ICGN Guidance

on Corporate
Risk Oversight
Influence Connect Inform
Published by the International Corporate Governance Network 2015. 3rd Edition.

All rights reserved. Dissemination of the contents of this paper is encouraged. Please give full
acknowledgement of the source when reproducing extracts in other published works.

ICGN, the contributors and the editor of this publication accept no responsibility for loss
occasioned by any person acting or refraining from action as a result of any views expressed in
these pages. No one should act upon such information without appropriate professional advice
after a thorough examination of the particular situation.

British Library Cataloguing in Publication Data

ISBN 978-1-907387-13-5

© International Corporate Governance Network

2
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

ICGN
Guidance on
Corporate
Risk Oversight

3
4
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

Preamble
The International Corporate Governance Network (ICGN) is an investor-led body with a mission
to inspire and promote good governance standards to advance efficient markets worldwide.
Established in 1995 and present in over 45 countries the ICGN membership includes global
investors with assets under management in excess of US$ 26 trillion. ICGN Principles and Guidance
are therefore substantively developed from an investor perspective, while taking into account other
parties including companies, professional advisors and academics.

For companies and investors alike, risk taking is an inseparable element of strategy and a crucial
driver in achieving objectives, including optimising value over time. Risk is part of every decision a
company makes. Strategy and risk are not new concepts, although it is recognised that risk is a
subject of increasing attention and regulatory and legislative movements in many jurisdictions. The
board’s and investors’ ability to gauge and respond to how a company understands and manages
risk has broader relevance beyond the board and investors alone. It bears on the company’s impact
on all stakeholders including employees and the communities in which a company does business,
and in certain instances, national or international markets.

Financial stability and non-financial factors are both important determinants of corporate strategy.
Risk and risk oversight must therefore be understood broadly. In this document risk is defined1 as
the effect of uncertainties on corporate objectives, recognising that the effect can be either positive
or negative. Boards and investors need to consider material risks which are manageable within
the organisation’s sphere of influence including but not limited to financial, market, operational,
environmental, ethical, fraud, legal and compliance, reputational, environmental and social risks.
Risk oversight is defined as the board’s supervision of the risk management framework2 and risk
management process3. Risk management, as a responsibility of a company’s management team, is
distinct from risk oversight.

Boards and investors have a joint responsibility to engage in substantive and effective
communication on corporate risk oversight. Communication models and methods for this should not
be any different than for other corporate governance matters. However, the topic of corporate risk
oversight is a subject on which boards and investors should engage. Active, informed, constructive
and periodic communication between board members and investors is crucial for a mutual
understanding of corporate strategy, risk and risk oversight. Such dialogue should be founded upon
an appropriate and comparable level of respect, trust, seniority, skill and professionalism between
investors and companies.

The objective of this guidance is to help investors assess how well a portfolio company’s board
either4 is effectively overseeing risk management. Further, the targeted audience is broader than
just company boards and investors; it includes auditors, risk advisory and rating firms as well as
provincial, national and international supervisory bodies.

5
This Guidance assumes the following about the design of risk governance, including process, roles
and measurement of outcomes:

• The risk oversight process begins with the board. The unitary or supervisory board has an
overarching responsibility for deciding the company’s strategy and business model and
understanding and agreeing on the level of risk that goes with it. The board has the task of
overseeing management’s implementation of strategic and operational risk management.

• Corporate management is responsible for developing and executing a company’s strategic and
routine operational risk programme, in line with the strategy set by the board and subject to its
oversight.

• Shareholders, directly or through designated agents, have a responsibility to assess and

monitor the effectiveness of boards in overseeing risk at the companies in which they invest and
to determine what level of resources they will dedicate to this task. Investors are not themselves
responsible for risk oversight at corporations.

This Guidance specifically address the challenges investors have, directly or through agents, in
addressing risk at specific portfolio companies. However, it is well-recognised that investors also
need to address risks in other ways that lie beyond the scope of this guidance. For instance, they
should identify, understand and take responsibility for how risks are managed in indexed portfolios.
They should understand and take steps to manage their exposure to portfolio risks that could result
from aggregation of investments which are exposed to similar events. In any case, beneficial owners
should monitor and make conscious choices involving risk based on an evaluation of long-term
effects on the interests of underlying fund beneficiaries and participants.

