Boards are now paying even more attention to risk exposures and risk management. Changes to the UK Corporate Governance Code are pushing boards to discuss and define how much risk and of what type boards want the business to take. And the Code has re-emphasised the Board’s responsibility for making sure that risk management systems are effective – possibly setting up a separate Risk Committee to make sure the ground is well covered.
So good risk governance is now a key part of board effectiveness. So we look at this closely during a board review. But the Board, the Audit (& Risk) Committee or the Executive sometimes ask for a separate and more detailed review focused on risk.
An Independent Audit Risk Governance Review will look at issues such as:
- Clarity of roles and responsibilities for risk management oversight
- The approach to defining the risk strategy (“risk appetite”)
- How the Board gets a picture of risk exposures
- The discussion of risk in management proposals
- The level of focus on changes in risk exposures
- How risk is tackled during due diligence review
- The structure and coverage of your risk management framework
- The Committee’s view of risk management systems and assurance
- Accountabilities for risk taking and risk management…and much more.
The Review will help the Board and the Committee get confidence that their approach to oversight of risk and risk management is sound – and identify areas which need to be developed.
Independent Audit is especially well-placed to conduct a risk governance review:
- In 2009 as part of the FRC’s review of the Corporate Governance Code, we were asked by The ICAEW Foundation to research risk governance in the non-financial services sector (Getting It Right). This gave us considerable insight into corporate practice – and generated ideas on improving risk governance
- Our specialist expertise is called on by regulators and clients alike – and we are now leading thinkers in this area
- Our Big Four backgrounds mean we’ve focused on risk management in many clients over a long period.
So whether it’s to give your board review a clear risk focus or to have a stand-alone risk governance review, we can suggest the appropriate approach.