TPG2017 Chapter I paragraph 1.66

« | »

The capability to perform decision-making functions and the actual performance of such decision-making functions relating to a specific risk involve an understanding of the risk based on a relevant analysis of the information required for assessing the foreseeable downside and upside risk outcomes of such a decision and the consequences for the business of the enterprise. Decision-makers should possess competence and experience in the area of the particular risk for which the decision is being made and possess an understanding of the impact of their decision on the business. They should also have access to the relevant information, either by gathering this information themselves or by exercising authority to specify and obtain the relevant information to support the decision-making process. In doing so, they require capability to determine the objectives of the gathering and analysis of the information, to hire the party gathering the information and making the analyses, to assess whether the right information is gathered and the analyses are adequately made, and, where necessary, to decide to adapt or terminate the contract with that provider, together with the performance of such assessment and decision-making. Neither a mere formalising of the outcome of decision-making in the form of, for example, meetings organised for formal approval of decisions that were made in other locations, minutes of a board meeting and signing of the documents relating to the decision, nor the setting of the policy environment relevant for the risk (see paragraph 1.76), qualifies as the exercise of a decision-making function sufficient to demonstrate control over a risk.






Related Guidelines


Related Case Law