Want the latest news and research?

Subscribe to Insync insights
Risk Committees have a huge responsibility

Set up your Risk Committee for success.

Talk to us today

Risk Committee effectiveness

Risk Committees need to be sure that they are doing all the things they should be doing in an effective and efficient way. Directors that are on the committee need to give their fellow directors who aren’t on the committee but who are equally responsible, the assurance that the committee is conducting its roles and responsibilities effectively.

Our Risk Committee Effectiveness Survey includes 120 hard-hitting, best practice survey statements that can be responded to by Risk Committee members and other committee attendees in around 25 minutes.

World class framework

Our benchmarked Board and Committee Effectiveness Surveys use the world class WhatWhoHowDo Framework which is explained in more detail below:

"What"- committee structure and role clarity

The “What” describes the scope of the risk committee’s responsibilities.

Most importantly, the “What” sets out the “road-map” or “rule-book” for proper corporate governance. This component of the framework considers the extent of the documentation of roles and responsibilities of an organisation’s risk committee, the committee chair and individual committee members. The appropriateness of the size and structure of the committee, the clarity of performance expectations for individual committee members and the extent to which the committee is independent of management (including having independence of mind and judgement) are all dealt with under “What”.

“Who” — Committee composition

The “Who” describes who is on the committee.

This section focuses on the competencies and skills of committee members, including their effectiveness. It also considers how new committee members are appointed to the committee, their induction, their opportunities for continuing education and development, important qualities that committee members should possess, whether committee member performance is regularly assessed, how under-performance is dealt with and the adequacy of committee member remuneration. Good practice requires that at least one committee member possesses the relevant level of financial expertise, but that the committee does not become overly reliant on that person in relation to financial matters.

“How” — Committee process

The “How” describes how the risk committee carries out its main tasks.

How a committee comes together to discharge its oversight responsibilities is a critical determinant of the quality of its review processes and recommendations, and ultimately its overall effectiveness. How risk committees act — or fail to act — is a complex interaction and the result of many factors including:

  • the leadership of the committee chair and committee member behaviours and dynamics;
  • how committee meetings are planned, operated and documented; and
  • the nature of the risk committee’s relationships, the appropriateness of information received by the committee and of the committee’s reporting to the board.

In short, these items are the “hard” and “soft” elements of “committee process” or “How” the committee makes decisions. Because so many of these factors manifest themselves “inside the committee room”, or at least “behind closed doors,” little is known of the effectiveness of risk committees at these processes, nor is much of this information disclosed publicly.

Nonetheless, research suggests committee process lies at the heart of whether a committee will be “effective” or not at carrying out its tasks. If the “How” is carried out well, this will increase the effectiveness of the committee as it carries out its main tasks.

“HOW” — A) COMMITTEE LEADERSHIP, BEHAVIOURS AND DYNAMICS

The leadership skills of the committee chair are central to an effective committee process. Effective risk committees are invariably led by a strong, diligent chair, a chair that builds healthy committee dynamics and who is trusted by the other committee members. This section also considers the extent to which the committee works constructively as a team, creates organisational value through the quality of its review process and recommendations and whether committee members listen to and respect one another. It also addresses how undesirable committee member behaviours are dealt with and whether any organisational topics are off limits.

“HOW” — B) AGENDAS, MEETINGS AND MINUTES

The appropriateness of the risk committee’s agendas, meetings and minutes are also key indicators of performance. How well a committee plans its annual agenda of meeting topics, including how it allocates its time among substantial matters is essential for a proper functioning committee. This section also considers whether management inappropriately influences agendas or meetings and how well significant issues are followed up by the committee. Whether management’s involvement in committee meetings contributes to the risk committee’s effectiveness, is also addressed in this section.

“HOW” — C) RELATIONSHIPS, INFORMATION AND BOARD REPORTING

Effective oversight is impacted by the quality and nature of the relationship between the committee and management and the committee and assurance providers. Information is the “life-blood” of an effective risk committee. This section also considers whether the committee receives information in the quality, quantity and format that it deems appropriate and whether the committee has unrestricted access to management, assurance providers and relevant information. How the risk committee receives information will impact an risk committee’s ability to apply the skills, knowledge and experience of committee members to oversee management and the organisation. The time between committee and board meetings and the effectiveness of the committee chair’s reporting to the board are also addressed.

