King IV: Principle 11 (Risk Governance)

The governing body ought to govern risk in a way that supports the organisation in setting & achieving its strategic objectives

Organisation: a company, retirement fund, NPO, SOE, municipality, municipal entity, trust, voluntary association & any other juristic person

Risk: "Risk is about the uncertainty of events; including the likelihood of such events occurring & their effect, both positive and negative, on the achievement of the organisation's objectives. Risk includes uncertain events with a potential positive effect on the organisation (i.e. opportunities) not being captured or not materialising"

Recommended practices

Governing body must assume responsibility for risk governance by setting direction for how risk should be approached and addressed

Risk governance: (1) opportunities and associated risks to be considered in strategy development; (2) potential positive and negative effects of same risks on the achievement of organisational objectives

Governing body ought to treat risk as integral to decision-making and execution of duties

Governing body ought to approve risk policy

Governing body ought to evaluate & determine the nature and extent of risks that organisation can bear in pursuit of strategic objectives

Approve organisational risk appetite

Approve limit of potential loss organisation can tolerate

Governing body ought to delegate to management responsibility to implement and execute effective risk management

Governing body must exercise continuous oversight of risk management

Oversee an assessment of risks and opportunities emanating from triple context in which firm operates and capitals that firm uses and affects

Assessment of potential upsides, or opportunity presented by risks with potentially negative effects

Assessment of firm's dependence on resources and relationships as represented by various forms of capital

Design and implementation of appropriate risk responses

Integration and embedding of risk management in business activities and culture of the firm

Governing body ought to consider need to receive periodic independent assurance on the effectiveness of risk management

Nature and extent of risk and opportunities the firm is willing to take ought to be disclosed without comprising sensitive information

Disclose: (1) overview of arrangements for governing and managing risk; (2) key areas of focus during reporting period, including objectives; (3) actions taken to monitor the effectiveness of risk management and how outcomes were addressed; (4) planned areas of future focus