197. The risk management committee’s responsibility should be clearly set out in its terms of
reference, which must deal with the scope of its mandate, its composition, roles and duties
and include provisions to the effect that –

(a) the risk management committee comprises executive and non-executive directors,
with the latter being in the majority, who should all be persons with adequate risk
management skills and experience;
(b) the risk management committee may supplement its risk management skills and
experience by inviting independent management experts and senior management
personnel responsible for the various aspects of risk management to attend its
meetings; and
(c) the risk management committee should be composed of at least three Board
members and should meet every quarter of the company’s financial year, preferably
before every quarterly Board meeting.

198. The Board should evaluate the risk management committee’s performance in terms of its
mandate and effectiveness.

199. The risk management committee should, as its main function, consider the risk management
policy and plan of the company and monitor, evaluate and recommend amendments to the
risk management processes, procedures, policies and implementation strategies, including –
a) identifying key principal risks through appropriate risk assessment, survey and
mapping strategies and procedures which may use data analysis, business
indicators, market information, loss control, scenario planning and portfolio analysis,
threats to various income streams, critical business processes and dependencies of
the business, sustainability dimensions of the business and expectations of
stakeholders; and
b) using other methods to identify and assess risks such as financial and environmental
audits and hazard and operability studies.

• According to the NATIONAL CODE ON CORPORATE GOVERNANCE ZIMBABWE