National Office
1300 739 119
International callers
+61 2 8248 8440
QTY | Product | Price | Edit |
---|---|---|---|
{{ item.title }}
{{ item.secondaryItem.title }}
Availability - Places available
Availability - In stock
This product is already registered.
|
{{ (item.price * item.quantity) | currency }}
FREE
{{ (item.secondaryItem.price * item.secondaryItem.quantity) | currency }}
FREE
|
({{ items.length }}) products in your cart
Subtotal | {{ subTotal | currency }} $0.00 |
---|---|
Total inc. GST | AUD {{ total | currency }} $0.00 |
Package Discount
Package Discount If you enrol in all three Foundations of Directorship courses, you will receive a package discount. Already applied
|
-{{ packageDiscount | currency }} |
Member Discount | -{{ discount | currency }} |
Risk is inherent in all human endeavours – including the activities of all organisations. The role of the board is to understand the organisation’s risk factors, to make decisions based on this understanding and to oversee a risk management framework to manage risk on an ongoing basis. Risk is not something to be avoided, but to be understood and leveraged in pursuit of an organisation’s purpose.
For a board, having a strong risk appetite and tolerance is integral to an organisation's success. All organisations must take risks to create value. The question is how much and what types of risk should they take? And how should they manage business risk? Risk is not something to be avoided, but to be understood and leveraged in pursuit of an organisation’s purpose. The International Organization for Standardisation gives a risk management definition as “the effect of uncertainty on objectives” (AS/NZS ISO 3100 Risk management).
Importantly, risk is not inherently bad. It arises because the future is unknowable and therefore the outcomes of decisions are always uncertain to some extent. Key factors for business in enterprise risk management are typically characterised by considering examples of events that could occur, their likelihood and the consequence of their impact. Boards have to deal with a range of risks, including hazards (asset management, safety, environmental, social, regulatory), financial risk, cyber security risk, operating risk, organisational risk (governance, performance, culture and conduct), legal risks such as class actions, non-financial risk and strategic risk. Risk management should be integrated into executive and board-level decision-making, largely as part of strategic planning, and also in key tactical decisions. However, risks will vary enormously from business to business and industry to industry.
The board’s role is to set the risk appetite — given its capacity to bear risk, core purpose and the expectations of shareholders, members and other stakeholders — and to ensure it has a risk management framework to identify and manage risk on an ongoing basis. While ultimate responsibility for a listed entity’s risk management framework rests with the full board, board committees can also play a significant role.
Risk and security management encompasses the culture, processes and structures directed towards taking advantage of potential opportunities while managing potential adverse effects. The goal of the risk management process is to increase certainty that a decision’s intended outcome will be achieved. It involves identification, evaluation and prioritisation of risks.
Risk governance should not be considered a discrete activity, but should be embedded in the practices, processes and policies within an organisation concerned with making decisions, and ensuring these decisions continue to be valid. Risk and strategy are inseparable.
One of the most important roles of the board is in developing a mutual understanding with management on the nature and extent of risk the organisation is prepared to accept in pursuit of its purpose. A risk appetite statement provides parameters for management to pursue the organisation’s purpose. Defining and documenting risk appetite bolsters the development of an appropriate risk culture aligned to and supporting the purpose and strategy.
The AICD’s Not-for-Profit Governance Principle 5 on risk management says: “Boards must be careful that they are not so concerned with negative risk that opportunities are missed, but they can also not have such a disregard for risk as to expose the organisation to serious harm. Striking an effective balance between the two is the hallmark of a sound risk appetite.”
Put broadly, below are the main responsibilities of a board in governing an organisation's risk:
The board oversees a risk management plan that aligns to purpose and strategy.
Directors seek and are provided with information about risk and how it is managed.
The board periodically reviews the risk management framework.
