Question

Paper: Summarize Risk Management Framework into two pages. Guidance: You must understand why you are including the content on the two pages. Tools & Resources: Use internet, NIST documentation, ISACA publications and group discussions. Format: Use Calibri with font size 12 and 1 inch margin for all four sides. Single space between lines.

Answer 1

Risk management is an important element of corporate functioning and governance. There should be a clearly established process of identifying, analyzing and treating risks, which could prevent the company from effectively achieving its objectives. It also involves establishing a link between risk-return and resourcing priorities. Appropriate control procedures in the form of a risk management plan must be put in place to manage risk throughout the organization.The plan should cover activities as diverse as review of operating performance, effective use of information technology, contracting out and outsourcing.The Board has the ultimate responsibility for identifying major risks to the organization, setting acceptable levels of risk and ensuring that senior management takes steps to detect, monitor and control these risks. The Board must satisfy itself that appropriate risk management systems and procedure are in place to identify and manage risks. For this purpose the company should subject itself to periodic external and internal risk reviews. Various statement indicating development and implementation of a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the Board may threaten the existence of the company. Ensuring the integrity of the company’s accounting and financial reporting systems, including the independent audit, and that appropriate systems of control are in place, in particular, systems for risk management, financial and operational control, and compliance with the law and relevant standards.

A company needs to have a proactive approach to convert a risk into an opportunity. A business is exposed to various kind of risk such as strategic risk, data security risk, fiduciary risk, credit risk, liquidity risk, reputational risk, environmental risk, competition risk, fraud risk, technological risk etc. It is important for the company to have a structured framework to satisfy that it has sound policies, procedures and practices are in place to manage the key risks under risk framework of the company. A risk management Committee’s role is to assist the Board in establishing risk management policy, overseeing and monitoring its implementation.

The committee shall be constituted with at least three directors, majority being independent directors.

Major functions include:

– Assisting the Board in fulfilling its corporate governance oversight responsibilities with regard to identification, evaluation and mitigation of operational, strategic and external environment risks.

– To ensure that management has instituted adequate process to evaluate major risks faced by the company

– Establishing the role and responsibilities of officers/team who shall be responsible for:

– Facilitating the execution of risk management practices in the enterprise

– Reviewing enterprise risks from time to time, initiating mitigation actions, identifying owners and reviewing progress

– Reporting risk events and incidents in a timely manner

– Monitoring and reviewing risk management practices of the Company

– Reviewing and approving risk-related disclosures.

The recently amended Clause 49 of the Listing Agreement requires as under:

A. The company shall lay down procedures to inform Board members about the risk assessment and

minimization procedures.

B. The Board shall be responsible for framing, implementing and monitoring the risk management plan for the company.

C. The company shall also constitute a Risk Management Committee. The Board shall define the roles and responsibilities of the Risk Management Committee and may delegate monitoring and reviewing of the risk management plan to the committee and such other functions as it may deem fit. The provisions above shall be applicable to top 100 listed companies by market capitalization as at the end of the immediate previous financial year.

Risk management is an important element of corporate functioning and governance. There should be a clearly established process of identifying, analyzing and treating risks, which could prevent the company from effectively achieving its objectives. It also involves establishing a link between risk-return and resourcing priorities. Appropriate control procedures in the form of a risk management plan must be put in place to manage risk throughout the organization.The plan should cover activities as diverse as review of operating performance, effective use of information technology, contracting out and outsourcing.The Board has the ultimate responsibility for identifying major risks to the organization, setting acceptable levels of risk and ensuring that senior management takes steps to detect, monitor and control these risks. The Board must satisfy itself that appropriate risk management systems and procedure are in place to identify and manage risks. For this purpose the company should subject itself to periodic external and internal risk reviews. Various statement indicating development and implementation of a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the Board may threaten the existence of the company. Ensuring the integrity of the company’s accounting and financial reporting systems, including the independent audit, and that appropriate systems of control are in place, in particular, systems for risk management, financial and operational control, and compliance with the law and relevant standards.

A company needs to have a proactive approach to convert a risk into an opportunity. A business is exposed to various kind of risk such as strategic risk, data security risk, fiduciary risk, credit risk, liquidity risk, reputational risk, environmental risk, competition risk, fraud risk, technological risk etc. It is important for the company to have a structured framework to satisfy that it has sound policies, procedures and practices are in place to manage the key risks under risk framework of the company. A risk management Committee’s role is to assist the Board in establishing risk management policy, overseeing and monitoring its implementation.

The committee shall be constituted with at least three directors, majority being independent directors.

Major functions include:

– Assisting the Board in fulfilling its corporate governance oversight responsibilities with regard to identification, evaluation and mitigation of operational, strategic and external environment risks.

– To ensure that management has instituted adequate process to evaluate major risks faced by the company

– Establishing the role and responsibilities of officers/team who shall be responsible for:

– Facilitating the execution of risk management practices in the enterprise

– Reviewing enterprise risks from time to time, initiating mitigation actions, identifying owners and reviewing progress

– Reporting risk events and incidents in a timely manner

– Monitoring and reviewing risk management practices of the Company

– Reviewing and approving risk-related disclosures.

The recently amended Clause 49 of the Listing Agreement requires as under:

A. The company shall lay down procedures to inform Board members about the risk assessment and

minimization procedures.

B. The Board shall be responsible for framing, implementing and monitoring the risk management plan for the company.

C. The company shall also constitute a Risk Management Committee. The Board shall define the roles and responsibilities of the Risk Management Committee and may delegate monitoring and reviewing of the risk management plan to the committee and such other functions as it may deem fit. The provisions above shall be applicable to top 100 listed companies by market capitalization as at the end of the immediate previous financial year.