Guidance Paper - The Institute of Risk Management
Guidance Paper - The Institute of Risk Management
Guidance Paper - The Institute of Risk Management
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
I Background<br />
“What is this all about”<br />
101<br />
In recent years we have<br />
witnessed some major risk<br />
events ranging from the<br />
global financial crisis to the more recent<br />
sovereign debt crisis and a large number<br />
<strong>of</strong> natural and meteorological events with<br />
major consequential damage and knockon<br />
effects. But the financial crisis <strong>of</strong> 2008<br />
had many consequences, and raised many<br />
questions, not least <strong>of</strong> which was the<br />
question as to why boards failed to see it<br />
coming. At the request <strong>of</strong> the Prime<br />
Minister <strong>of</strong> the day, Sir David Walker<br />
carried out a review <strong>of</strong> the corporate<br />
governance <strong>of</strong> Banks and Other Financial<br />
Institutions (“BOFI’s”) and this was<br />
followed swiftly by a review <strong>of</strong> the<br />
broader corporate governance landscape<br />
in the UK by the Financial Reporting<br />
Council (the “FRC”). <strong>The</strong> FRC made the<br />
all-important link between this question<br />
and the subject <strong>of</strong> risk appetite and risk<br />
tolerance by inserting reference to these<br />
two topics in their draft changes to<br />
Section C <strong>of</strong> the UK Corporate Governance<br />
Code (the “Code”) (Financial Reporting<br />
Council, 2010). While those very words<br />
failed to survive the cut, the concept did<br />
survive. Under the newly expanded<br />
Section C, a board is explicitly tasked with<br />
being responsible for “determining the<br />
nature and extent <strong>of</strong> the significant risks it<br />
[the board] is willing to take in achieving<br />
its strategic objectives”. This is risk<br />
appetite and tolerance by any other name.<br />
<strong>The</strong> rest <strong>of</strong> this section<br />
102 explores the nature <strong>of</strong> the<br />
words in the Code, and looks<br />
at the existing guidance which<br />
might help to understand the words.<br />
• Sections II and III <strong>of</strong> this document look<br />
at a proposed new framework <strong>of</strong> risk<br />
appetite and risk tolerance<br />
• Sections IV and V look at the<br />
practicalities <strong>of</strong> implementing and<br />
overseeing risk appetite and risk<br />
tolerance<br />
• Section VI addresses some <strong>of</strong> the issues<br />
that might require further thought,<br />
and<br />
• Appendix A presents a summary <strong>of</strong><br />
how, in practical terms, a board might<br />
go about determining the risks it is<br />
willing to take.<br />
Throughout the paper we have indicated<br />
questions that could usefully be explored<br />
in the boardroom to ensure that the<br />
subjects <strong>of</strong> risk appetite and tolerance are<br />
being appropriately addressed.<br />
<strong>The</strong> UK Corporate<br />
Governance Code<br />
103<br />
In its recent update to<br />
the UK Corporate Governance<br />
Code, the FRC has expanded<br />
the section <strong>of</strong> the Code on Accountability<br />
as set out in the box below:<br />
.<br />
Section C: Accountability<br />
<strong>The</strong> board should present a balanced<br />
and understandable assessment<br />
<strong>of</strong> the company’s position and<br />
prospects. <strong>The</strong> board is responsible for<br />
determining the nature and extent <strong>of</strong><br />
the significant risks it is willing to take<br />
in achieving its strategic objectives.<br />
<strong>The</strong> board should maintain sound risk<br />
management and internal control<br />
systems.<br />
<strong>The</strong> board should establish formal<br />
and transparent arrangements for<br />
considering how they should apply<br />
the corporate reporting and risk<br />
management and internal control<br />
principles...<br />
11