The audit committee is responsible for:
a. articulating the risk and operational risk profile of the firm.
b. keeping the firm’s internal controls and operational risk management systems under review.
c. managing the process of setting the operational risk appetite.
d. developing quantitative and qualitative metrics for risk assessment.