In a report released today, ASIC urges companies to apply a greater focus and sense of urgency to the oversight and management of non-financial risk.
Launching the Director and officer oversight of non-financial risk report, ASIC Chair James Shipton said the boards ASIC reviewed were challenged by important elements of non-financial risk management and their oversight of these risks was less mature than required.
‘Boards cannot afford to ignore the oversight of non-financial risks. As we have seen, all risk can have financial consequences. If not well managed, non-financial risks carry very real financial implications for companies, their investors and customers,’ said Shipton.
Focusing primarily on the oversight and management of compliance risk, ASIC’s review found:
- All too often, management was operating outside of board-approved risk appetites for non-financial risks, particularly compliance risk. Boards need to actively hold management accountable for operating within stated risk appetites.
- Reporting of risk against appetite often did not effectively communicate the company’s risk position. Boards need to take ownership of the form and content of information they are receiving so that they can adequately oversee the management of material risks.
- Material information about non-financial risk was often buried in dense, voluminous board packs. It was difficult to identify key non-financial risk issues in information presented to the board. Boards should require reporting from management that has a clear hierarchy and prioritisation of non-financial risks.
- The effectiveness of board risk committees (BRCs) could be improved. BRCs should meet more regularly, devote enough time and be actively engaged to oversee material risks in a timely and effective manner.
‘While there is no “one size fits all” solution to these findings, boards need to proactively identify and assess their own characteristics and processes,’ Mr Shipton said. ‘Though the review examined companies in the financial services industry, many of the lessons learned can be applied to most public companies in other sectors of the economy.’
‘Our report concludes with a series of questions that all public companies might ask themselves. Not all will be relevant to every company, but many will be,’ Mr Shipton said. ‘We urge boards of all large listed companies to read this report and review their governance practices and accountability structures with reference to our findings.’
We acknowledge that there are no ‘easy fixes’ to some of these issues. However effective oversight and management of non-financial risk is not novel or impossible. Companies have managed some of these risks well in the past and continue to do so today. We hope this review provides boards with a useful roadmap to achieve this.’
This report is based on ASIC’s direct review of seven large financial institutions, 60 interviews with directors and officers, an extensive documentation review, and external resources.
Background to the review
ASIC’s Corporate Governance Taskforce is one of ASIC’s new supervisory initiatives and is part of its focus on more intensive supervisory approaches. The Taskforce is conducting pro-active and targeted reviews into the corporate governance practices of Australia’s large listed companies. The focus of the Taskforce’s work is to identify good and poor practices and recommend improvements to lift corporate governance standards.