SECTION 1: BRC COMPOSITION

6 | Board Risk Committee Guide 1.2.7 The size 2 , structure, complexity of the company and its Board, and the degree of regulation tend to determine the Board governance structure for primary risk oversight. Generally, companies that are not complex and have a smaller Board size are likely to oversee risk management and internal controls at the Board level. For larger and more complex companies with Boards that wish to limit the number of Committees, combining a BRC with another Committee, typically the AC, to form the ARC is a common approach. Where such companies operate in highly regulated and fast- moving industries, they are more likely to (or may be required to) form a separate BRC. The considerations for a separate BRC for these companies are: • Enterprise-wide view of risks . A more holistic view of the key risks, and the risk management and internal control systems is assigned to one overarching Committee, rather than two or more fragmented Committees. • Effectiveness . More time can be allocated to overseeing the risk management and internal control systems and key risks. It frees up time for other Committees to focus on their core responsibilities, such as the AC focusing on financial reporting integrity. • Capability . A single focused Committee narrows down the required qualifications of its members whereas a combined Committee may require members to have diverse capabilities. For example, the ARC would require recent and relevant accounting or related financial management expertise or experience from at least two members 3 . 2 Company size may be defined in many ways including but not limited to total revenue, profit, market capitalisation, employees, locations, etc. 3 Provision 10.2 of the Code. 1A-1 1B-1