Risk Governance Framework™

Three-lines model and board oversight that boards actually use.

Overview

A governance model that defines roles, escalation and reporting between the board, risk committee, executive, second line and assurance providers — anchored on NCCG, FRC and ISO 31000 expectations.

Components

Risk Committee Charter
Three-Lines Model
Escalation Matrix
Risk Reporting Pack

Governance Structure

Board Risk Committee
Executive Risk Committee
Risk Function (CRO)
Internal Audit

Methodology

Charter

Adopt the Risk Committee Charter and Board Risk Charter.

RACI

Document three-lines RACI and escalation thresholds.

Reporting

Stand up the Risk Reporting Pack and dashboard cadence.

Review

Annual board effectiveness and risk oversight review.

Maturity Levels (shared spine)

Fragile

No risk committee charter; narrative-only reporting.

Functional

Committee charter live; quarterly agenda set.

Disciplined

Standard reporting pack with KRIs and movement commentary.

Strategic

Risk insight shapes strategy, capital and incentives.

Resilient

Forward-looking, assured oversight embedded across the board.

Roadmap

0–30 daysCharter

Charters approved
RACI signed off

30–60 daysOperate

Reporting pack delivered
First committee meeting

60–90 daysAssure

Independent review
Board sign-off

Deliverables

Board Risk Charter
Risk Committee Charter
Risk Reporting Pack
Risk Dashboard Pack

Knowledge Graph

Related across the Risk Centre

Assessment

Risk Governance Assessment™

Evaluate governance and the three-lines model.

Board Pack

Risk Committee Charter

Risk Committee charter — purpose, composition, agenda and reporting.

Back to frameworks

Across the ecosystem

Knowledge graph · 4 relations

scored by

AssessmentRisk Governance Assessment

operationalised by

ResourceRisk Committee CharterResourceThree Lines of Defence ModelResourceRisk Governance RACI