Practice Guidance 9: Risk Management and Internal Controls
The Board is responsible for the governance of risk, including determining the nature and extent of the significant risks which the company is willing to take.
The Board oversees the company's risk management framework and policies, and ensures that Management maintains a sound system of risk management and internal controls.
The Board may delegate responsibility for risk governance to a board committee, such as the Audit Committee or a separate Board Risk Committee.
The Board, with the assistance of a board committee (where established), should review, at least annually, the adequacy and effectiveness of the company's risk management and internal control systems and comment4 on the same in the company's annual report. Such a review can be carried out internally or with the assistance of any competent third parties.
The Board's commentary in the company's annual report should include:
4 Refer to Rules 610(5) and 1207(10) of the SGX Listing Rules (Mainboard) / Rules 407(4)(b) and 1204(10) of the SGX Listing Rules (Catalist); Main Board Practice Note 12.2/ Catalist Practice Note 21B—Internal Controls and Risk Management Systems.