The Guidance does not in any way seek to eliminate or minimise risk taking. In a healthy dynamic
market profits are largely sourced from risk taking. Companies and investors alike are aware of
this. However, a sound risk management programme should demonstrably identify and reduce the
frequency of potentially large loss events. Such large loss events may be particularly likely to occur
as a result of a failure to manage portfolio risk, rather than as the result of the company-specific risk.

The Guidance is divided into four sections. Part 1 clarifies the ICGN principles on corporate risk
oversight; Part 2 follows with guidance on the board process related to corporate risk oversight. Part
3 follows with guidance on disclosure relating to corporate risk. Part 4 focuses on example questions
for the dialogue between companies and investors.

6
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

The ICGN Corporate Risk Oversight Guidance is intended to be of general application globally, while
recognising that companies are obliged to comply with applicable national legislative frameworks,
regulatory disclosure requirements or listing rules. As global guidance, it should be read with an
understanding that local rules and cultural norms may lead to different approaches to governance
practices. ICGN Members support the flexible application of this Guidance and therefore the specific
circumstances of individual companies, investors and the markets within which they operate should
be recognised. The Guidance supplement the ICGN Global Governance Principles which clarify the
responsibilities of boards of directors and investors in their mutual interest to protect and generate
corporate value over the long term.

7
8
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

Contents
Part 1: ICGN Principles on corporate risk oversight 11

Part 2: Guidance on board process 12

2.1 Proactive Risk Oversight 12

2.2 Comprehensive approach 12

2.3 Risk culture 13

2.4 Dynamic process 13

2.5 Risk Committee positioning 13

2.6 Non-executive board members 14

2.7 Board competency 14

2.8 Access to information 14

2.9 Chief Risk Officer 14

2.10 Dialogue with investors 15

2.11 Investor responsibility 15

2.12 Investor self-assessment 15

Part 3: Guidance on disclosure 16

3.1 Comprehensive information 16

3.2 Frequency 16

3.3 Format 16

3.4 Structure 16

3.5 Policy 16

3.6 Process 16

3.7 Board competency 16

Part 4: Company and investor dialogue 18

Annex 1: ICGN Guidance 23

9
10
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

Part 1: ICGN
Principles on
corporate risk
oversight
The ICGN Global Governance Principles define assumptions. The company’s culture with regard
the following in terms of corporate risk oversight: to risk and the process by which issues are
escalated and de-escalated within the company
Proactive oversight should be evaluated at intervals as appropriate
The board should proactively oversee, review to the situation.
and approve the approach to risk management
regularly or with any significant business change Dynamic process
and satisfy itself that the approach is functioning The board should ensure that risk is
effectively. Strategy and risk are inseparable appropriately reflected in the company’s
and should permeate all board discussions and, strategy and capital allocation. Risk should be
as such, the board should consider a range of managed accordingly in a rational, appropriately
plausible outcomes that could result from its independent, dynamic and forward-looking
decision-making and actions needed to manage way. This process of managing risks should be
those outcomes. continual and include consideration of a range of
plausible impacts.

Comprehensive approach
The board should adopt a comprehensive Risk Committee positioning
approach to the oversight of risk which includes While ultimate responsibility for a company’s risk
all material aspects of risk including financial, management approach rests with the full board,
strategic, operational, environmental, and social having a risk committee (be it a stand-alone risk
risks (including political and legal ramifications committee, a combined risk committee with
of such risks), as well as any reputational nomination and governance, strategy, audit
consequences. or other) can be an effective mechanism to
bring the transparency, focus and independent
judgement needed to oversee the company’s
Risk culture
risk management approach.
The board should lead by example and foster an
effective risk culture that encourages openness
and constructive challenge of judgements and

11
 Part 2: Guidance
on board process
2.1 Proactive risk oversight management framework, allocated staff
and resources should be appropriate and
The corporate board has a responsibility to sufficient to properly conduct the risk
take steps to ensure that it has a proactive management process.
and dynamic approach that results in
effective oversight of risk management.5
Strategy, risk and risk management are
2.2 Comprehensive approach
inseparable and should be connected in A common definition of risk must be
all discussions by the board or supervisory understood by all stakeholders within an
board. Capital allocation and capital organisation. The critical aspect of the
structure should be visibly aligned with definition is that the board, management
strategy and risk appetite. The board and employees understand the meaning
should hold management accountable for of risk as it relates to their individual
developing a strategy that correlates with responsibilities.
the risk appetite of the organisation.
Boards should ensure that management
Boards are responsible for approving has a company-wide view of risk which
corporate strategy and overseeing contemplates the potential effects of
enterprise risk management, including simultaneous interaction among the
risk appetite. These should be connected various risks, both on the company and
to an appropriate risk management the wider financial system. Such an
methodology based on an established aggregated view should be evaluated
risk management process. The board at least annually for alignment with
should hold management accountable the organisation’s strategic plan and
for designing and implementing a objectives and regularly reported to the
risk management system. The risk board.

