Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Risk responsibility lies with the board: Financial Reporting Council

Airmic has welcomed revised guidance from the UK Financial Reporting Council (FRC) which makes clear that ultimate responsibility for risk management and internal control lies with the board.

The updated guidance on risk management, internal control and related financial and business reporting was published in September and should be followed for all accounting years with a start date after 1st October 2014.

The guidance says that while risk managers have day-to-day responsibility for implementation and management, it is up to the board to ensure that the appropriate policies are in place, that board understanding of risk is high, that risks are maintained within tolerable levels, and that risk mitigation is appropriate.

Entitled ‘Guidance on Risk Management, Internal Control and Related Financial and Business Reporting’ the FRC document states:

“The board has ultimate responsibility for risk management and internal control, including for the determination of the nature and extent of the principal risks it is willing to take to achieve its strategic objectives and for ensuring that an appropriate culture has been embedded throughout the organisation.”

It goes on to specify boards’ responsibilities for risk management as follows:

  • Ensuring the design and implementation of appropriate risk management and internal control systems that identify the risks facing the company and enable the board to make a robust assessment of the principal risks;
  • Determining the nature and extent of the principal risks faced and those risks which the organisation is willing to take in achieving its strategic objectives (determining its “risk appetite”);
  • Ensuring that appropriate culture and reward systems have been embedded throughout the organisation;
  • Agreeing how the principal risks should be managed or mitigated to reduce the likelihood of their incidence or their impact;
  • Monitoring and reviewing the risk management and internal control systems, and the management’s process of monitoring and reviewing, and satisfying itself that they are functioning effectively and that corrective action is being taken where necessary; and
  • Ensuring sound internal and external information and communication processes and taking responsibility for external communication on risk management and internal control.

Read the FRC document (PDF).

•Date: 7th October 2014 • UK •Type: Article • Topic: Enterprise risk management

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here