Module 3: Roles & Responsibilities of the Risk Committee

🟩 Module 3: Roles & Responsibilities of the Risk Committee

📘 Reading Material

🎯 1. Understanding Risk Appetite & Tolerance

Risk appetite refers to the level and type of risk that an organization is willing to pursue or retain to achieve its objectives. Risk tolerance is more specific — it refers to the acceptable variation in outcomes related to particular risks.

In the context of a public company in Myanmar (such as Concordia Public Co., Ltd.), the Risk Committee should define and periodically review these thresholds with inputs from the Board, CFO, and operational departments.

Examples:

• The company may tolerate a 2% fluctuation in currency risk but have zero tolerance for regulatory violations.

• A new product launch might involve high operational risk but can be pursued within defined limits.

🔺 2. Code Red Escalation & Whistleblowing Protocol

“Code Red” situations are high-severity issues such as theft, fraud, legal threats, data breaches, or significant reputational damage. These must be escalated two levels up to avoid internal suppression or delays.

The Risk Committee is tasked with:

• Ensuring clear protocols for staff to report such incidents (anonymously if needed)

• Overseeing the investigation process in collaboration with Internal Audit

• Ensuring non-retaliation policies protect whistleblowers

📌 3. Strategic Oversight

The Risk Committee also plays a vital role in reviewing strategic decisions such as:

• Entering new markets

• Mergers or major tenders

• Taking on large capital investments

By assessing associated risks early, they can advise the Board on whether the potential upside justifies the risk and if mitigation measures are in place.

🎥 Relevant YouTube Videos

1. Enterprise Risk Management Explained | CIMA Global – Good intro to risk governance

2. What is Risk Appetite and Risk Tolerance? – Clear definitions

3. Whistleblowing in Corporations – How to protect staff and organization

❓ FAQ (Dual Language, One Sentence Format)

1. What is risk appetite and why does it matter? / Risk Appetite ဆိုတာဘာလဲ၊ ဘာကြောင့်အရေးကြီးသလဲ။
   → It defines how much risk the company is willing to accept to reach its goals. / ကုမ္ပဏီရည်မှန်းချက်ပြည့်မီရန် လက်ခံနိုင်သောအန္တရာယ်အတိုင်းအတာကိုဖော်ပြသည်။

2. Who should handle Code Red issues? / Code Red ပြဿနာများကို ဘယ်သူလုပ်သင့်သလဲ။
   → Must be escalated two levels up and managed by Risk Committee and Internal Audit. / နှစ်အဆင့်အထက်သို့ တင်ပြရပြီး Risk Committee နှင့် Internal Audit က ဆောင်ရွက်ရမည်။

3. Is whistleblowing protected? / Whistleblowing (သတင်းပေးမှု) ကို ကာကွယ်ပေးထားသလား။
   → Yes, the company must ensure anonymous and safe reporting channels. / ဟုတ်ပါသည်၊ လျှို့ဝှက်စွာသတင်းပေးနိုင်သောလမ်းကြောင်းကို ဖန်တီးပေးရမည်။

4. What is the Committee’s role in strategic decisions? / မူဝါဒရေးဆွဲမှုတွင် Risk Committee ၏ တာဝန်ဘာလဲ။
   → To assess risks and advise the Board before major decisions. / အရေးကြီးဆုံးဆုံးဖြတ်မှုများ မပြုမီ Board သို့ အန္တရာယ်များကို သုံးသပ်အကြံပြုခြင်း။

5. Should every issue be treated as a Code Red? / မည်သည့်ပြဿနာမဆို Code Red ဟု သတ်မှတ်သင့်သလား။
   → No, only critical risks such as legal threats, theft, or data breaches. / မဟုတ်ပါ၊ ဥပဒေတရားဆိုင်ရာ၊ ခိုးမှု၊ ဒေတာပျက်စီးမှုစသည့်အရေးကြီးအန္တရာယ်များသာပါ။