About > Sustainability Management > Risk Management

Risk Management

Risk management process includes:

  • recognition or identification of risks
  • ranking or evaluation of risks
  • responding to significant risks
    • tolerate
    • treat
    • transfer
    • terminate
  • resourcing controls
  • reaction planning
  • reporting and monitoring risk performance
  • reviewing the risk management framework

Risk Management responsibilities

1) RM responsibilities for the CEO / Board:

  • Determine strategic approach to risk and set risk appetite (risk that is acceptable)
  • Establish the structure for risk management
  • Understand the most significant risks
  • Manage the organization in a crisis

2) RM responsibilities for the business unit manager:

  • Build risk aware culture within the unit
  • Agree risk management performance targets
  • Ensure implementation of risk improvement recommendations
  • Identify and report changed circumstances / risks

3) RM responsibilities for individual employees:

  • Understand, accept and implement RM processes
  • Report inefficient, unnecessary or unworkable controls
  • Report loss events and near miss incidents
  • Co-operate with management on incident investigations

4) RM responsibilities for the risk manager:

  • Develop the risk management policy and keep it up to date
  • Document the internal risk policies and structures
  • Co-ordinate the risk management (and internal control) activities
  • Compile risk information and prepare reports for the Board

5) RM responsibilities for specialist risk management functions:

  • Assist the company in establishing specialist risk policies
  • Develop specialist contingency and recovery plans
  • Keep up to date with developments in the specialist area
  • Support investigations of incidents and near misses

6) RM responsibilities for internal audit manager:

  • Develop a risk-based internal audit programme
  • Audit the risk processes across the organization
  • Receive and provide assurance on the management of risk
  • Report on the efficiency and effectiveness of internal controls

Risk assessment techniques

  • Questionnaires and checklists
  • Meetings and brainstorming
  • Inspections and audits
  • Flowcharts and dependency analysis
  • SWOT (Strengths Weaknesses Opportunities Threats) and PESTLE (Political Economic Social Technological Legal Environmental) analyses

Categories and Drivers of Risk

Externally Driven Internally Driven
Financial Risks
  • Accounting Standards
  • Interest Rates
  • Foreign Exchange
  • Funds and Credit
  • Internal Control
  • Fraud
  • Historical Liabilites
  • Investments
  • CAPEX Decisions
  • Liquidity and Cash flow
Infrastructure Risks
  • Communications
  • Transport
  • Supply Chain
  • Terrorism
  • Natural Disasters
  • Pandemic
  • Recruitment
  • People Skills
  • Health & Safety
  • Premises
  • IT Systems
Marketplace Risks
  • Economic Environment
  • Technology Developments
  • Competition
  • Customer Demand
  • Regulatory Requirements
  • M&A Activity
  • R&D Activity
  • Intellectual Property
  • Contracts