Risk Management – beyond the project

The UK Combined Code for corporate governance  says “the board’s role is to provide entrepreneurial leadership of the company within a framework of prudent and effective controls which enables risk to be assessed and managed.” (A.1)

Non-executive directors … should satisfy themselves … [that] systems of risk management are robust and defensible” (A.1) and “The review should cover all material controls including financial ….. risk management” (C.2.1)

The board should ensure that directors, especially non-executive directors, have access to independent professional advice” (A.5.2)

I interpret that as saying the main board must approve the processes of risk management (collectively) check that it is working, especially Non-Executive Directors (NED) and get advisors to help that assessment if needed.

The code is not specific on how this should be done or which board committee should do it.  Because NEDs who have this responsibility make up most of the board’s audit committee and their terms of reference include “internal controls” so generically it probably sits there. However, the combined code does provide for the audit committee to have other committees for a specific purpose – if risk management is important enough for at least some of the detail to be handled at board level, that would be an obvious situation for a working committee to review the higher level risks on a regular basis and report into the board.

In more generic corporate risk management practice, it is the main board’s responsibility to set the desired risk profile (appetite) for the organisation. This is not mentioned in the combined code at all (unless it is hidden in setting strategy) but is a vital part of leaders setting the tone for the organisation as a whole.  This can then be used to select projects and programmes in portfolio management.


About 3triangles
Helping organisations make change happen in 3 key areas: strategic change, deliver tactical impacts, efficient and effective processes. All blog content (c) 2009 - 2012 Carol Long and Three Triangles Performance Ltd

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: