This next step is very important to reinforce strong risk culture within the organisation. There are various ways of including risk discussion on the Board’s agenda, however we believe that it is more effective to spend fifteen minutes on risk matters at every meeting than an hour once a quarter or a day once a year.
It is recommended to discuss risks associated with each decision instead of having risk management as a separate agenda item. After all items on Board’s agenda are risk items.
For example, the Board may want to discuss risks associated with the quarterly budget when discussing the actual budget, or discuss project risks when approving project financing, as opposed to discussing the top ten corporate risks at the end of the meeting when all decisions have already been made.
The risk manager should, along with the Board secretary, make the necessary amendments to the presentation templates to include a section on risks for every significant decision. The risk manager, in conjunction with the internal audit, should also ensure that the risk information provided to the Board is complete, accurate and consistent. To improve the quality of such information, risk managers may wish to consider staff training or personally quality check the information before it goes to the Board.
Some Boards may create a separate Risk Committee or expand the scope of the Audit Committee to review matters related to risks. Our experience, when talking to different risk managers during the interviews, shows that this may be more fashionable than practical, since most decisions are taken long before the information is formally presented to the Board of Directors. Several people interviewed mentioned that it makes more practical sense to have a management level risk committee instead.
Nevertheless, the Board level risk committee can play an important oversight role and have a very positive impact on the overall risk culture within the organisation. Sometimes this is called “security theatre”.
USE THE CHECKLIST PROVIDED BELOW TO TURN THIS SECTION INTO ACTIONS
|
☐ |
Update the Board presentation template to include risk analysis for every significant decision |
|
☐ |
Discuss with the Board secretary the quality control process to ensure risk information is complete, accurate and consistent |
|
☐ |
Train management to correctly and accurately disclose risks to the Board |
|
☐ |
Control the quality of information disclosed |
|
☐ |
Provide support to management in preparing risk information for the Board |
USEFUL VIDEOS
| Alex Sidorenko from RISK-ACADEMY talks about various ways of including risk management information on the Board’s agenda | https://www.youtube.com/watch?v=UBXw0cEPpws |
| Alex Sidorenko from RISK-ACADEMY talks about what risk reports are useful and how to integrate risk reporting into regular management reporting. | https://www.youtube.com/watch?v=AOGrobGzeaQ |
USEFUL LINKS AND TEMPLATES
- Sample short risk report –
http://www.risk-academy.ru/en/download/short-risk-report-presentation/ - Sample long risk report – http://www.risk-academy.ru/en/download/detailed-risk-report/
- Example of a completed risk register –
http://www.risk-academy.ru/en/download/example-of-a-completed-risk-register/
Check out other decision making books
RISK-ACADEMY offers online courses
Informed Risk Taking
Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!
ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.
Advanced Risk Governance
This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.
