Site icon Risk and Control: Ideas for a better tomorrow

Where is Risk in Audit Committee Agenda?

“Audit Committee Members don’t understand the risk. Promoters feel that Audit Committee are too much into finance. The Independent directors forming audit committee are retired person from government or retired partners from professional firms. They think only about finance and missing the bus for emerging risks. They are not geared up for thinking in terms of risks.”

“This gives an opportunity to people like Chief Audit Executive as they are more attuned to risks. They understand the risks. We should create a panel of such distinguished individual.”
These comments made me do a research on whats happening with Risk in Audit Committees.
Regulatory Landscape:

  1. SEBI has mandated top 100 listed entities to have Risk management committee.
  2. Clasue 49-> Part IV. Disclosure->. C. Board Disclosure- Risk Management:

The company shall lay down procedures to inform Board members about the risk assessment and minimization procedures. These procedures shall be periodically reviewed to ensure that executive management controls risk through means of a properly defined framework.
Corporate Reality:I come across a wonderful article on How Audit Committees really Think About Risk Which had tried to answer the question:

Do we know how much audit committee is supposed to worry about risk?

Has anyone actually pulled up audit committee charter and counted how many times the word ‘risk’ appears?

Conclusion of this article is Picture above.

My take:

  1. Independent directors are appointed by promoters.
  2. Independent directors form audit committee.
  3. Company is obliged to inform board members about risk assessment and minimization procedures.
  4. If company wants they can form a Risk Management Committee.
  5. If there is audit committee, there is Internal Audit. Internal Auditor are supposed to review and raise uncovered risks.

So why promoters are complaining?

I have some questions for which I invite answers/ comments. (Though I am amusing promoter, I believe replacing promoter with “management” will not change the questions.)

  1. Are promoters complaining because they are losing grip of the situation in this YUCA world where there experience of what works and what don’t come to a naught?
  2. Do promoters understand risk?
  3. Do promoters want to shift the blame for failure from them to others?
  4. What promoters are doing about to get people with “right” mindset?

Update 01-May-2017:

  1. India’s Security regulator says “Independent directors not independent”

http://economictimes.indiatimes.com/markets/stocks/policy/independent-directors-not-independent-says-sebi-chief-ajay-tyagi/articleshow/58421640.cms
2. India’s Banking regulators lays norms for role of the Chief Risk Officer
https://rbi.org.in/Scripts/BS_CircularIndexDisplay.aspx?Id=10948
Some key points: Board approved policy including role of CRO, fixed terms, removal/ transfer need to informed to regulator, adequate professional qualification, reporting lines to Risk Management Committee/ MD&CEO, No dual hatting – No additional responsibility of CEO/COO/CFO/CIA or any other function. (This require a separate article)
Call for action:
Inputs/ comments/ suggestion: I welcome inputs/ comments / suggestions from readers on how to approach this issue. Feel free to correct me, educate me.
Share the Article: If you like it, share it. If you share it with others, and they comment, we all will get more learned.
(Disclaimer: The views expressed constitute the opinion of the author and the author alone; they do not represent the views and opinions of the author ’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the author is, or has been a part of.)

Exit mobile version