Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Risk management

Session 7: Managing risks: communicating and reporting


In response to a number of high-profile corporate failures (Enron, WorldCom, etc.) regulators have introduced standards that apply to large listed companies. References to risk management are commonly contained in listing rules or agreements (India, UK and US), company laws (Austria, Germany, Turkey and Japan), or stock exchange laws (Mexico).

ISO 31000 diagram – communication & consultation and recording & reporting
Figure 1 ISO 31000 diagram – communication & consultation and recording & reporting
Download this video clip.Video player: Video 1 Good risk management
Skip transcript: Video 1 Good risk management

Transcript: Video 1 Good risk management

So good risk management is really about being very clear on what objective is that you're trying to strive for and think about the risks that relate to that objective.
Good risk management is beyond creating your risk register. It's all about making sure we've got good action plans and treatment plans and controls in place to manage that risk and prevent it going out of control, ultimately. But it also goes beyond the process. So there is-- it's all about getting everyone involved and risk management, from the boardroom down to your apprentice on the shop floor, making sure everyone has the skills necessary to manage risk together as a group.
Good risk management is incredibly simple. I'm a pragmatic sort of person. I like a pragmatic approach. And where you have organisations that employ thousands of people, or in my case, tens of thousands of people, it can be very difficult to actually have a one-size-fits-all approach. So for me, it's distilling it down. It's taking it to the masses.
And so by doing this, it quite simply comes down to good identification. You identify a risk. Seeing it in the first place, you've got to be actively looking. You've got to have that feeling in place that I'm happy to come forward with that information in the first place. Then they'll know who to speak to about risk or to raise that risk with them.
And then work with that person to make sure that other people can understand it so other people can be-- you know, good risk management is a community effort. It's not just me sitting in a room somewhere typing something up or thinking of something great to put in a report. It's none of that. It's all about conversation. It's communications.
You cannot do everything, so don't try to overcook it. It's really make sure you are aware of what are the significant, material things that can work to your disadvantage or to your advantage. And make sure you address them as part of your plan of what you actually want to do. And then there is, strictly speaking, no risk management. it's basically executing a robust plan.
For me, good risk management looks like something that you cannot see. I think if it's effective, it's not making too much of a noise. It's going on in the background. It's part of people's routine activity. It's something that I think everybody should be involved in, but I think it's something that should be part of core business operations.
And other reasons that it's important is it's actually one of the things that needs to be done under UK corporate governance regulations. And that's something that's been in place for UK companies for a number of years now. And one of the requirements is to have what's known as a risk management system in place to make sure that, again, the company is doing everything it can do to be successful and to think about anything that might happen that could cause it not to be successful.
End transcript: Video 1 Good risk management
Video 1 Good risk management
Interactive feature not available in single page view (see it in standard view).

Additional guidance that is sometimes provided, such as the UK’s ‘Turnbull Guidance’, mainly refers to audit and internal controls. One exception is Singapore’s Corporate Governance Council, which in May 2012 issued guidance specifically on the governance of risk management (‘Risk Governance Guidance for Listed Boards’).

Download this video clip.Video player: Video 2 History of the UK Corporate Governance Code
Skip transcript: Video 2 History of the UK Corporate Governance Code

Transcript: Video 2 History of the UK Corporate Governance Code

The UK corporate governance code has to date been updated in responses to high profile failures in corporate governance. The first version of the code was published in 1992 by Sir Adam Cadbury, known as the Cadbury Report. The report was commissioned following a number of high profile corporate scandals in the UK, mainly involved in fraud such as Polly Peck, BCCI, and Robert Maxwell.
The major principles covered separation of the CEO and chairman roles, appointed of non-executive directors and formation of an audit committee attended by non-executive directors. In 1994, the principles of the code were appended to the London Stock Exchange's listing rules. All listed companies were required to comply with the principles or explain why they did not.
Public outcries over executive pay of recently nationalised firms led to another code being introduced, the Greenbury Report. This introduced additional principles where a remuneration committee set executive pay and executive pay linked to long term performances were introduced. In 1998, these two codes were brought together to form the combined code.
Over the next decade, further updates were made in response to corporate failures, such as Enron, Northern Rock, and the banking crisis with the combined code renamed as the UK corporate governance code. In the last decade, code has been updated three times with the aspiration to increase boardroom accountability and increase trust in the business.
End transcript: Video 2 History of the UK Corporate Governance Code
Video 2 History of the UK Corporate Governance Code
Interactive feature not available in single page view (see it in standard view).

In 2014, the OECD produced a review of Risk Management and Corporate Governance [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] .

As the OECD report highlights, all of these codes have a similar theme. Whether it is Sarbanes Oxley (or SOX) in the USA, the Code Tabaksblat in the Netherlands or the Corporate Governance Code issued by the Financial Reporting Council in the UK, the requirement is to manage opportunities and risks and if companies choose not to comply to be able to explain why they have chosen not to do so.

All of the main risk management standards place a large importance in having top-down support for risk management (see ISO 31000 and COSO).

Increasingly there is a consensus on the need for an organisation’s board to play a leading role in the management of risk. All of the codes make clear the importance of the board in setting the right ‘tone from the top’. This is why good corporate governance, underpinned by codes and requirements, places a clear onus on boards to actively engage in risk management.

By the end of this session, you should be able to:

  • evaluate the roles of key stakeholders and their communication needs
  • understand the relationship between programme, business and functional risks, and how to communicate and consult between them all
  • understand further the impact of human factors on risk management.

Now begin Session 7.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371