Tate's D&O, Audit Committee & Insurance Blog
A D&O, audit committee and insurance blog for public and private companies, nonprofits, and governmental entities.
The audit committee's role in risk oversight? (12.27.07)

I was reading a brochure for a new one and one half day seminar:  The Audit Committee's Role in Risk Oversight.  The seminar costs approximately $1,100, in addition to time, travel, food, etc. 


Not to beg the question, does the audit committee have a role in risk oversight, or enterprise risk management (ERM) as the brochure specifies? 


Granted, at a certain level audit committee functions and responsibilities relating to the financial statements and the audit (including the related quarterly financial statements, and possible review or compilation reports), the auditor, internal control, potential liabilities, anonymous hotline reporting, and related matters may be considered risk management in nature.  Additionally, an audit committee also may decide to take on risk management oversight functions or responsibilities, such as by so indicating in its audit committee charter.  However, otherwise, I am not aware of any authority that requires an audit committee to serve in a risk management or ERM oversight capacity.


The role of the board's oversight of risk management naturally will vary from entity to entity, as will each individual entity's need for risk management practices.  Whether the audit committee has an expanded function or responsibility for risk management oversight should be the subject of discussion between the board, the audit committee, and management, along with a discussion about just what exactly risk management or ERM is, as defined by that particular corporate entity.  After all, if you don't know what your responsibilities are, it can be pretty difficult to satisfy those responsibilities.


The seminar brochure broadly, and vaguely, states that audit committee members are faced with ever increasing expectations for greater risk oversight, and that many regulatory bodies and leading corporate governance thought-leaders and authorities are calling for more effective enterprise-wide risk management.  Instead, I would start with a detailed discussion about the possible specific types or areas of risk management, then identify and discuss those specific risk management areas in which the audit committee already has an existing function or responsibility required by law, followed by a discussion about other risk management areas in which an audit committee might consider becoming involved, with the agreement of the board which, of course, still does oversee the activities of the audit committee.  These are just my thoughts.


* * * * * 


2007-12-27 23:35:10 GMT
Add to My Yahoo! RSS