Listing of Principles :
1 Risk Management Strategy
Principle no. 1: Role of the board
The responsibility for understanding the risks run by the company, and ensuring that they are appropriately managed within well defined risk management policies, is placed clearly with the board of directors. The boardís understanding of the risks and the approved risk management policies must be set out in the treasury policy, which must be formally approved by the board, with compliance therewith reviewed by the board at least on an annual basis.
Principle no. 2: Role of the executive committee
The board of directors must approve risk management strategies, but will delegate authority for day-to-day decisions to an executive committee/treasury so that risk can be effectively managed in the company.
back to top
Principle no. 3: Identification and assessment of risk
The board, through the executive committee, should identify and assess the risks the firm is taking on and develop a firm-wide risk management strategy to cover those risks. It should put structures in place to actively manage the quantifiable risks the firm takes on and to control the unquantifiable risks.
Principle no. 4: Role of the risk management group
A risk management group, including members of the executive committee, should be responsible for defining the companyís risk management policies and ensuring that the risk strategy is implemented through the development of appropriate procedures and investment in skills and systems.
Principle no. 5: Risk management policies
Risk management policies must be prepared by the risk management group and reviewed and approved, on a regular basis by the executive committee, which in turn must submit them to the board of directors for adoption. The risk management group should be provided with adequate resources and systems to enable them to implement these policies effectively.
Principle no. 6: Lines of responsibility
The group organisation structure should have clear reporting lines and responsibilities to enable the executive committee to monitor and control activities.
Principle no. 7: Delegation of risk authority
The group organisation should provide a risk framework by which authority is delegated to business units/subsidiaries, within clear mandates set by the board and the executive committee.
Principle no. 8: Risk Limits
The risk management group should initiate and maintain a set of limits to manage and restrict the maximum amount of risk across business units. This set of limits should be agreed, through the executive committee, with the board.
Principle no. 9: Evaluation of effectiveness
The executive committee should evaluate the independence and overall effectiveness of the firmís control and risk management infrastructure on a regular basis.
back to top
