A. Explanation

This Provision describes the Board’s role in risk management, and the formation of a Board Risk Committee (BRC).

Managing risks well is crucial to long-term corporate success. But it is not a straightforward task. At the heart of the challenge are two apparently conflicting needs. The first is the push to improve performance and the corresponding necessity to take some level of risk to achieve it. The second is to understand and manage risks to prevent unnecessary and excessive risk-taking that might lead not only to underperformance, but to the company’s demise.

Successful companies effectively and efficiently make decisions that optimise risk and reward. They are able to consider not only the downside of risk (typically associated with measures to reduce levels of risk), but equally its upside (or taking on higher levels of risk to seize opportunities).

Risk governance is the framework within which risk management operates. It is essential for the company to be clear about how and what risks are being managed. In other words, good risk governance provides management with guidance for sound and informed decision-making and effective allocation of resources.

There are, however, several ways in which risk governance can be structured within a Board:

• Oversight by the Board. If responsibility of risk oversight is not delegated to a Board Committee (such as the BRC), the full Board needs to take on those activities and responsibilities.
• Oversight by the Audit and Risk Committee. Here, the Board delegates oversight of the risk management and internal controls framework to the Audit Committee. Under these circumstances, the AC is commonly referred to as the Audit and Risk Committee (ARC).
• Oversight by the BRC. The Board delegates oversight for risk management to a separate BRC which is focused entirely on risk management.
• Oversight by the BRC and other specialist Risk Committees. The Board delegates oversight for risk management to a separate BRC. However, for areas of significant risks, the Board may require further oversight and focus support from additional specialist Risk Committees.

That said, increasingly, especially in larger and more complex companies, risk management is directed to special purpose committees, such as BRCs and other specialist Risk Committees.

B. Practice Guidance

• Practice Guidance 9: Risk Management and Internal Controls.

C. Related Rules and Regulations

• Nil.

D. CG Guides

• Board Guide 2.6: Board Committees [Board Composition].
• Board Guide 2.7: Committees’ Composition [Board Composition].
• Board Guide 4.5: Risk Management [Board Duties].
• BRC Guide 1.1: Introduction [BRC Composition].
• BRC Guide Case Study 1B-1: Audit and Risk Committee or a Separate BRC [BRC Composition].
• BRC Guide Appendix 1D: Risk Governance Structures [BRC Composition].
• BRC Guide Appendix 1F: Sample BRC Terms of Reference [BRC Composition].

E. Related Articles

• “Risky business” by Lyn Boxall. (440KB)
• “Revisiting board risk governance structures” by Irving Low. (390KB)
• “Risk management: Where lies the board?” by Jerry Koh and Daniel Seow. (82KB)
• “Best practices in enterprise risk management” by Dennis Lee. (79KB)
• “Taking the right risks - risk governance defined” by Ng Siew Quan and Alvin Chiang. (194KB)
• “Risk governance: Getting it right” by Irving Low. (292KB)
• “Risk management at the speed of business” by Ng Siew Quan and Alvin Chiang. (408KB)