One of the lessons learned from the global financial crisis was the importance of appropriate risk management oversight as a part of good corporate governance.

While the responsibility for this function will vary from organisation to organisation, it has increasingly been recognised that audit or audit and risk committees are well placed to fulfil the risk management oversight role.

As outlined in a report released earlier this year, Global Observations on the Role of the Audit Committee, these committees are well suited to risk oversight. Some of the features of audit and risk committees that suit them to this role include:

  • Capacity to provide ongoing oversight, with a focus on the “big picture” and without being distracted by day-to-day business
  • Ability to prioritise actions based on risk
  • Including the organisation’s key risk managers in the committee discussions to ensure two-way communication by simultaneously giving the committee (and the executive management team it advises) the information required for good decision-making, and providing risk managers with a broader understanding of the organisation’s risk profile.

To function effectively, an audit and risk committee must communicate regularly with the Board/EMT, internal and external auditors, to ensure that the full range of current and potential risks to the organisation’s business objectives have been recognised and managed. Communication between all parties must be open and frank: the encouragement of debate and mature questioning are characteristics of an effective committee.

Also critical to the successful function of audit and risk committees is its composition. Audit and risk committees should include a range of skills and expertise including at minimum, financial literacy, governance knowledge, risk management skills and business management capability.

Please contact QRMC for more information.