Вы находитесь на странице: 1из 2

Good Governance Guide

Risk management overview

Recognise and manage risk

It is good governance for an entity to ensure that Entities will need to consider if the assessment of
all directors and senior executives have a shared organisational capability needs to be undertaken
understanding of risk, which is the effect of uncertainty internally or externally or both
on an entity achieving its strategic objectives and the extent to which the entity can adapt to changing
maintaining its long-term viability and reputation. industry and market conditions and emerging risks
(taking into account that big picture, black swan
The board is responsible for the informed oversight of issues may emerge)
risk management within the entity and should regularly
review and approve the risk management policies and crisis management
framework. Management is responsible for developing how the entity will monitor and manage risks that
and implementing a sound system of risk management arise
and internal control. the ability of the organisation to report to the
board the management of risk in a timely and
The entity needs to determine the material business reliable manner (consideration needs to be given
risks that it faces, which may include but are not to the requirement of the board to report against
limited to financial reporting, operational (liquidity, Principle 7: Recognise and Manage Risk of the ASX
interest rate risk, investment risk, commodity prices, Corporate Governance Councils Principles and
project management, supply chain for example), Recommendations of Corporate Governance)
sovereign/political, environmental, sustainability,
digital/online and technological, compliance, strategic,
ethical conduct, reputation or brand, product or service A risk management framework defines an entitys
quality, human capital and market-related risks. Risk processes for managing risk including the
management policies need to reflect the entitys risk implementation, monitoring, reviewing and improvement
appetite and tolerance levels as determined by the of risk management. The entity needs to determine
board, and the directors and senior executives need whether the risk function can be undertaken internally
to have clarity as to the level of risk that the entity is or requires external support. In addition, consideration
prepared to take in achieving its strategic objectives. should be given as to whether an internal audit function
is required and, if so, its interaction with the management
A risk management policy is a document that identifies of risk within the entity.
an entitys approach and direction in relation to risk
management. Within this context, it is good governance When developing the framework, the entity should
when developing a policy on risk management to have regard to ISO31000/2009: Risk Management
consider the following issues: Principles and Guidelines and Principle 7: Recognise
the entitys strategy and Manage Risk of the ASX Corporate Governance
Councils Principles and Recommendations of Corporate
the material business risks it faces and its tolerance Governance. It is good governance when developing a
levels for those risks framework for the management of risk to consider the
shareholder and stakeholder expectations following issues:
the regulatory framework within which the entity operates
Board matters
organisational capacity in relation to managing and
monitoring the material business risk that the entity faces All directors upon induction and thereafter should
and the environment within which the entity operates, understand the entitys business and the material
that is, does the entity have the relevant resources, business risks it faces.
skills and time to make such a risk assessment?

Governance Institute of Australia 2014. This material is subject to copyright. The Good Governance Guides indicate, in the view of Governance Institute
of Australia Ltd, one interpretation of good practice. They are not designed to cover or comply with all applicable legislation or case law. We cannot be held
liable or accountable to any person who acts or relies upon the information provided. The guides are not a substitute for professional advice.
Visit our website at governanceinstitute.com.au to find more Good Governance Guides and information on governance.
Good Governance Guide Recognise and manage risk

Risk forms part of an entitys governance processes Framework and standards


with the oversight of risk being part of the regular
Management needs to assess:
process of the board.
the framework to ensure it can take into account external
Accountability must be clear, for example, who reports reference points and is not purely internally-focused
to the board (it may be the CEO, or the Chief Risk
what crisis events are reasonably foreseeable and
Officer is one exists) the size and nature of the
develop a framework that addresses those events
entity will determine accountability.
how crisis management and business continuity plans
The processes are in place to ensure the effective
interact with the control systems and have clear prior
reporting to the board so that the board can fulfil its
agreement on the respective roles of the chair and the
oversight role and meet its disclosure requirements.
chief executive in the event of a crisis
whether the entity should have regard to the
Delegations of authority
supplementary guidance to Principle 7 of the ASX
The delegations of authority support and are Corporate Governance Councils Principles and
complementary to the risk management framework. Recommendations of Corporate Governance this
The entity needs to consider the role of committees is particularly relevant to smaller and medium-sized
and: entities.
whether a dedicated risk management committee
needs to be established or whether this function Review
is to be combined with the audit committees
The entity needs to:
responsibilities consideration of the needs of
consider the successes and failures of the framework
the entity will determine committee establishment
in a regular review, including behaviours as well as
whether, in order to allow the CEO to discharge
metrics
their responsibilities for risk management, they can
establish internal risk management committees accommodate an external, independent review where
comprising key personnel as required. necessary.

Systems and monitoring External reporting


Management needs to: If the entity is listed, it must have regard to its
determine the systems that are required to effectively continuous disclosure obligations under Listing Rule
monitor and manage risks 3.1.
ensure that any system accommodates a robust If the entity is an authorised deposit-taking institution,
response mechanism it must have regard to its reporting obligations to the
Australian Prudential Regulation Authority.
determine the reporting systems and internal controls
that are required to effectively report on risk and The entity should be mindful of ongoing developments
risk mitigation strategies (and assess whether the relating to ESG disclosures and integrated reporting,
reporting is geared to actions and improvements with consideration given as to how to link reporting
rather than merely noting instances of concern) on risk to discussions of strategy and the business
model.
consider the advantages and disadvantages of a
certification process and whether it is feasible to
implement such a process, taking into account Compliance is a critical aspect of risk management.
the need for the board of listed entities to receive Refer to the Good Governance Guide: Compliance.
assurance from management as to whether all risks
The overview of risk management is an ongoing process.
are being properly monitored and managed
The directors and senior executives of an entity should
assess whether the risk assessment data is robust remain attentive to the business and its internal and
consider training programs. external environment and continually monitor the risk
management policy and framework.

Governance Institute of Australia 2014. This material is subject to copyright. The Good Governance Guides indicate, in the view of Governance Institute
of Australia Ltd, one interpretation of good practice. They are not designed to cover or comply with all applicable legislation or case law. We cannot be held
liable or accountable to any person who acts or relies upon the information provided. The guides are not a substitute for professional advice.
Visit our website at governanceinstitute.com.au to find more Good Governance Guides and information on governance.