks from the company secretariat or product risks from the sales manager).
3. Monitoring overall exposure and specific risks. If the risk policy places limits on the total risk exposure for a given risk then this role ensures that limits are adhered to. In the case of certain strategic risks, monitoring could occur on a very frequent basis whereas for more operational risks, monitoring will more typically occur to coincide with risk management committee meetings.
4. Assessing the effectiveness of risk management systems. This involves getting feedback from departments and the internal audit function on the workings of current management and risk mitigation systems.
5. Providing general and explicit guidance to the main board on emerging risks and to report on existing risks. This will involve preparing reports on apparent risks and assessing their probability of being realised and their potential impact if they do
6. To work with the audit committee on designing and monitoring internal controls for the management and mitigation of risks. If the risk committee is part of the executive structure, it will likely have an advisory role in respect of its input into the audit committee. If it is non-executive, its input may be more directly influential.
*************
No comments:
Post a Comment