Transcript

SPEAKER 1

So I think a risk management framework should include a policy, so how we're going to do things, the tools and training, people in place, and a governance structure as well so that we can monitor how we're doing against our policy.

SPEAKER 2

It needs to tell me very clearly what am I supposed to do, who is supposed to do it, strictly speaking. It needs to give advice on where does risks need to be communicated to in order to be addressed in the most effective way. And last but not least, it needs to give me a clear indication of how much risk is this company prepared to take in order to get a reward, not for the sake of it.

SPEAKER 3

I would expect, in a risk management framework, people who understand the key concepts around risk. They're comfortable in applying those. They're comfortable in raising risks, or shining a light on risk so that people are aware of them. I would expect there to be a degree of rigour in terms of how people are recording things as well because it's important for people to be able to look at, for example, key sets of data around risk to maybe backup or provide evidence to a case that they're making. So yeah, a timely awareness and raising of those particular risks, I think, is fundamental.