Fundamentals of Risk Management
Reporting on risk management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Public-sector risk reporting
|
Reporting on risk management
429 Most charities are already likely to consider risk in their day-to-day activities. In fact, it has been reported that many charities now see risk management and other governance requirements as the most significant challenges facing the organization. This appears to imply that charities are becoming more risk-averse and spend more effort on compliance issues than on fundraising. Even where a formal risk management process has not been completed, it will often be possible for aspects of the approach to risk to be drawn out for comment. A typical report on risk management for a small charity may be as follows: ● ● Risk assessment processes are in place to identify priority significant risks facing the charity. ● ● Risk management policies, protocols and procedures are embedded into routine operations. ● ● Analysis of strategy is undertaken to identify significant risks that could impact the delivery of the strategy. ● ● Procedures are in place to ensure legal compliance, including routine reports on legal matters to the board of trustees. ● ● Trustees receive training on those risk management and corporate governance issues relevant to the charity. ● ● Trustees receive an annual report of risk management activities and evaluation of the control environment. ● ● Trustees also receive additional reports about any significant weaknesses in controls and details of any material failures of controls. Public-sector risk reporting Attention to risk management in government departments and other areas of the public sector is mandatory in most countries. Much of the information on risk manage- ment in government bodies is freely available on websites and this information forms very useful reference material. However, because the information is publicly available, there is often no specific mention of the risk reporting to external stakeholders. The government in the UK has produced a set of principles on risk reporting. Table 36.3 sets out those risk reporting principles as openness and transparency, involvement, proportionality, evidence and responsibility. There is usually extensive information on how the risk-reporting structure will work within a government body. The information set out below is typical of a report by a UK local government authority: All risks on the strategic risk register are monitored via quarterly clinics. Reports from these clinics are forwarded to the executive committee twice per year. The strategic risk register is reported to full council through its inclusion in the annual strategic plan reporting. Service-specific business risks are included within service group plans and monitored through the directorates’ performance management arrangements. This includes reporting, twice per year, to relevant council members. |
