7.2 Board Risk Committee

The Board Risk Committee is a specialized group within the board of directors focused on overseeing an organization’s risk management practices. Typically comprising 3-5 members with risk management expertise, this committee enhances the board’s ability to manage risk effectively.

The committee’s primary responsibilities include overseeing the enterprise risk management framework, approving risk policies, monitoring key and emerging risks, and ensuring adequate risk reporting to the full board. It meets regularly, often quarterly, with additional sessions as needed, including private meetings with key executives like the Chief Risk Officer.

Working closely with management while maintaining independence, the committee provides crucial oversight and challenges risk assessments. Its scope covers a wide range of risks, from strategic and financial to operational and emerging threats like cybersecurity.

The Board Risk Committee adds significant value by allowing in-depth risk discussions and demonstrating strong risk governance to stakeholders. However, it doesn’t replace the full board’s ultimate responsibility for risk oversight and may not be necessary for smaller organizations.

Operating under a clear charter, the committee regularly reviews its effectiveness and engages in ongoing risk management education. These efforts play a vital role in strengthening the organization’s risk governance and supporting the board’s fiduciary duties, ultimately contributing to the organization’s resilience and long-term success.