Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Session 7: Managing risks: communicating and reporting

Introduction

In response to a number of high-profile corporate failures (Enron, WorldCom, etc.) regulators have introduced standards that apply to large listed companies. References to risk management are commonly contained in listing rules or agreements (India, UK and US), company laws (Austria, Germany, Turkey and Japan), or stock exchange laws (Mexico).

ISO 31000 diagram – communication & consultation and recording & reporting
Figure 1 ISO 31000 diagram – communication & consultation and recording & reporting
Download this video clip.Video player: Video 1 Good risk management
Copy this transcript to the clipboard
Print this transcript
Show transcript|Hide transcript
Video 1 Good risk management
Interactive feature not available in single page view (see it in standard view).

Additional guidance that is sometimes provided, such as the UK’s ‘Turnbull Guidance’, mainly refers to audit and internal controls. One exception is Singapore’s Corporate Governance Council, which in May 2012 issued guidance specifically on the governance of risk management (‘Risk Governance Guidance for Listed Boards’).

Download this video clip.Video player: Video 2 History of the UK Corporate Governance Code
Copy this transcript to the clipboard
Print this transcript
Show transcript|Hide transcript
Video 2 History of the UK Corporate Governance Code
Interactive feature not available in single page view (see it in standard view).

In 2014, the OECD produced a review of Risk Management and Corporate Governance [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] .

As the OECD report highlights, all of these codes have a similar theme. Whether it is Sarbanes Oxley (or SOX) in the USA, the Code Tabaksblat in the Netherlands or the Corporate Governance Code issued by the Financial Reporting Council in the UK, the requirement is to manage opportunities and risks and if companies choose not to comply to be able to explain why they have chosen not to do so.

All of the main risk management standards place a large importance in having top-down support for risk management (see ISO 31000 and COSO).

Increasingly there is a consensus on the need for an organisation’s board to play a leading role in the management of risk. All of the codes make clear the importance of the board in setting the right ‘tone from the top’. This is why good corporate governance, underpinned by codes and requirements, places a clear onus on boards to actively engage in risk management.

By the end of this session, you should be able to:

  • evaluate the roles of key stakeholders and their communication needs
  • understand the relationship between programme, business and functional risks, and how to communicate and consult between them all
  • understand further the impact of human factors on risk management.

Now begin Session 7.