Guideline on Board’s Roles in Governance, Risk, and Compliance (GRC)

A sustainable company requires solid fundamental, agility, and ability to manage risks under relevant laws and regulations. Meanwhile, stakeholders also demand business transparency, as well as effective responses to changes. Thus, companies are driven by various forces toward integrated operations. In this regard, the Board has a role to comprehend with the overview of Governance, Risk and Compliance (GRC) aspects.

Therefore, the Thai Institute of Directors (IOD) has developed this guideline to help the Board recognize the significance, elements, roles and responsibilities, and conduct effective integration of Governance, Risk, and Compliance. The guideline divides into two sections including 1. Key Principles and 2. Guidelines.

Key Principles of this guideline are as follows:

1.      The Board has roles and responsibilities as the leader in sustainable corporate value creation.  It should ensure the company has strategy that can accommodate growth while allowing business to be conducted ethically, transparently, taking all stakeholders into account and comply with relevant laws.

2.    The Board should apply GRC integration concept as a framework in driving and encouraging the company to comply with four key guidelines under principles of the Office of Compliance and Ethics Group (OCEG).  The four key guidelines include

2.1    Learn – Study and understand business context, corporate culture, and expectations of stakeholders.

2.2     Align – Use such comprehension to determine the company’s objectives and identify potential risks that may derail achievement of the objectives.

2.3     Perform – Drive the company towards the objectives through effective work process that complies with regulations as well as prudent internal controls.

2.4  Monitor – Put in place adequate and appropriate monitoring system to ensure objectives are achieved.

3.     The Board should ensure the company has a vision and progressive strategy that will allow it to achieve objectives rationally and ethically amidst uncertainties from rapid and severe changes in economic, market, technology, personnel, legal, environment, and social aspects etc.  With such uncertainties, the company must weigh potential risks and opportunities while seeking to mitigate the risks and enhance the opportunities to achieve the vision and strategy.

4.     The Board should govern and set business direction toward sustainability, taking into account internal and external factors as well as interests of all stakeholders.  The Board should also communicate strategies, policies, and key principles with the management in order to put them into implementation.  They should cover effective, flexible and agile risk management as well as comprehensive compliance with relevant laws and regulations.

5.    The Board’s roles and responsibilities are not divisible.  The Board must ensure the company can connect and interweave Governance, Risk Management, and Compliance into the same picture under ethical, transparent and honest corporate culture.  This is called the Governance, Risk and Compliance, or GRC, integration.

6.     The Stock Exchange of Thailand has a guideline for the Board to appoint appropriate experts as members of committees with specific tasks to study key issues that often occur or need special monitoring to enhance the Board efficiency.  (For examples, Audit Committee, Risk Management Committee) However, the Board is still fully accountable for the roles and responsibilities that it assigned to the committees.

7.          The Risk Management Committee, for example, is assigned by the Board to oversee risk management, work closely with the management, and ensure the Board gets quality Risk Report in timely manner.

For full "Guideline on Board’s Roles in Governance, Risk, and Compliance (GRC)" please download below