Practical ideas: Include risk information into existing internal communication channels

Forget the old-fashioned risk information flows from business units to risk managers who develop risk reports and present them to executives, the audit committee or the Board. There is a better way. Based on the research and interviews we conducted, the internal risk communication should be two-way:

  • Business units should be reporting on their own risks as part of normal performance reporting (be it weekly, monthly or quarterly performance reporting) as well as for any significant decisions;
  • Risk managers should be reporting on risks when there is an alternative point of view that is contradictory to business unit opinion or risk managers have additional information which should be considered when making a decision.

One thing is clear, information about risks should flow in the organisation every day and every time a decision is being made, not once a week or month when a risk assessment is done.

There are several ways to significantly improve internal risk management communication:

  • Include the requirement to share / disclose risk information in policies and procedures;
  • Change performance reporting / management reporting templates to include risk analysis results;
  • Get involved in report and document preparation to make sure risks are adequately captured;
  • Create own communication channels (newsletters, intranet site, email alerts);
  • Take ownership of some internal reporting on risks.


Alex has created a short bootcamp designed to help companies implement quantitative risk management. Imagine saving the company so much money that investing in risk management competencies and resources becomes a no brainer for the executives. That's exactly what Alex Sidorenko did at a global $10B chemical company and he has been kind enough to share his top tips and lessons learned with you each week. Sign up now!


Identify existing information flows (management performance reporting, decision making / approvals, information bulletins)
Change internal policies and procedures to require risk information to be included / disclosed
Change existing reporting templates to include risk management information
Provide methodologies to business units to help them accurately disclose risk information
Review / validate results to check for quality, accuracy, consistency and completeness




RISK-ACADEMY offers online courses

+ Buy now

Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

+ Buy now

ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

+ Buy now

Управление рисками

В этом коротком и очень увлекательном курсе, Алексей Сидоренко расскажет о причинах внедрения риск менеджмента, об особенностях принятия управленческих решений в ситуации неопределенности и изменениях в новом стандарте ИСО 31000:2018.


2 thoughts on “Practical ideas: Include risk information into existing internal communication channels

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.