Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Risk management

5.3 Reporting considerations

Larger organisations should give thought to how risk reporting and reviews flow down the organisation. Again there is no right way to do this, but it is typical for smaller units to have their own local reviews. The only difference between these and higher-level reviews tends to be the size (impact) of the risks being discussed.

The cadence (timing and frequency) of risk reviews should be based on the business in question and the pace with which risks can emerge, change and be mitigated. There is, therefore, a broad spectrum of review frequencies ranging from daily to annually.

In cases where there is a lower frequency, thought should be given to how exceptions will be reported and key decisions made. This is often done by linking risk to the organisation’s delegated authorities and incident reporting processes. A standard risk review is described below:

Risk committee terms of reference

Download the read-only [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] or the read + write version.

A good risk review will often conduct a review by exception and a deep dive.

The review by exception looks at things that are not as they should be, which would include:

  • incidents (risks that have happened)
  • control weaknesses (based on near misses or assurance findings)
  • mitigation actions that have not worked or are off track
  • risks that are greater than appetite (and, in particular, those that will remain so for a long period of time)
  • changes to the risk profile, particularly new risks (or new root causes) and risks that are to be closed.

A deep dive will be undertaken as described in Session 6. This should be an opportunity for the panel to review treatment activities (actions and controls) and make sure that they are confident the risk is being appropriately managed.

Take a look at the Reporting Toolkit (read-only).


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371