Session 7: Managing risks: communicating and reporting
In response to a number of high-profile corporate failures (Enron, WorldCom, etc.) regulators have introduced standards that apply to large listed companies. References to risk management are commonly contained in listing rules or agreements (India, UK and US), company laws (Austria, Germany, Turkey and Japan), or stock exchange laws (Mexico).
Additional guidance that is sometimes provided, such as the UK’s ‘Turnbull Guidance’, mainly refers to audit and internal controls. One exception is Singapore’s Corporate Governance Council, which in May 2012 issued guidance specifically on the governance of risk management (‘Risk Governance Guidance for Listed Boards’).
In 2014, the OECD produced a review of.
As the OECD report highlights, all of these codes have a similar theme. Whether it is Sarbanes Oxley (or SOX) in the USA, the Code Tabaksblat in the Netherlands or the Corporate Governance Code issued by the Financial Reporting Council in the UK, the requirement is to manage opportunities and risks and if companies choose not to comply to be able to explain why they have chosen not to do so.
All of the main risk management standards place a large importance in having top-down support for risk management (see ISO 31000 and COSO).
Increasingly there is a consensus on the need for an organisation’s board to play a leading role in the management of risk. All of the codes make clear the importance of the board in setting the right ‘tone from the top’. This is why good corporate governance, underpinned by codes and requirements, places a clear onus on boards to actively engage in risk management.
By the end of this session, you should be able to:
- evaluate the roles of key stakeholders and their communication needs
- understand the relationship between programme, business and functional risks, and how to communicate and consult between them all
- understand further the impact of human factors on risk management.
Now begin Session 7.