In November 2009 I contemplated  "Should Board Audit and Risk Committees be Separate?"  and today I question "Should a Board have a risk committee at all?"

In 2009 I concluded:

  • Management's responsibility is to identify, manage and report on risk with a predefined risk appetite which has been established in consultation with the oversight body, most commonly a Board of Directors or an Advisory Board.
  • The Board has an "assurer role" to provide stakeholders with assurance that management has done their job on risk.
  • The Board has a "mentoring role" to provide oversight of the risk management process.
  • Therefore there should be separate Audit and Risk committees fulfilling different roles, in particular for larger organisations with much larger amounts of information to process.


Since 2009 a few things have caught my attention that have caused me to consider whether the Board should have a risk committee at all. An example is APRA's requirement for Boards "... to understand the risks of the institution, including its legal and prudential obligations, and to ensure that the institution is managed in an appropriate way taking into account these risks."

Although APRA's requirement only applies to organisations they regulate, I believe it is applicable to all boards.  How then can a Board delegate risk to a sub-committee of the Board? Surely it is necessary for each and every director to understand the risk profile of the organisation.


My advice to Boards is:

  • Have a Board Assurance Committee which, through audits and other means, is responsible for ensuring the risk management framework put in place by management is appropriate and working, just as it does with all the other key processes of the business.


  • The Board collectively should be in discussion with management to ensure the Board and Management understand the implications of strategic, business unit and major project risk profiles presented to the Board and whether or not risk levels are within the risk appetite set by the Board and Management.


Votes: 0
E-mail me when people leave their comments –

Bryan Whitefield works with strategic leaders across all sectors to help organisations harness uncertainty – uncertainty is the strategic leader’s best friend. He is the author of DECIDE: How to Manage the Risk in Your Decision Making and Winning Conversations: How to turn red tape into blue ribbon. He is the designer of the Risk Culture: Build Your Tribe of Advocates Program for support functions and the Persuasive Adviser Program for internal advisers. Both can be booked individually or in-house.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!