[Mar 2016]




Featured images

10 principles to strengthen the risk management system

Written by: Ms. Winnie Leung - Risk Manager

With the new corporate governance code in effect from 1 January 2016, the board is responsible for evaluating and determining the nature and extent of the risks it is willing to take in achieving the issuer’s strategic objectives, and ensuring that the issuer establishes and maintains appropriate and effective risk management system. To assist the board in strengthening their oversight of the risk management of the company, we are going to provide a brief summary of 10 principles which are recommended by the National Association of Corporate Directors (NACD) published in its Report of the NACD Blue Ribbon Commission – Risk Governance: Balancing Risk and Reward (the “Report”).


  1. Identify key drivers for the success of the company

The board should understand the business and the industry in which the company operates. It helps to identify the internal and external risks faced or to be faced by the company. Besides, they should also find out the value drivers and critical issues which may affect the risk oversight processes.

  1. Assess the risks in the company’s strategy

The board should identify the critical enterprise risks that may affect the implementation of the company’s strategy and achievement of the company’s goal. It is important for the directors to understand the risks inherent in the business model and to agree with the management on the risk appetite in achieving the goal.

  1. Define the responsibility of the board and board committee in regard to risk oversight

The board is responsible for the overall risk oversight while the board committee is responsible for supporting the risks inherent in areas which they take up.

  1. Allocate sufficient resources for risk management system

Risk management is affixed to the performance management. The resources are not only provided for risk identification, but also for managing, mitigating and monitoring risks. Better resources allocation could enhance the effectiveness of risk management system.

  1. Specify the information required from the management

The board should have a better communication with the management on the information they require for the risk assessment processes. The Report introduces five categories of risks generally faced by the board:

  • Governance risks
  • Critical enterprise risks
  • Board-approval risks
  • Business management risks
  • Emerging risks and non-traditional risks

  1. Communicate with the management

Effective communication between the management and the board could allow the board to have a better understanding of the company’s success and failure, also the company’s sensitivity towards the market.

  1. Monitor the potential risks related to incentive structure

The board should monitor and evaluate the compensation structure to ensure that they are not encouraging the undertaking of any unacceptable risks.

  1. Align with the corporate goal

The board should ensure that the processes are consistent with other critical elements in the company, such as people and operation. If there is disagreement among the components, the risks may not be effectively monitored and followed up and the goal of the company may not be achieved.

  1. Consider emerging and interrelated risks

The board should ensure that the management has considered the risks far enough, has devoted sufficient time to monitor the changes in both internal and external environment and has prepared corresponding responses.

  1. Review the risk assessment processes periodically

As required by the corporate governance code, the board should review the risk assessment processes regularly to ensure its effectiveness.


Listed companies should establish the risk management processes to fulfill the new requirements of corporate governance code. The board is recommended to adopt these 10 principles to evaluate the risk assessment processes in order to ascertain if there is need to renew and redirect the processes.


Source: Chapter 4, Report of the NACD Blue Ribbon Commission – Risk Governance: Balancing Risk and Reward, National Association of Corporate Directors, October 2009, pages 14-19.


If there are any aspects which we may assist, please do not hesitate to contact:

Partner In Charge - Mr. Roy Lo
roy.lo@shinewing.hk (Tel. 3583 8048) or

Senior Risk Manager - Ms. Gloria So
gloria.so@shinewing.hk (Tel. 3583 8517)


SHINEWING Risk Services Limited

Contact Us

SHINEWING Risk Services Limited
43/F., Lee Garden One, 33 Hysan Avenue Causeway Bay, Hong Kong,

T. (852) 3583 8000

F. (852) 3583 8532

W. www.shinewing.hk

E. risk@shinewing.hk


product image


SHINEWING Risk Services Limited is an industry leader with many years of experience in risk management and internal control review services in China and Hong Kong. SHINEWING has maintained its leadership position in the market over the years.

Headquartered in Beijing and with branch offices in Hong Kong, Singapore, Japan, Australia, Pakistan, Shenzhen, Chengdu, Shanghai, Xi’an, Tianjin, Qingdao, Changsha, Changchun, Yinchuan, Jinan, Dalian, Kunming, Guangzhou, Fuzhou, Nanjing, Urumqi, Wuhan, Hangzhou, Taiyuan, Chongqing, Nanning and Hefei. SHINEWING is ideally positioned to provide services for our valued clients.


(c)2016 SHINEWING Risk Services Limited. All rights reserved.

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.