The board of directors is held responsible for oversight of the organization’s risk management framework. This follows governance principles and best practices, as the board has the ultimate responsibility for ensuring that risks are properly managed within the organization. Operational management, internal auditors, and the head of risk management have roles within the framework, but the board has the overarching oversight role.