Reporting on Risk Management Flashcards
Why might an organisation have multiple reporting requirements?
Listed on more than one stock exchange
charitable subsidiaries
subsidiaries that operate as insurance companies
Why might an org opt to report on RM?
To achieve higher profile e.g. corporate social responsibility
What reporting requirements are companies listed on the US stock exchange subjected to?
Sarbanes-Oxley Act 2002:
- IA certified risk assessment of org’s financial structure
- Approved RM framework - most commonly COSO
- Risk reports (Form 20F and 10K) describing future risk (typically 3-10 pages)
- Factors that could cause future financial difficulties listed and then described in more detail (typically half a page)
Why has Sarbanes-Oxley Act been criticised?
Large amount of onerous, costly work involved in compliance
Strengthens public and shareholder trust but doesn’t necessarily improve ethical standards.
Seen as reactionary in response to ethical failures of a handful of execs
UK Charity Commission states that risk reporting should reflect the size and complexity of the org. Reports should be in narrative format and should include…?
- acknowledgement of trustees responsibilities
- overview of the risk identification process
- indication that major risks have been reviewed or assessed
- confirmation that control systems have been established
As a matter of best practice what might larger or more complex charities report in addition to the basic requirements?
- linkage between strategic objectives and major risk identification
- procedures that go beyond financial RM e.g. operations and compliance
- linkage between risk assessment/evaluation and likelihood/impact
- how risk assessment activities are monitored and embedded
- trustees review of principle risks identified
To what degree is RM seen as important by charities?
Seen as increasingly important, with some charities spending more on RM than fundraising.
Is public sector risk reporting mandatory?
Yes
What are the UK Government Principles of risk reporting?
- Openness and transparency about the risks to the public and process for managing them
- Involvement of those concerned in the decision making process
- Proportionate and consistent response to risks to the public
- Evidence-based decision-making
- Responsibility allocated to those best placed to control risks
The Governments focus on sources of risk rather than objectives or dependencies is indicative of the importance placed on risk management. What sort of sources will a government agency or department be considering?
Political Climate Energy competition Poverty/inequality Globalisation
To what degree do governments share security threats?
Increasingly more so:
- National Security Strategy of the UK
- Cabinet Office National Risk Register