12
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

2.3 Risk culture stakeholder opinions and impacts

that could alter the effectiveness of a
Board dynamics are fundamental to the company’s strategy or even the viability
decision making process for overseeing of a company and or its industry. Boards
strategy and risk management. Non- should be particularly mindful of systemic
executive board members have an risks, where risk taking behaviour by one
important role and should have the ability or more companies can compound to
to improve or challenge boardroom the detriment of the company’s investors,
dynamics. It is the responsibility of all other stakeholders, and even society more
board members to exercise independent broadly.
and active oversight. It is crucial that
independent judgement be supported
by a far reaching understanding of the 2.5 Risk Committee positioning
company, its strategy, and its industry.
Responsibility for risk oversight rests with
Boards should lead by example and foster
the full board, even if a risk committee
an effective and demanding risk culture in
or other specialised committees are
the boardroom and the broader company.
established. Delegation of responsibility
Boards should specify their expectations
to specialised committees is an important
of a risk culture for the enterprise.
tool in strengthening the board’s capacity
A company’s culture and organisational in overseeing risk. If the board allocates
structures should encourage openness, responsibility for risk oversight to one
dynamic dialogue on risk and strategy, as or more committees, it should describe
well as constructive challenge of judgment the terms of reference for these bodies
and assumptions. Periodic assessments in its corporate governance principles
should be undertaken to evaluate both the and committee charters and ensure that
company’s and the board’s culture with members have sufficient skills in strategy,
particular regard to risk and the process operations and understanding of the
by which issues are escalated and de- company. The board should determine
escalated within the company. how the work of its committees is to be
coordinated and how it is integrated in the
board’s discussions on strategy.
2.4 Dynamic process
Boards should directly influence the risk
Boards are responsible for overseeing profile of a company. This includes making
the way in which the risk management key decisions such as setting boundaries
process recognises, prioritises and outside which the management is not
effectively responds to risk. Boards should permitted to operate; defining succession
maintain an active and alert attitude to plans for top management; defining a
unforeseen risk. They should be attentive selection process for new members
not just in the context of negative events, of the board and of top management;
but also by taking onto account the and defining incentive schemes for top
changing landscape of opportunities and management.
threats. They should also understand

13
2.6 Non-executive board members 2.8 Access to information
Non-executive board members, through a Reliable and timely information are
specialised committee, and/or the outside important features as they allow boards to
chair or lead or senior independent incorporate insightful information in making
director, should collaborate with executive decisions. Information protocols within a
directors and management to determine company should allow for and anticipate
which information the non-executive board the continually changing landscape in
members receive on risk matters -- and which companies operate. The board
how frequently. must recognise that a failure to act on
Non-executive board members should information it has can be just as damaging
have the rights and capacity to obtain as not having the information at all.
information from other sources and Boards should determine that the risk
advisors, including those outside the information provided to the board is
company. Clarity in decision making complete and reliable with regard to
structures and a disciplined approach identified risks and that the management
to risk taking should not preclude has undertaken all reasonable endeavours
boards from actively gathering additional to identify all material risks. Boards
information from any member of executive should periodically pose the question as
management. to whether or not current management
has the capacity to effectively identify,
explain and execute strategy and risk
2.7 Board competency
processes. Boards should ensure that
In order for the board to be equipped such responsibilities and skills are among
to carry out its responsibility for risk job performance benchmarks for senior
oversight, it must have a sufficient executives both as part of succession
knowledge and understanding of the planning, ongoing supervision of
company and its industry. Boards should management and executive remuneration
assure themselves through periodic policies.
assessments that the board composition
and director skill sets are appropriate for
2.9 Chief Risk Officer
effectively overseeing the process and
content of material risk. Gaps in necessary The board should determine if it is
collective competencies or knowledge appropriate for the company to create
can be addressed by educational a dedicated management position
programmes and through the selection responsible for risk identification and
process for new board members. reporting to the board for example, a
Whatever body is charged with selecting chief risk officer (CRO). The board should
director candidates, it should ensure establish, and publicly communicate, the
that nominees have the appropriate criteria that underpin such a decision.
level of capability and related experience If the board determines that such a
commensurate with the strategic and risk dedicated position is not necessary, then
complexity of the company.