“Do” — Committee tasks

The “Do” describes what the committee does in terms of their main tasks.

The risk committee’s most important tasks include oversight of the following:

  • risk management
  • internal control and compliance
  • the internal audit function
  • financial reporting
  • the external auditor

If a committee carries out its most important tasks well, it can significantly enhance the board’s decision-making capability and make a significant contribution to the board’s ability to meet its oversight responsibilities. If it is unable to meet these fundamental responsibilities, the board and the organisation are likely to suffer as a result.

“DO” — A) RISK MANAGEMENT

The organisation’s ability to adopt a culture consistent with its agreed risk appetite is a foundation stone for sound risk management. This section also considers whether an appropriate process exists to identify all relevant material risks and whether there are effective systems to manage those risks. The extent to which the committee displays confidence in the senior executives responsible for risk management and whether the committee’s reporting to the board in relation to risk, enhances the board’s strategic decision-making capability, are also addressed.

“DO” — B) INTERNAL CONTROL AND COMPLIANCE

Determining whether the organisation adopts a culture of integrity, transparency and accountability that supports the effective operation of the organisation’s internal control systems, is a very important but difficult function of the audit committee. This section also deals with the extent to which the committee reviews and takes appropriate action in relation to the effectiveness of the operation of the internal control environment, the effectiveness of internal controls over complex matters and the effectiveness of the compliance framework in place to manage the organisation’s obligations. The extent to which the committee ensures that employees have sufficient competencies to enable them to fulfill their compliance obligations is also addressed.

“DO” — C) INTERNAL AUDIT

To be effective, an internal audit function must be appropriately resourced, have access to the board chair or audit committee chair, as appropriate, and not have its independence compromised in any way. This section also deals with the appropriateness of the scope of the internal audit work planned, whether such plan and any changes thereto are approved by the committee and whether the internal audit recommendations are appropriate. Whether internal audit activities are subject to undue management influence and whether management responds to internal audit findings in the appropriate manner, are also addressed.

“DO” — D) FINANCIAL REPORTING

Whether the audit committee establishes the right “tone at the top” and whether the organisation’s Chief Financial Officer (CFO) or equivalent has a high level of integrity, will have a large bearing on the reliability of the organisation’s financial reporting. This section also addresses the extent to which there is agreement between the audit committee and management as to the basis upon which the organisation’s financial reporting should be prepared and whether there is clear agreement on the appropriate accounting treatment for areas of greatest financial risk. Other important matters, such as the committee’s understanding of how the pressures upon management may impact the organisation’s financial reporting, the reliability of CEO/CFO certifications and the utility of reporting are also addressed.

“DO” — E) EXTERNAL AUDIT

The external audit function is more likely to be effective if the  committee has appropriate oversight of the external auditor. The external audit plan needs to be sufficiently comprehensive, with a regular and comprehensive review of the effectiveness of the external auditor. This section also considers the extent to which the external auditor conducts a thorough audit of the reporting processes used to prepare the organisation’s financial statements, including whether external audit activities are not subject to undue management influence. Whether the committee and external auditor are in agreement in relation to all material external audit matters and whether management responses to the external auditor’s findings are appropriate are also addressed.

Need help getting started?

Talk to us today about improving your risk committee’s effectiveness.

Latest insights

Read all Insights
Practical advice for boards to deliver effective oversight of non-financial risk

Whilst ASIC found that the boards seem keenly aware of and actively engaged in their oversight of ‘financial risks’ – revenue or cost management - they also found ...

5 hard truths for Australia’s leaders

The state of organisational culture has never been more front and centre. We set out to find out how deep and widespread the issues are, and how great the change ...

Australia’s CEOs out of touch when it comes to cultural change

Even in the wake of the Hayne Royal Commission, Australia's C-Suite does not have a realistic view of company culture, according to new Insync research conducted ...

What is the role of “Tone at the Top” in setting culture?

Most refer to the setting of a high tone as being a high bar for honesty, integrity and ethical behaviour noting that it is a fundamental foundation stone for ...