Guidelines for the Risk Management Committee
1. Purpose
The purpose of this guideline is to assist the Risk Management Committee in discharging their responsibility for risk management.
2. Definition
A Risk Management Committee is defined as a committee appointed by the Accounting Officer / Authority to review the Institution’s system of risk management.
The membership of the Risk Management Committee should comprise both management and external members with the necessary blend of skills, competencies and attributes, including the following critical aspects:
· an intimate understanding of the Institution’s mandate and operations;
· the ability to act independently and objectively in the interest of the Institution; and
· a thorough knowledge of risk management principles and their application.
The chairperson of the Risk Management Committee should be an independent external person, appointed by the Accounting Officer / Authority. The responsibilities of the Risk Management Committee should be formally defined in a charter approved by the Accounting Officer / Authority.
The Accounting Officer / Authority may assign the Risk Management Committee responsibilities to the Audit Committee. Care should be taken to ensure that resources are available to the Audit Committee to deal adequately with risk governance issues in addition to their audit responsibilities. See Audit Committee Guidelines
3. Application
The guideline is designed to:
· Provide the Risk management Committee with information to enable them to fully understand the roles and responsibilities of their office in terms of risk management; and
· Provide templates to assist the Risk Management Committee to effectively discharge such roles and responsibilities.
4. How to navigate the guideline
The guideline has been structured according to the sections noted below. Each of the sections contains underlying information that can be accessed by clicking on the title.
· Legal mandate (Section 5)
· Strategic value of the Risk Management Committee in risk management (Section 6)
· High level responsibilities of the Risk Management Committee (Section 7)
· Evaluation criteria (Section 8)
· Additional reading / reference (Section 9)
5. Legal mandate and corporate governance
5.1 Legal mandate
There is currently no legal mandate for the establishment of a Risk Management Committee.
5.2 Corporate Governance
The institution can draw guidance from the following:
· King III Report on Corporate Governance; and
· Batho Pele principles.
6. Strategic value of the Risk Management Committee
The Risk Management Committee is responsible for assisting the Accounting Authority / Officer in addressing its oversight requirements of risk management and evaluating and monitoring the institution's performance with regards to risk management. The Risk Management Committee is appointed by the Accounting Officer/ Authority and its role is to formulate, promote and review the institution's ERM objectives, strategy and policy and monitor the process at strategic, management and operational levels.
7. High level responsibilities of the Risk Management Committee
To derive optimal benefits, risk management ought to be conducted in a systematic manner, using proven methodologies, tools and techniques.
In discharging its governance responsibilities relating to risk management, the Risk Management Committee should:
· review and recommend for the Approval of the Accounting Officer / Authority, the:
o risk management policy;
o risk management strategy;
o risk management implementation plan;
o Institution’s risk appetite, ensuring that limits are:
· supported by a rigorous analysis and expert judgement;
· expressed in the same values as the key performance indicators to which they apply;
· set for all material risks individually, as well as in aggregate for particular categorisations of risk; and
· consistent with the materiality and significance framework.
o Institution’s risk tolerance, ensuring that limits are supported by a rigorous analysis and expert judgement of:
· the Institution’s ability to withstand significant shocks; and
· the Institution’s ability to recover financially and operationally from significant shocks.
o Institution's risk identification and assessment methodologies, after satisfying itself of their effectiveness in timeously and accurately identifying and assessing the Institution’s risks.
· evaluate the extent and effectiveness of integration of risk management within the Institution;
· assess implementation of the risk management policy and strategy (including plan);
· evaluate the effectiveness of the mitigating strategies implemented to address the material risks of the Institution;
· review the material findings and recommendations by assurance providers on the system of risk management and monitor the implementation of such recommendations;
· develop its own key performance indicators for approval by the Accounting Officer / Authority;
· interact with the Audit Committee to share information relating to material risks of the Institution; and
· provide timely and useful reports to the Accounting Officer / Authority on the state of risk management, together with accompanying recommendations to address any deficiencies identified by the Committee.
In instances where the scale, complexity and geographical dispersion of the Institution’s activities dictate the need for the Risk Management Committee to work through sub-committees, the Risk Management Committee should ensure that:
· approval is obtained from the Accounting Officer / Authority for the establishment of the sub-committees;
· the terms of reference of the sub-committees are aligned to that of the Risk Management Committee; and
· The Risk Management Committee exercises control over the functioning of the sub-committees.
8. Evaluation
Clear objectives and key performance indicators should be set for the Risk Management Committee in respect of risk management. These indicators should be able to measure the Risk Management Committee's effectiveness in the institution's risk management in contributing to the institution's goals and objectives.
The Accounting Officer / Authority should evaluate the performance of the Risk Management Committee through the following and other relevant indicators:
· the results of the Risk Management Committee’s own 360? assessment;
· the pace and quality of the implementation of the risk management framework;
· The Internal Audit report on the state of risk management;
· the Auditor-General’s report on the effectiveness of the Risk Management Committee; and
· the quality and timeliness of the Risk Management Committee’s counsel and recommendations.
9. Additional reading / reference
A catalogue of additional resources is included below to assist the Risk Management Committee to facilitate implementation of risk management. Click on the relevant link to access these documents.
Guidelines: Additional reading / reference