• About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact
boardroom-5453288_1920.jpg

The case for standalone risk committees

March 18, 2021

With risk high on board agendas, should boards be thinking about having a separate risk committee, in addition to their audit committee?

Last month, a KPMG Board Leadership Centre FTSE 350 non-executive director discussion event, facilitated by the Risk Coalition, helped to weigh up the pros and the cons.

In 15 years as a non-executive director, I’ve chaired audit committees, audit & risk committees, risk & audit committees, also standalone risk committees!  While regulated and part-regulated firms may be required to have a risk committee, the Risk Coalition’s research demonstrates that boards have rarely put in place a separate risk committee where this is not required by the regulators.  But is that starting to change and, if so, for what reasons?

The availability of the Risk Coalition’s principles-based guidance, Raising the Bar, has certainly prompted a number of boards to check whether they are sufficiently aware of – and adequately carrying out – their risk oversight accountabilities.  Some boards even perceive these accountabilities as a technical or executive matter for consideration elsewhere in the organisation, but not necessarily by themselves.  

Despite the headline failures of Carilion, Patisserie Valerie and other cross-sector organisations, the FRC Corporate Governance Code still says very little about risk – but, in a code revision planned soon and following the Brydon report to BEIS, that may change substantially. 

The FTSE 350 debate at the discussion event explored how and why risk committees are now being adopted more frequently, including how ESG assurance, digital technology transformations, cyber risks and other drivers are coming to the fore.  As the assurance expected by stakeholders is increasing, expected to come from sources independent of the company, and expands in non-financial areas, the terms of reference of a risk committee becomes more clearly separated from audit and financial controls matters.

Was there a conclusion to the debate?  Well perhaps only that each governance situation is different and proportionality and comply-or-explain still apply – but the steady march towards ESG plans and proofs, also the increased time spent on emerging risks, digital transformation, business resilience and the avoidance of terminal cyber risks implies that a separated risk committee probably becomes inevitable.

A detailed summary of the debate, facilitated by Chris Burt and Bryan Foss from the Risk Coalition, can be found here.

 

Bryan Foss is an experienced non-executive director, FRC advisor and co-author of the Risk Coalition’s guidance.  He also mentors high-growth technology company founders and senior executives of blue-chip companies into their early NED roles.

Tags: Bryan Foss
Prev / Next

Blog

Featured
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson
Sep 25, 2023
Chris Burt
The implications of the revised UK Corporate Governance Code
Sep 25, 2023
Chris Burt
Sep 25, 2023
Chris Burt
Sep 13, 2023
Andrew Cunningham
Financial regulators take aim at crypto-finance
Sep 13, 2023
Andrew Cunningham
Sep 13, 2023
Andrew Cunningham