On 1 June, The Chartered Governance Institute UK & Ireland published new guidance providing outline terms of reference for risk committees. It is intended as a guide for companies to adapt to the needs of their individual company and should be tailored to reflect the specific risks to the organisation. There are no ‘model’ terms of reference that would work for all companies. The duties of the risk committee need to be agreed in close collaboration with the senior management team, in particular the senior manager responsible for risk.
Board-level risk committees, separate from the audit committee, are usually required for the boards of large banks and insurance companies, and their role and remit is largely prescribed by regulation. Companies in other sectors are increasingly considering having a separate board-level risk committee but the role and remit will vary depending on the needs of the company. There is little mention of the duties of risk committees in the UK Corporate Governance Code or in the related guidance on risk, as the duties of the risk committee will vary from company to company. The risks each company faces will be very specific to the business. Terms of reference for a risk committee will therefore require a great deal of thought and will need to be drafted with input from senior managers who have a good understanding of the risks associated with the operational activities of the company.
The guidance note on terms of reference for a risk committee should be used as a starting point only from which to develop company specific terms of reference, with a remit covering the risks associated with the business of an individual entity. However, the guidance provides a long list of risks that are likely to be considered by companies and a second list of risks that are specific to certain business sectors. These examples of risks to consider are intended to stimulate the board’s thinking as to the risks that are particularly relevant to the company, and also to prompt consideration of other risks not mentioned in the guidance but important to the individual company.
The new guidance can be found here.