Principle 4: Relevant risks are identified and managed
The board ensures an appropriate system of risk oversight and internal controls is in place to enable effective identification and management of risk.
Oversight of risk is a critical function of a board, particularly where a management team exists. Most boards are responsible for a level of public resources and almost all have responsibility for some aspect of performance.
There are a number of key risks facing the board that are primary contributors towards board underperformance. These include, but are not limited to:
- Complex structures: The existence of Parliament, ministers, boards and CEOs creates an elaborate set of relationships in the public sector. The respective powers, roles and responsibilities of each party tend to result in greater management complexity in terms of stewardship and accountability.
- Clarity of objectives: Meeting the minister’s expectations is key to a board’s purpose and success, even in periods of change, such as during the caretaker period before an election. The ministerial statement of expectation becomes an essential tool to assist in clarifying objectives and giving the board confidence in continuing its functions until informed otherwise.
- Skill gaps: Boards may lack skills, knowledge or experience to make sound decisions. Skills audits and the development of a skills matrix, help to mitigate these risks, particularly in relation to the selection of new members. Ideally the composition of the board should be reviewed by the corporate governance committee (if established) or the board as a whole on an annual basis.
- Conflicts of interest: Board members appointed to represent different interests may prioritise representing an interest over being a board member. This risk needs to be managed by the chair, as it may compromise board unity and effectiveness.
The board’s management of risk is appropriate
The Treasurer’s Instructions issued under the FM Act require all public sector bodies to institute suitable risk management policies and practices. As such, the board needs to be satisfied that the public sector body’s approach to risk is appropriate.
When it comes to managing risks there are some key questions to consider in relation to governance ad compliance:
- What are the key risks?
- Are you doing all that is reasonable to manage them?
- Can you demonstrate transparency in your decisions?
- Can you demonstrate compliance with relevant legislation, Public Sector Commissioner’s Circulars and Treasurer’s Instructions?
To ensure the board is able to answer these questions it is essential that the board:
- leads by example in setting the right tone
- has an agreed view on risk tolerance
- aligns the public sector body’s culture with the agreed tolerance
- has effective risk management systems and reporting structures
- is comfortable that effective internal control processes are in place.
It is important that the board chair takes responsibility for managing the key risks identified above and keeping members informed of their obligations and responsibilities. It is important to develop and implement a risk reporting framework that identifies and tracks governance and strategic and operational risks.
The board should clearly understand the legal and policy framework in which it operates, as well as the overall risk context, which includes the organisational and whole-of-government perspective. Key stakeholders need to be clear about their respective responsibilities, accountabilities, and the reporting and supervision systems that are in place.
To avoid any confusion about objectives, the board should develop a charter expressing its understanding of its role, authority and responsibility, and the way in which it intends to work with the public sector body. It is important this be ratified by the minister.
The board should monitor the implementation of risk policy by regularly reviewing risk management reports on key organisational risks. The board’s audit committee, where one exists, can play a role in oversight of the public sector body’s financial and non-financial risks.
If any member has concerns about potential personal liability when carrying out their role, it is recommended they refer to the Statutory Corporations (Liability of Directors) Act 1996 and seek advice from the Insurance Commission of Western Australia or the State Solicitor’s Office.
Quick review – Risk management
- Is there an effective procedure in place for the board to identify, assess and manage risk?
- Does the board devote time in its agendas for meetings to consider risk?
- Does the board ensure that management has designed and implemented systems to give effect to policies and procedures endorsed by the board, and to periodically report to the board as the what extent those risks are being effectively managed?
- Does the board conduct comprehensive risk management reviews on a regular basis?
Further information is available under good governance guides.
Page last updated 23 May 2017