It is challenging to run business nowadays amid uncertain environment and unpredictable disruption such as technological change, pandemic, new legislation etc. Companies that may achieve sustainable growth in this new era must have solid fundamental while being flexible to changes in strategies and administration techniques under applicable laws and regulations.  They must also be equipped with knowledgeable Board and management, who can lead the company and respond well to expectations from various stakeholders.

To ensure that the risk management mechanism is effective, Board must understand various “major risks” of the organization as well as the “processes” for managing those risks. May consider appointing "Risk Management Committee" specifically to help relieve the burden of supervision of such matter.

This guideline comprises two sections including 1. Key Principles and 2. Practice Guidelines.

Key Principles:

1. The Board should apply GRC (Governance, Risk and Compliance) integration concept in governing organization to accommodate advancement and sustainability

2. Risk management is the key component of GRC integration because it makes the organization recognize and able to handle potential events that could have adverse effect in achieving strategies, objectives, and expectations of stakeholders.

3. The Board should take parts in determining and monitoring the implementation of strategies and determine risk appetite in alignment with the implementation of such strategies.

4. The Board should turn risk management system and internal control into normal daily work process, not making them as independent and temporary activity.

5. The Board should ensure that risk management is integrated and aligned with sustainability management system, covering Environmental, Social and Governance (ESG) aspects.

6. The Board may oversee risk management by itself or assign Risk Management Committee to take charge in governing the company’s risk management efficiency and report to the Board.

7. Structure of the Risk Management Committee of each company is subject to size, complexity, relevant legislations.  It may as well be the same as other committees.

8. The Board should assign roles, duties, and responsibilities to Risk Management Committee through written Charter.

9. The Board should stipulate that Risk Management meet at least twice a year and regularly report meeting results to the Board so that the Board acknowledge progress, key risk management issues, and recommendations for necessary decision.

10. Performance of the Risk Management Committee should be evaluated at least once a year and performance report should be presented to the Board annually.

 For full "Guideline on Board's Role in Risk Management" please download below