Risk governance is a key role of the board and is about applying the principles of good governance to the identification, assessment, management and communication of risks in an organisation so that the organisation’s risk-taking activities are aligned with its capacity to absorb losses and its long-term viability.
It is good governance for any organisation to ensure that all directors and senior executives have a shared understanding of risk, which is the effect of uncertainty on an organisation achieving its strategic objectives and maintaining its long-term sustainability and reputation. This checklist incorporates the key elements of risk governance, which includes the board itself, compliance risk and organisational culture along with risk management. For example, there are a number of questions related to risk appetite. In setting the risk appetite, the board is clearly notifying stakeholders about the extent of the organisation’s willingness to take risks in order to achieve the strategy. This helps the board and senior management to discharge their risk governance responsibilities effectively.
It should be noted that this checklist is only meant as a guide to establishing good practice risk governance – it is a health check you can use to identify any gaps and determine appropriate responses. The presence or absence of many of the topics in the checklist will depend on the maturity and lifecycle of the organisation – for example, a small organisation will be unlikely to have an internal audit function.
The Risk Governance Checklist can be accessed here