The board and its audit and risk committees play a key governance role and the paper describes the ‘three lines of defence’ – senior management (the risk takers in the business); those responsible for risk oversight and risk guidance; and providers of independent assurance to the board regarding the effectiveness of risk management processes. Detailed guidance on the roles of operational risk functions is also given along with governance responsibilities towards external stakeholders, such as regulators, investors, rating agencies and suppliers.
This is a comprehensive paper on Operational Risk Governance that shows the high standards that executives, as well as operational risk managers, must achieve in order to both reap valuable benefits and to meet ever increasing expectations of operational risk management.
Edward Sankey the IOR Chairman says:
“Risk governance is not just about complying with a set of rules. It’s an integral part of the day to day running of a business which is why risk policies and risk appetites will only be effective if they operate within a clear risk governance framework that puts in place a structure of risk responsibility throughout the firm.
“Good risk governance from the board down is therefore essential so that everyone in the firm is clear about their operational risk roles and responsibilities. It requires open communication up and down the firm so that the quality of discussion, and resulting decisions reflect a real commitment of senior management to risk management.”
“But all of this is only possible if there is a sound governance framework and a risk culture which is embedded throughout the organisation and involves everybody in it.”