14
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

it should identify the person or persons 2.11 Investor responsibility

who are to assume responsibilities for risk
management, commensurate with the role Investors should take effective steps to
of a chief risk officer. An executive, like assess a board’s oversight of risk with
the Chief Financial Officer, where the role respect to the company’s strategy.
includes the responsibilities of the CRO. In carrying out ownership responsibilities,
The executive has access but does not it is incumbent upon investors to have
report to the non-executive directors of the the capacity to inform themselves of and
Risk Committee or the committee with the monitor on an ongoing basis, the quality
responsibility to oversee risk. of strategy and risk oversight by boards of
If the board determines that such a investee companies. They may do so by
dedicated position is necessary, then a relying on company disclosures, in-house
dedicated CRO should report directly, and research and/or external sources.
independently of executive management,
to the Risk Committee. The position of a 2.12 Investor self-assessment
chief risk officer or equivalent should be
empowered by the requirement that only Investors should, on a periodic basis,
independent directors - and not executive undertake an assessment of their own
management - can alter the terms of resources, skill base and outsourcing
employment. options to ensure that they meet agreed
levels of responsibility for monitoring
boards on risk oversight. The assessment
2.10 Dialogue with investors could include, for example, a review of
Boards should make available to investors whether and how internal remuneration,
one or more communication channel(s) job descriptions and staff performance
for periodic dialogue on governance reviews may be tied in part to such
matters, including the board’s role in risk analyses. Investors should provide
oversight. Boards should clearly explain beneficiaries with a periodic statement
such procedures to investors, including explaining their strategy and capacity
guidance related to compliance with fair for analysing and monitoring current
disclosure and other relevant market rules. or prospective portfolio companies
Boards should regularly invite investors for strategy, risk oversight, and risk
to express views and concerns regarding management. For example, where they
strategy and risk oversight. utilise external services for this, they
should consider disclosing the name of
the provider of the services in question,
the nature of the mandate they have been
given and procedures for monitoring
performance of the provider. The external
provider should be asked by the investor
to provide regular updates on how they
fulfil this aspect of their mandate.

15
 Part 3: Guidance
on disclosure
3.1 Comprehensive information 3.2 Frequency
The board should concisely disclose Disclosure should be made at least
information sufficient for investors to make annually, in conjunction with an
judgments on the quality of the board’s organisation’s regular financial reporting
oversight of the risk management process. process.
The periodic risk oversight statement to
investors, should include information on at 3.3 Format
least the following:
Boards should provide investors with
• how and how often strategy, level of risk
a statement that includes information
appetite, and risk oversight are assessed by
on risk oversight procedures and board
the board in connection to each other;
perspectives on risk in the approved
• how and how often the suitability of the strategy. This should be in a text identified
capital structure, the capital allocation as distinct from any reports or disclosures
process, the risk management framework issued by management concerning specific
and the risk management system are risks faced by the company. The disclosure
assessed with respect to strategy and risk statement should be consistent with the
appetite; size and complexity of the company.
•h
 ow and how often the structure of
information flow and levels of decision
making regarding actively taken risks are
assessed with regard to effective risk
oversight;
• how and how often stakeholders are
considered in the risk management process;
• how the board addresses its responsibility
for risk oversight in its annual evaluation
process.

