Previous: 5.2 Risk reporting

Reporting to the board

In most organisations it is the Board of Directors who are ultimately responsible for the management of risks and they will commonly look to:

  1. ensure there is an effective system of risk management in place
  2. ensure that treatment activities are appropriate and effective
  3. ensure that the right risks are being taken and that the organisation is operating within its risk appetite.

Reporting can be done to the board as a whole but certain activities are often delegated to specific committees of the board. In general there are two approaches:

  • An audit committee looks at the effectiveness of risk systems while a separate risk committee focuses on the content of the risks and the effectiveness of the treatment activities.
  • An audit committee looks at both the effectiveness of risk systems and the content of the risks and the effectiveness of the treatment activities.
Video 4 What do the Board want?
Transcript (opens in new window)
ContentsNext: 5.3 Reporting considerations

OpenLearn - Risk management
ou logoCreative Commons non-commercial share alike icon Except for third party materials and otherwise, this content is made available under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Licence, full copyright detail can be found in the acknowledgements section. Please see full copyright statement for details.