top of page

Is Risk Committee an Effective Risk Governance Mechanism?

Board committees are more important than ever in corporate governance. In addition, it is a popular topic in ACCA Strategic Business Leader (SBL) exam.

There are various types of committee, such as audit committee, remuneration committee, nomination committee and risk committee.

I would like to focus on risk committee in this article as it is more popular for listed companies building a separate risk committee. I am interested to share with you why it happens and what benefits to the companies having a risk committee.

UK Corporate Governance Code Development

It is important to mention corporate governance development so that you know why there is a risk committee needed for a company.

In UK, the Corporate Governance code is a part of UK company law with a set of corporate governance practices. Financial Reporting Council (FRC) sets the codes and standards and it monitors and takes action to promote the quality of corporate reporting. FRC is responsible to publish Guidance on Board Effectiveness.

Companies listed on the London Stock Exchange have to disclose how they have complied with the codes and explain where they have not applied the code.

Cadbury Report was published in 1992 which is the first step on the corporate governance code that we know now. The report was produced by a committee chaired by Sir Adrian Cadbury after several major corporate scandals in UK.

One of three basic recommendations from the report is each board should have an audit committee composed of non-executive directors. It is the initial framework on corporate governance code that we see now.

However, corporate governance failures haven’t been stopped since Cadbury Report published. There were more reports, such as Greenbury Report (1995) and Hampel Report (1998) published to improve governance in years after.

Regarding to risk committee, it was not recommended until 2008 financial crisis. The collapse of Northern Rock, a UK bank, triggered another corporate governance review. The Walker Review focused on the banking industry but also with recommendations for all other industries.

In Walker Review, it recommends a separate risk committee for banks and financial institutions so that audit committee only needs to focus on accounting and reporting while risk committee manages risk more effective and efficient.

UK Corporate Governance Milestones

Board Committees

The purpose of a board in a company is to set and reconfirm the company’s purpose. In other words, it define the company’s purpose and sets strategy to deliver it.

As described by FRC in Guidance on Board Effectiveness

An effective board defines the company’s purpose and then sets a strategy to deliver it, underpinned by the values and behaviours that shape its culture and the way it conducts its business.

A board can set up different board committees to deep dive any particular areas so that experts or specialists can be appointed as independent non-executive directors to join in the committees to make recommendations.

In Cadbury Report, the initial corporate governance was seen while it pointed out that independent non-executive directors should be appointed in audit committee.

An audit committee should be in every listed company in UK and what is the purpose of an audit committee?

Audit committee is responsible for discharging governance responsibilities in respect of audit, risk and internal control, and will report to the board as appropriate.” FRC explains.

In other words, risk management and control is one of audit committee responsibilities. So, why do we need to separate audit committee and risk committee?

Why does a board need to have a separate risk committee?

The financial crisis in 2008 caused a revolution in banks and financial institutions corporate governance structure. In Walker Review, it recommends a separate risk committee is needed for banks and financial institutions.

Other than financial institutions, do you know how many companies have risk committees in UK?

According to a study conducted by Deloitte few years after Walker Review, It’s only 23% of listed non-financial companies in UK have a standalone risk committee or a hybrid one.

PwC published a report covering whether a separate risk committee is needed. It clearly presents the factors or benefits supporting to have a separate risk committee including –

  • The Board simply cannot find enough time to focus properly on risk;

  • Governance of risk oversight is more transparent as it is centralized in one place;

  • The Board wants to send a clear message to key stakeholders, such as shareholders and regulators, that the company focuses on governance of risk;

  • Non-independent directors on risk committee could help overseeing risk;

  • More resources are put in identify, assess and manage risks that the company haven’t had.

What does a risk committee do?

Now, you know what are the benefits of having a separate risk committee. But what does a risk committee do?

A risk committee helps audit committee in risk control and management. In addition, it also coordinates risk oversight among committees and the full board.

Many audit committee members are professionals in accounting or finance because they have the knowledge and experiences in internal control and regulatory reporting. However, they may not be the industry experts.

As risk committee focuses on risk oversight, the industry specialists could be appointed in the committee so that a better understanding of industry-specific or growing exposures.

Also, risk committee could have an ongoing dialogue with the chief risk officer to reveal how effectively the risk management works.

What are the drawbacks of risk committees?

The first drawback about separating a risk committee from audit committee is cost. An additional committee means additional costs and demands on the time of directors and staff involved in the meeting preparation.

Next, as risk committee is not legally required for non-financial companies, risk management jobs have already be written in audit committee’s role. The chance to create unnecessary overlapping committee responsibilities exists.

Last but not the least, risk committee composition may be problematic. Because directors sit on multiple committees, it may be challenging to appoint the right persons to sit in risk committee from the board.

Short summary

It is not legally required for non-financial companies to have a separate risk committee. Therefore, you need to consider what are the costs and benefits of having a risk committee in a non-financial company.

The board members should decide to proceed in organising risk oversight by risk committee, it must have qualified directors. Many boards can effectively oversee risk even without a separate risk committee given most of the directors are experienced and qualified.

ACCA SBL exam question on risk committee

I found there was a question about risk committee in September 2018 SBL exam.

It asked students to discuss what are the benefits of having a separate risk committee and those are –

  • Mix of membership

  • Breadth of risks

  • Leadership

  • Communication

  • Reassurance to shareholders

From examiner’s comments, the performance to this question was weak. The main reason was many failed to meet the requirements of the question by only discussing what is a risk committee and the risk management process, without addressing the benefits of a risk committee.

Risk committee is part of corporate governance that you cannot miss in your SBL study. I am confident you have the basic understanding about recent year’s corporate governance development in UK after reading this article. If you would like to read more for learning, here are the articles published by ACCA that I suggest –

If you find this article is helpful and you want to help others too, just share it in any social media (such as Facebook, LinkedIn).

Follow us on our Facebook Page to have update:


bottom of page