SECTION 1: BRC COMPOSITION

Section 1: BRC Composition | 3 1.2 Board Structures for Risk Governance 1.2.1 The Board is responsible for the governance of risk, and sets the tone and direction for the company in the way risks are being managed. 1.2.2 The Board has ultimate responsibility for approving the strategy of the company in a manner which addresses stakeholders’ expectations and does not expose the company to an unacceptable level of risk. It also has ultimate responsibility for approving the key risk management policies, ensuring a sound system of risk management and internal controls, and monitoring performance against them. 1.2.3 It is important to establish clearly the role of the Board vis-à- vis management in risk management. Put simply, management is responsible for managing the risk and implementing the risk management process. The Board is responsible for overseeing that management adequately and effectively establishes a risk management process. Appendix 1C provides an overview of the roles of the Board and management in relation to risk governance. 1.2.4 Risk governance is the architecture within which risk management operates in a company. It defines the way in which a company undertakes risk management. It is essential for the company to have clarity about which risks are being managed and how. It provides guidance for sound and informed decision-making and effective allocation of resources. Sound risk governance allows for the articulation of how, in the context of its risks, a company is able to: • Achieve its business objectives. • Formulate its value proposition. • Assess its risk tolerance. • Design its processes with respect to the reasonable expectations of stakeholders. The Board can adopt different structures to discharge its risk governance duties and obligations. 1C