Module D – Risk, Control, and Culture

Module Summary:

Module D will consider how to ensure an effective risk management and internal control system through effective oversight by the supervisory board.

The session will cover all aspects of an effective risk management system, including:

  • The roles of the supervisory board and its key committees in relation to risk governance and internal control;
  • The internal control system and the ‘three lines’ approach (including the role of effective compliance, risk management, and internal audit functions);
  • The required components for an effective risk management process, including strategy, risk mapping, organizational structures, transparency and accountability, and embedding risk awareness into corporate culture;
  • Defining risk appetite and how to ensure its implementation;
  • The embedding of sustainability and climate risk into risk management systems.

The session will then focus on the key aspects of an effective internal control system, including in particular financial controls and the role of the supervisory board’s audit committee in statutory audits (looking also at the process for auditor nominations and auditors’ independence).

The company’s culture is also key to effective risk management, and the module will look at how codes of conduct can be used as a means to improve culture. This part of the module will also look at whistleblowing policies and procedures, the management of conflicts of interest and related-party transactions, and how to limit the potential for insider trading and market abuse.

Finally, the module will consider remuneration as a mechanism for ensuring an effective risk culture, and the process for setting executive remuneration policies and KPIs.