ASIC releases report on director and officer oversight of non-financial risk

ASIC has urged companies to apply a greater focus and sense of urgency to the oversight and management of non-financial risk.

Launching the report titled, Director and officer oversight of non-financial risk report, ASIC Chair James Shipton said the boards ASIC reviewed were challenged by important elements of non-financial risk management and their oversight of these risks was less mature than required.

“Boards cannot afford to ignore the oversight of non-financial risksAs we have seen, all risk can have financial consequences. If not well managed, non-financial risks carry very real financial implications for companies, their investors and customers,” said Shipton.

NIBA CEO Dallas Booth asking member brokers to pay close attention to the report said, “The ASIC Chair has indicated these are important matters for all companies and all company directors, listed or unlisted, for profit or non-profit, holding or subsidiary. We urge all members who hold company director positions to carefully review this report.”

Focusing primarily on the oversight and management of compliance risk, ASIC’s review found:

  • All too often, management was operating outside of board-approved risk appetites for non-financial risks, particularly compliance risk. Boards need to actively hold management accountable for operating within stated risk appetites.
  • Reporting of risk against appetite often did not effectively communicate the company’s risk position. Boards need to take ownership of the form and content of information they are receiving so that they can adequately oversee the management of material risks.
  • Material information about non-financial risk was often buried in dense, voluminous board packs. It was difficult to identify key non-financial risk issues in information presented to the board. Boards should require reporting from management that has a clear hierarchy and prioritisation of non-financial risks.
  • The effectiveness of board risk committees (BRCs) could be improved. BRCs should meet more regularly, devote enough time and be actively engaged to oversee material risks in a timely and effective manner.

Shipton acknowledge that there is no ‘one size fits all’ solution to these findings, boards need to proactively identify and assess their own characteristics and processes. He said, “Though the review examined companies in the financial services industry, many of the lessons learned can be applied to most public companies in other sectors of the economy.”

Shipton stressed that effective oversight and management of non-financial risk is not novel or impossible and that companies have managed some of these risks well in the past and continue to do so today. “We hope this review provides boards with a useful roadmap to achieve this,” he concluded.