16
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

3.4 Structure 3.6 Process

Boards should explain to investors those Boards should explain to investors it has
aspects of the corporate governance collectively reviewed, challenged and
structure that the board relies upon to approved management’s information on
oversee the strategy and material risks of company risk and risk management in light
the company, including whether a board of the company’s strategy.
level committee specialised in risk exists, Boards should disclose risk oversight
the nature of its responsibilities, skills and challenges that may have emerged over
the feedback loop into the board’s strategy the reporting period, including actions
discussions. taken or plans to address them. The board
should describe how it dealt in respect
3.5 Policy of procedure with any failures of risk
oversight. The board should explain how
In disclosures, a board should describe on an ongoing basis it seeks to improve
the company’s approach to risk within the risk oversight
context of current corporate strategy, the
Boards should disclose how they ensure
process used to set parameters of the
that broader economic risks and systemic
company’s risk tolerance, the frequency
industry risk that can affect probabilities
with which these parameters are reviewed,
of achieving the company objectives are
and whether any limits on risk-taking are
taken into account. This explanation should
imposed on management.
include consideration of multiple events
Boards should disclose (any changes in) occurring simultaneously.
material risks, including changes that result
from modifications of strategy as well as
changes in the company’s environment 3.7 Board competency
(e.g., market shares and competitors). Boards should provide sufficient
Boards should disclose how they monitor information on their own members so
the robustness of contingency and that investors can effectively evaluate the
resilience planning for risk threats and full board’s integrity and qualifications.
opportunities. For instance, boards may disclose
Boards should clearly articulate how member competencies, continuing
they ensure that variable pay practices education programmes, industry and risk
for executives align with the company’s management knowledge and experience,
strategy and risk management and the and adherence to board ethics standards.
current state of the company. Boards are encouraged to communicate
openly about any current identified gaps
in board competence and their course of
action to address these.

17
 Part 4: Company
and investor
dialogue
Information on risk 8. In which areas of the company is risk policy
most challenged?
1. 
What are the material risks that the 9. How does the company define and disclose
company faces, in the context of the its material strategic risks?
organisational strategy and its industry
sector? 10. What business environment risks might be
created by the actions of the company and
2. How much risk is the company taking in its industry?
order to achieve its strategic objectives?
11. Can the board explain the risk
3. Does the management maintain an considerations that underpin any changes in
adequate risk management system? strategy?
4. Does the board possess the competencies, 12. Does the company have a crisis
structures and processes to maintain risk management plan in place?
oversight?

Comprehensive approach
Proactive risk oversight
13. How does the board assess whether there
5. 
Does the board have a framework to make is an effective and comprehensive risk
meaningful judgments about risk tolerance management system in place?
and risk appetite?
14. What evidence is there that the board and
6. How does the board assess whether it management are aligned in their view of the
understands its mandate and role in risk board’s role in risk oversight?
oversight?
15. How do members of the board familiarize
7. Does the board periodically consider and themselves with trends or potential risks
quantify the corporation’s capability to take specific to the company?
on and manage risk?

18
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

Risk culture 24. To what extent does the board retain
independent counsel and expertise
16. What measures does the board take to in executive remuneration and CEO
instil from the top and throughout the succession & selection to ensure effective
company a culture of risk monitoring and organizational and leadership risk
accountability? management?

17. What steps does the board take to 25. In financial services firms, who is
ensure that management at relevant levels responsible for setting overall trading and or
of the company understands that the credit limits? How are individually-assigned
board maintains robust oversight of risk limits or group limits associated with similar
management? types of risk set, monitored and controlled?

18. What is the risk culture in the company? 26. How is it evaluated and decided as to
How does it compare to the desired whether a dedicated risk management
risk culture in the company? How does function should be created?
the design of risk oversight and risk 27. What are the specific criteria of a company’s
management support the desired risk risk management system on which the
culture? creation of a Corporate Risk Officer function
19. Does the board maintain, monitor and is based?
refresh an ethics policy for itself and
employees and, if so, how is such policy
embedded throughout the organisation? Dynamic process
20. Can the board explain (irregular) changes 28. How many risk issues were communicated
in the composition of the board and to the management and the board within
management? the last year and what was their response
to these issues?

Structures 29. Who are the company’s most highly

remunerated employees and why? Are
21. How does the board allocate risk oversight their incentives based on risk-adjusted
responsibilities between its committees? performance, and if so, how?

22. How does the board ensure effective 30. How effective is the company’s whistle-
communication between its committees blowing policy, and how often is it used?
with respect to risk? 31. How much board or management time
23. Can the company clearly define the is spent on contingency planning (i.e.
relationship between the risk, audit, and resilience planning rather than identification
remuneration committees? How does the of risks)?
board avoid committees working in isolation
of each other?

