Risk management has been recently gaining increasing attention
in business due to its impact on the stability and continuity
of business entities.

Risk management has been recently gaining increasing attention
in business due to its impact on the stability and continuity
of business entities.
Risk management has been recently gaining increasing attention in business due to its impact on the stability and continuity of business entities. Such attention has devolved into establishing specialist professional organizations entrusted with issuing the risk management framework, which includes international standards intended to create common understanding, implementation and reporting within a single country and worldwide.
Such organizations include the UK-based Institute of Risk Management (IRM) and the International Organization for Standardization (ISO), which issued ISO 31000: 2009.
The Institute of Risk Management set a definition of risk management process as follows:
“Risk management involves understanding, analyzing and addressing risk to make sure organizations achieve their objectives. So it must be proportionate to the complexity and type of organization involved. Enterprise Risk Management (ERM) is an integrated and joined up approach to managing risk across an organization and its extended networks”.
From theoretical perspective, business entities are required to set up an organizational unit charged with examining and managing risks and reporting the same to the Board of Directors in order to take informed decisions with respect to such risks.
In view of attention paid to risk management activity, a professional framework has been established for those interested in developing their knowledge of risk management to set for exams and receive international specialist professional certificates in the risk management area.
In the State of Kuwait, Law No. 7 of 2010 regarding the Establishment of Capital Markets Authority and Regulation of Securities Activity and its Executive Regulations were promulgated, which include in Module 15 – Corporate Governance – the risk management requirements that are mandatory for listed and licensed companies in accordance with the following articles:
Article 6-4 | The Board of Directors shall constitute a committee named Risk Management Committee, which shall comprise a minimum of three members. The Chairman of the Committee shall be a non-executive director. The Chairman of the Board of Directors may not serve as a member in this Committee. The Board of Directors shall determine the membership term and its process of activities. |
Article 6-5 | The minimum authorities and roles of the Committee are as follows: |
|
|
Article 6-3 | The Company’s organizational structure (as approved by the Board of Directors) shall include an independent risk management department/ office/ unit, which will primarily measure, monitor and mitigate all types of risks facing the Company as per the following: |
|
In light of the above, the following is a summary of the risk management reports that listed and licensed companies should prepare:
It is worth mentioning that the above reports are for internal use and not required to be submitted to the Capital Markets Authority. However, CMA has the right to request reviewing the same when conducting an inspection.
Furthermore, the companies licensed by shall comply with the provisions of Module 6 – Internal Policies and Procedures of Licensed Person – of the Executive Regulations of Law No. 7 of 2010, pertaining to the risk management report as per the following articles:
Article 4-2 | The risk management systems of a licensed person shall include the key aspects enabling it to identify and properly manage risks; in particular these should include the following: |
|
|
Article 4-4 | The Risk Management Officer shall present a risk report to the Board of Directors every six months along with providing the CMA with a copy thereof. The Board of Directors shall notify CMA immediately upon occurrence of deviation from the risk management systems and explain the actions to be taken to handle the same. |
Baker Tilly provides consulting services to companies licensed by Capital Markets Authority, listed and other companies in connection with risk management as follows: