Please enable JavaScript.
Coggle requires JavaScript to display documents.
Structures - Coggle Diagram
Structures
Risk committee
The audit committee may be overwhelmed by its other duties covering fincnail reporting and internal controls or may not have the necessary skill set required for the govnernance of risk
In these cases, the board may decide to establish a separate risk committee
The size of the organisation and the sector the organisation is operating in may also determine whether responsibility for reviewing internal controls and risk management is dealt with in the same committee or whether two separate committees are established
Banks and other large financial institutions normally have separate risk committees due the complexity of their risk exposure
A growing number of listed non-financial companies, for example in the oil industry, are also finding it useful to establish a separate risk committee
-
-
Role
Providing assurance to the board that risk management and processes for control over risk are effective
Monitoring risk areas faced by the company by receiving period reports on them and their management, making recommendations to the board where appropriate
-
Providing information to the board to help with strategy formulation, for example with regard to risk appetite in the company's strategy. This is achieved by helping the board to understand the key risks facing the company, its risk tolerances and its defences against those risks
Monitoring the behaviour of management to ensure that there is not excessive risk taking and take appropriate actions if such behaviours are discovered
-
-
-
Audit committee
In considering whether to establish an audit committee, a board should consider the following
Whether there is a requirement for the company to have an audit committee. This is the case for listed companies and financial institutions
The level of discussion and monitoring required on risk management and internal controls. If this is greater than what the whole board can realistically manage then it it makes sense for a committee to be set up to do this on behalf of the board
Many boards are deciding to delegate risk and internal controls to committees due to the complexity of risks facing the organisation and the level of interest shown by stakeholders in how the organisation is managing threats to its business and taking advantage of the opportunities created by risk
The Code states that the responsibilities of an audit committee in the area of risk management and internal controls should include
-
Reviewing the internal control system and risk management system, unless this responsibility is given to a separate risk committee of the board or the board itself
Monitoring and reviewing the effectiveness of the company's internal audit function or where there is not one, considering annually whether there should be one
-
-
Board committees
Boards set up committees to assist them in coming to informed decisions on specific areas which require monitorin or detailed discussions of topics within the board's area of responsibility that the board as a whole does not have the capacity within its agenda to fufil
Board committees do not usually have decision making powers but recommend courses of action or inform the board about the matters within their remit
The board has overall responsibility for the systems of risk management and internal controls within an organisation
To enable the board to carry out this responsibility it needs to ensure that the appropriate structures are put in place at the proper levels within the organisation to manage risk
The CS would usually play a role in advising the board on the above which will differ from organisation to organisation