Building up an effective Risk Management Committee is as essential as planning for business goals

It is rightly said that success in achieving business goals is directly in proportion to the effectiveness of the risk management committee in the organization. The board is responsible for framing and the alignment in mission, vision, goals, strategy, and governance of risk through formal processes, which include the total system and process of risk management. Although the board remains responsible for the governance of risk, it may delegate this function to a separate committee called the “Risk Management Committee”.

In India, as per the LODR regulations, it is mandated for the top 500 listed entities (basis: market capitalization) to have a risk management committee. It’s essential for that committee to meet at least once a year. The beauty of the committee is in its composition rules wherein 2/3rd of the members should be the Independent Directors.

In Africa, the Listings Requirements of the Johannesburg Stock Exchange (JSE) require listed companies to have a risk committee that consist of a minimum of three members. Membership of the risk committee should include executive and non-executive directors.

Various roles of the risk management committee in an organization:

1.Providing a platform for the members to openly discuss the risks in the organization:

Generally, most of the risk identification and assessment work is done by the ERM function in the organization, the committee plays an important role in incorporating and assessment of the risk to recommend to a top-level committee like the Audit Committee or else in approving the most critical risks.

2. Act as a reviewer and approver of risk disclosure statements:

Another role of the committee is to act as a reviewer and approver of risk disclosure statements in any public documents or disclosures.

3. Overview of the control environment in the organization:

It should consider the risk policy and plan, determine the company’s risk appetite and risk tolerance, ensure that risk assessments are performed regularly, and ensure that the company has and maintains an effective on-going risk assessment process, consisting of risk identification, risk quantification, and risk evaluation.

Risk management is often a misunderstood discipline in India. Too often the responsibility of this committee is delegated to the Audit Committee. It’s not the right practice. There are various reasons why risk management shouldn’t be delegated to the Audit Committee. Generally, the composition of the Audit Committee consists of independent non-executive directors, which usually focuses on financial impacts whereas the responsibility of risk management stands far beyond just only the financial impacts on the company. Besides that, the Audit Committee generally plays a role as an independent oversight body, with the detailed review of the process and risk management system in the organization the objectivity of the audit committee members while framing the reports gets impacted. Having a separate committee understands the fact that the identification and management of risks impacting the business, and its disclosure to shareholders is a good governance practice.

Conclusion

In India in the post-Covid-19 era, there is a need for a robust risk management framework consisting of a detailed risk management policy that will include a framework for the identification of internal and external risks faced by any listed company. The risk here will include financial, operational, cybersecurity, sustainability specifically environmental, social, and governance-related risks and impacts. Here the committee should be responsible for taking measures in risk mitigation, a system for internal control, and a business continuity plan. The regulators are mandating the practice to conduct a meeting twice a year instead of one meeting every year.

In the new normal era demand for risk management is showing a steady increase and hence even the effectiveness of risk management committee in organization for achieving the business goals.

By Sharvari Saraf
PGDRM Batch Jan 2020-21