eGuide to CG Code

The Board is responsible for the governance of risk. The Board should ensure that Management maintains a sound system of risk management and internal controls to safeguard shareholders' interests and the company's assets, and should determine the nature and extent of the significant risks which the Board is willing to take in achieving its strategic objectives.

The Board is responsible for the governance of risk. It sets the tone and direction for the way risks are managed in the company.

Managing risks well is crucial to long-term corporate success. But it is not a straightforward task. At the heart of the challenge are two apparently conflicting needs. The first need is the push to improve performance and the corresponding necessity to take some level of risks in order to achieve it. The second is the need to understand and manage risks to prevent unnecessary and excessive risk-taking that might lead not only to underperformance, but to the company’s demise.

Successful companies effectively and efficiently make decisions that optimise risk and reward. This requires them to consider not only the downside of risk (typically associated with measures to reduce levels of risk), but equally its upside (or taking on higher levels of risk to seize opportunities).

Risk governance is the framework within which risk management operates. It defines the way in which a company undertakes risk management. It is essential for the company to have clarity about how and what risks are being managed. Good risk governance thus provides guidance for sound and informed decision-making and effective allocation of resources.

The Board is responsible for influencing and approving the company’s strategy in a way that addresses stakeholders’ expectations, and which does not expose the company to an unacceptable level of risk. It is also ultimately responsible for approving key risk management policies, and ensuring a sound system of risk management and internal controls against which performance can be monitored.

The Guidelines describe:

  • The responsibilities of the Board vis-à-vis management regarding risk management (Guideline 11.1).
  • The requirement for an annual review of the adequacy and effectiveness of risk management and internal control systems (Guideline 11.2).
  • The requirement for the Board to comment on the adequacy and effectiveness of the internal controls, and whether it has received assurance from the CEO and the Chief Financial Officer (CFO) (Guideline 11.3).
  • The means, especially with a Board Risk Committee (BRC), by which the Board can be assisted in its risk oversight (Guideline 11.4).

 


Guideline 11.1

The Board should determine the company's levels of risk tolerance and risk policies, and oversee Management in the design, implementation and monitoring of the risk management and internal control systems.

Read more >

Guideline 11.2

The Board should, at least annually, review the adequacy and effectiveness of the company's risk management and internal control systems, including financial, operational, compliance and information technology controls. Such review can be carried out internally or with the assistance of any competent third parties.

Read more >

Guideline 11.3

The Board should comment on the adequacy and effectiveness of the internal controls, including financial, operational, compliance and information technology controls, and risk management systems, in the company's Annual Report. The Board's commentary should include information needed by stakeholders to make an informed assessment of the company's internal control and risk management systems.

The Board should also comment in the company's Annual Report on whether it has received assurance from the CEO and the CFO:

  1. That the financial records have been properly maintained and the financial statements give a true and fair view of the company's operations and finances; and
  2. Regarding the effectiveness of the company's risk management and internal control systems.

Read more >

Guideline 11.4

The Board may establish a separate board risk committee or otherwise assess appropriate means to assist it in carrying out its responsibility of overseeing the company's risk management framework and policies.

Read more >

 

eGuide to CG Code
Overview
Board Matters
Principle 1
Guideline 1.1
Guideline 1.2
Guideline 1.3
Guideline 1.4
Guideline 1.5
Guideline 1.6
Guideline 1.7
Principle 2
Guideline 2.1
Guideline 2.2
Guideline 2.3
Guideline 2.4
Guideline 2.5
Guideline 2.6
Guideline 2.7
Guideline 2.8
Principle 3
Guideline 3.1
Guideline 3.2
Guideline 3.3
Guideline 3.4
Principle 4
Guideline 4.1
Guideline 4.2
Guideline 4.3
Guideline 4.4
Guideline 4.5
Guideline 4.6
Guideline 4.7
Principle 5
Guideline 5.1
Guideline 5.2
Guideline 5.3
Principle 6
Guideline 6.1
Guideline 6.2
Guideline 6.3
Guideline 6.4
Guideline 6.5
Remuneration Matters
Principle 7
Guideline 7.1
Guideline 7.2
Guideline 7.3
Guideline 7.4
Principle 8
Guideline 8.1
Guideline 8.2
Guideline 8.3
Guideline 8.4
Principle 9
Guideline 9.1
Guideline 9.2
Guideline 9.3
Guideline 9.4
Guideline 9.5
Guideline 9.6
Accountability and Audit
Principle 10
Guideline 10.1
Guideline 10.2
Guideline 10.3
Principle 11
Guideline 11.1
Guideline 11.2
Guideline 11.3
Guideline 11.4
Principle 12
Guideline 12.1
Guideline 12.2
Guideline 12.3
Guideline 12.4
Guideline 12.5
Guideline 12.6
Guideline 12.7
Guideline 12.8
Guideline 12.9
Principle 13
Guideline 13.1
Guideline 13.2
Guideline 13.3
Guideline 13.4
Guideline 13.5
Shareholder Rights and Responsibilities
Principle 14
Guideline 14.1
Guideline 14.2
Guideline 14.3
Principle 15
Guideline 15.1
Guideline 15.2
Guideline 15.3
Guideline 15.4
Guideline 15.5
Principle 16
Guideline 16.1
Guideline 16.2
Guideline 16.3
Guideline 16.4
Guideline 16.5
eGuide Glossary
Disclosure of CG arrangements
The Role of Shareholders

Copyright © 1998 - 2017 Singapore Institute of Directors. All rights reserved.