(b) Risk committee and criticise Mr Louse’s understanding.
Roles
There are five general roles of a risk committee. The first is agreeing and approving the organisation’s risk management
strategy, including strategies for strategic risks. This is likely to be drawn up in discussion with other parts of the organisation,
including the main board.
Second, the risk committee reviews reports on key risks prepared by departments on operational risks. These might be reports
from operations (e.g. production), finance or technical departments on risks that specifically may affect them.
Third, it monitors overall risk exposure and ensures it remains within the limits established by the main board. Exposure is
generally defined as the totality of losses that could occur and the acceptable exposure will vary according to the risk strategy.
Some organisations accept a higher exposure than others because of their varying risk appetites.
Fourth, the risk committee assesses the effectiveness of risk management systems and policies. This is usually based on past
data, where a risk has materialised, or ‘stress testing’ of systems where the risk has not yet materialised.
12Fifth, the risk committee approves and agrees any statements or disclosures made to internal or external audiences, such as
risk reporting to analysts or in the annual report. Shareholders have the right to expect accurate and relevant reports on the
risks in their investments, and so any reports issued outside the company need to be approved by the risk committee.
Criticise Mr Louse’s understanding
Mr Louse has a weak understanding of the roles and purposes of a risk committee.
First, ‘stopping risks affecting’ companies is not within the remit of a risk committee. Some risks affect everybody including
businesses; others apply because of industry membership, geographical location, business activity, strategic positioning or
business strategy. The role of a risk committee is to identify, review and construct a strategy for managing those risks.
Second, he complained that the risk committee was ‘always asking for more information, which was inconvenient’. Gathering
information is a crucial part of a risk committee’s role and it is in the company’s overall interest to ensure that information
supplied to the risk committee is accurate, current and complete.
Third, he misunderstands the nature of the committee’s role if he perceives it to be ‘gloomy and pessimistic’. This is an
understandable but unfair criticism. Risks are, by their nature, things that might go wrong or potential liabilities, but the
reason why risks need to be understood is to ensure the ongoing success and prosperity of Zogs Company, and that is a very
positive thing.
Finally, he wrongly believed that all material risks were external risks and so the risk committee should be looking outwards
and not inwards. Risks can be internal or external to the company and many internal risks can be highly material such as
financial risks, liquidity risks, operational risks, etc.