The purpose of risk management is to support more informed decision making and to help an organization achieve its purpose. Risk management enables the organisation to:
Challenge assumptions in decision-making;
Take actions to increase the chance that a desired outcome will be achieved;
Identify early signs that an undesirable event may occur and take pre-emptive action to address it;
Learn from successes and failures in a way that improves decision-making over time; and
Consider whether previous decisions remain valid and, if necessary, revise them.
For larger companies, one way for the board to focus on risk management is to establish a risk management committee. The ASX Recommendations suggest that a board risk committee can be an efficient and effective mechanism to bring transparency, focus and independent judgement needed to oversee the entity’s risk management framework. The role of the risk committee is to provide board risk reporting, including making recommendations to improve the framework and to bring any issues to its attention. The committee would, in practice, work closely with management to ensure that the board and/or the committee receive adequate reporting on the organisation’s risks.
Establishing an internal audit function is another important consideration in designing an effective risk management framework. An internal audit risk assessment can assist the board in overseeing the effective implementation and operation of the organisation’s risk management framework. In particular, an internal audit function can provide a board with valuable assurance that key risk mitigating strategies including internal controls are operating effectively. A proactive internal audit function can also provide valuable benchmarks and insights into how to improve the effectiveness of the organisation’s risk management framework.
Determining the most appropriate method to deal with the risks facing an organisation will depend on the nature of those risks. In general terms, an organisation will have a choice between:
The types of risk which have to be considered will vary enormously from business to business and industry to industry. Common sense indicates that the risks faced by an organisation should be categorised in relation to what the organisation does.
By definition, they include things that are not easy to predict. For example, until recently, few members of the travel industry would have worried about ash from volcanoes in Iceland. The best way to approach this is to classify the categories of risk. The following list of frequently used risk categories.
In the wake of the final report of the banking Royal Commission, the issue of non-financial risks and how to monitor and measure them has become a vexed topic in the Australian board and management community. Both the Australian Prudential Regulation Authority (APRA) and Australian Securities and Investments Commission (ASIC) have put a focus on culture and remuneration.
The consequences of non-financial risks, if left unaddressed, can become distinctly financial in nature. The 2019 ASIC Corporate Governance Taskforce on Director and Officer Oversight-of-Non-Financial Risk Report identified three types of risks: operational risk, compliance risk and conduct risk. This classification sits alongside that of the ASX Corporate Governance Principles (4th edition 2019) which sees non-financial risk as including environmental and social risks (recommendation 7.4). It defines social risk as “the potential negative consequences (including systemic risks and the risk of consequential regulatory responses) to a listed entity if its activities adversely affect human society or if its activities are adversely affected by changes in human society”.
In seeking to distil the company’s culture into a set of non-financial performance measures, one challenge is to identify the relevant measures; a number of these relate to “social” performance.
“Social performance” is considered to be human capital, workplace health and safety, labour relations and standards, human rights, demographic changes, supply chain, and community impacts. The range of performance indicators used to capture “social performance” is classified into six categories as summarised in the table below.
The ASX Corporate Governance Council Principles and Recommendations provide the benchmark against which all companies should measure and evaluate the effectiveness of their corporate governance policies, procedures and practices. Governance risk and compliance are the focus of the recommendations.
The ASX Recommendations contain a number of recommendations concerning risk and the board. Principle 7 of the ASX Recommendations provides that: “The board of a listed entity is ultimately responsible for deciding the nature and extent of the risks it is prepared to take to meet its objectives. To enable the board to do this, the entity must have an appropriate framework to identify and manage risk on an ongoing basis. It is the role of the management to design and implement that framework and to ensure that the entity operates within the risk appetite set by the board. It is the role of the board to set the risk appetite for the entity, to oversee its risk management framework and to satisfy itself that the framework is sound.”
For more detail on risk management for boards, see our Risk Management Director Tool or visit our tools and resources page.
We acknowledge the Traditional Custodians of the Lands on which we are located and pay our respects to Elders, past and present. We recognise First Nations peoples' cultural and spiritual relationships to the Skies, Land, Waters, and Seas, and their rich contribution to society.
Already a member?
Login to view this content