19
32. What were the main recommendations Results
relevant to risk management from the last
board evaluation and what has been done 40. Can an executive describe the role of
to address them? risk oversight in his or her daily job in
33. What were the main recommendations association to the company’s business and
concerning risk made by the external strategy?
auditor, and what has been done to address 41. What evidence demonstrates that the
them? board, on an ongoing basis, is committed
34. Does the board have a clear picture of to improving risk oversight?
the risk related to the macro environment 42. What is management doing to improve
and geopolitical environment in which it is risk management? What were the latest
working? improvements and which improvements are
35. Does the board have the necessary blend currently being worked upon?
of business and industry knowledge and
experience to assess risk?
Crisis management7
36. How does the board assess the
effectiveness of its risk management 43. How does the board get information during
systems in enabling the business model to a crisis?
deliver sustainable profits?
44. How does the board determine its role in a
37. Does the board have an adequate system crisis?
of assurance in place to assist with the
company’s risk oversight responsibilities? 45. How does the organization determine
how and what it will communicate with
stakeholders following a crisis?
Access to information6 46. Does the board consider information from
investors that may avert a crisis?
38. How does the board demonstrate that
it has an adequate and up-to-date 47. How effective are management and the
appreciation of the nature, types and board in identifying early warning signals?
sources of risk faced by the organization? 48. What are the plans for business continuity
39. Does the board have access to unfiltered following a crisis?
information from management about the • See opposite page for steps a board should
risks facing the company? consider in a crisis

20
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

Crisis management
Crisis has struck: Immediate steps a board should take during a crisis

Required action Why

Designate immediate To take immediate charge of project stability,

spokesperson for the board continuity and control over the situation.

Appoint crisis management team To report directly to appropriate board

committee. Crisis team should be unrelated
to events that led to crisis

Appoint independent legal and/or To conduct an internal investigation of events

forensic/ technical specialist leading to crisis

Check if adequate governance To ensure management and board

mechanisms are in place succession plans are robust and ready
for activation and to ensure appropriate
disclosure mechanisms are in place.

Assess the role of the external To determine if the nature of the crisis relates
auditors to accounting standards, and if so, to which
extent auditors had identified red flags and
properly alerted the board; if appropriate, to
take remedial measures.

Develop and implement To keep key stakeholder including regulators,

communications plan investors, customers and employees
informed

Institute appropriate board To enable timely, frank, and where needed

governance mechanisms executive session-only, discussions

21
End Notes
1
 his definition, as other definitions in this document, is in line with the definition as stated in the ISO Guide 73.
T
Risk oversight is not a defined term in ISO guidelines.
2
 he risk management framework is defined in line with the ISO Guide 73 as the set of components that provide
T
the foundations and organizational arrangements for designing, implementing, monitoring ([Link]), reviewing and
continually improving risk management (2.1) throughout the organization. References between brackets refer to the
ISO Guide 73.
3
 isk management process is defined in line with the ISO Guide 73 as the systematic application of management
R
policies, procedures and practices to the activities of communicating, consulting, establishing the context, and
identifying, analysing, evaluating, treating, monitoring ([Link]) and reviewing risk (1.1). References between
brackets refer to the ISO Guide 73.
4
 he principles are intended to apply to both a single-tier board and a two-tier board structure. When referring to the
T
“full board” or “the board” it is intended that this be specific to the actions of the non-executive and other directors
that may comprise the supervisory board in a two-tier system or the unitary board in a single-tier system.
5
 n example of further guidance and information is the Financial Reporting Council’s Guidance on Risk
A
Management, Internal Control, and related Financial and Business Reporting (2014).
6
 Framework for Board Oversight of Enterprise Risk, John Caldwell CPA, CA, Chartered Professional Accountants
A
of Canada, 2012. [Link]
director-briefings/[Link]
7
 0 Questions Directors Should Ask about Crisis Management, Doug Enns, FCA, [Link] & Hugh Lindsay, FCA, CIP,
2
Chartered Professional Accountants of Canada 2008. [Link]
strategy-and-risk/directors-series/20-question-series/[Link]

22
ICGN GUIDANCE ON CORPORATE RISK OVERSIGHT

Annex 1: ICGN Guidance

Anti-corruption Practices

Corporate Risk Oversight

Executive Remuneration

Gender Diversity on Boards

Integrated Business Reporting

Institutional Investor Responsibilities

Model Mandate: Contract Terms Between Asset Owners and Managers

Non-executive Director Remuneration

Political Lobbying and Donations

Securities Lending Code of Best Practice

What investors want from financial reporting

23
Contact
Email: secretariat@[Link]
Phone: +44 (0) 207 612 7011
Web: [Link]
Post: ICGN Secretariat, Saffron House, 6 -10 Kirby Street, London, EC1N 8TS, UK