What is the role of the audit committee in risk oversight?

The core idea is that the audit committee provides independent governance over risk at the board level, not by directing day-to-day risk choices but by supervising the risk framework that guides the organization. In practice, this means the committee reviews how risks are identified, assessed, and mitigated, and how those risk considerations are linked to financial reporting and the effectiveness of internal controls. It also involves monitoring major risk exposures, the adequacy of risk management policies, and the performance of the internal and external audit functions to provide assurance to the board. This oversight helps ensure risk appetite and strategy are aligned, and that there are effective processes to detect and remediate issues. Options that imply micromanaging management’s daily risk decisions, delegating all risk duties to outsiders, or ignoring risk entirely miss the governance role of the committee.