A lack of clarity over the responsibility for risk governance in Singapore has been exposed by a joint KPMG Singapore and Institute of Singapore Chartered Accountants (ISCA) survey.
Of the 250 respondents, 34% said their board was responsible for risk governance, 26% said it was management’s responsibility and 19% said it was the responsibility of board committees.
The survey also revealed differences in which board committee is responsible for overseeing risk governance within surveyed companies.
Over a quarter of respondents, 29%, said they relied on their audit committee for risk governance and 14% established a separate board risk committee. 57% did not disclose the information.
KPMG Singapore head of risk consulting Irving Low said: “The findings suggest that more work is needed to clarify risk governance responsibilities of the board, board committee and management of the organisation.”
The study also linked the existence of a board risk committee with a more mature risk management practises, as 34% with a committee also had a dedicate chief risk officer, compared to 3% for companies without such a committee.
Of those with board risk committees, 69% have an in-house internal audit function and 71% disclosed their risk management framework, compared to 27% and 40% respectively for companies without.
Low explained :”Companies in complex and highly regulated industries typically have invested resources into establishing separate risk structures such as board risk committees and CROs.”
Overall, 85% of respondents did not reveal if there was a C-suit executive responsible for risk governance in their organisation and only 12% had a management risk committee.
The study did find the introduction of the SGX Listing Rule 1207(10), aimed at audit committee disclosure, had raised standards for internal control systems, however it noted that some of them did not satisfactorily explain how they concluded they had adequate controls.
Overall, ISCA vice president R. Dhinakaran said: “Our joint study revealed that there are gaps regarding the substance and quality of the disclosures of the sampled companies’ risk management and internal control frameworks in their annual reports.”