UK: The Risk Agenda

Last Updated: 20 March 2017
Article by ICSA  

Collaboration within organisations will create a united and diverse resource to help boards deal with risk

Risk management is moving up the corporate agenda. It is now viewed as more than a tick-box compliance exercise, and regulatory bodies such as the FRC are increasingly calling on business leaders and senior management to have a greater involvement in their organisation's risk management strategy.

But how do boards actually view risk management? Do they see it as a necessary evil or as a vital contributor to the successful development and execution of their business strategy? Managing risk in today's complex world is no easy task and boards are having to respond to growing pressure to take an active role in shaping their agenda and conversation on risk.

Airmic has spent the past year asking UK boards about risk, through a series of round table meetings hosted with the Chairman's Forum, the Chartered Institute of Management Accountants and Alvarez & Marsal. The answers to these questions were not only fascinating, but extremely encouraging.

"It is imperative that risk management is driven from the very top of the company"

To sum it up, today's boards care about risk management – and not just about paying lip service to it, but actually getting it right. That dozens of FTSE chairmen, CEOs and non-executive directors, were both willing and keen to have these discussions speaks volumes in itself. To quote the Director of the Chairman's Forum, Richard Sermon: 'Boards now want a more qualitative conversation about risk.'

The outcome of these discussions culminated in our report entitled 'Ensuring corporate viability in an uncertain world – framing the board conversation on risk'. The report shares some practical thinking on the key issues and offers an agenda and road map for senior executives on how to have an effective board risk conversation.

The report includes commentary from senior business leaders, including Sir Peter Gershon, Chairman of National Grid and Tate & Lyle, Sir Roger Carr, Chairman of BAE Systems, and Sir Win Bischoff, Chairman of the FRC.

Global complexity

One of the core messages that came out of the discussions is that boards are concerned about the growing complexity of global risks. Managing risk is clearly not a new concept for businesses, but what is new is that the scale of the challenge is dramatically more profound than in the past. Broadly speaking, this is due to three factors:

  • Speed of change, of markets, environments, distribution and geography. The rate of acceleration requires a speed of response which is greater than anything previously experienced.
  • Complexity of risk, of business models, of technology dependence, and of the external environment, beyond anything seen before.
  • Transparency, whether planned or otherwise, occasioned by social media, traditional media, and the pervading investigative process – we all live in a glass bubble.

Risk profiles are changing. When creating lists of risks that typically keep business leaders awake at night, intangible risks which are harder to define, quantify and manage, such as cyber, reputational and non-physical business interruption, feature more prominently than the tangible or more physical asset-rich risks.

Add to this the potential for digital, non-physical triggers to cause physical damage and the potential for substantial physical damage is vast.

Risks will continue to become more complex and interconnected, and change will continue at an unprecedented pace. Boards are acutely aware that sound risk management is becoming vital in this context.

According to Robert Walker, Chairman of Travis Perkins and Enterprise Inns: 'In an interconnected world there is an increasing need for boards to understand and seek to manage "complexity risk" by factoring in a combination of risks, including the impact of global economic and geopolitical trends and issues, cyber security and the potential impact of reputational risk.'

Not just compliance

Given this backdrop, it is imperative that risk management is driven from the very top of the company. Encouragingly, the interviews that took place prior to writing the report, demonstrated real progress in this area and illustrated that senior management understands the importance of board-level leadership for the management of risk.

The report reminds boards of the need to ensure that the organisation's approach to risk has been properly considered when setting strategy. It states that risk management should support better decision-making, rather than inhibit sensible risk-taking in line with growth strategies and operations.

It also emphasises that the board's responsibility for the organisation's culture is essential to the way in which risk is considered and addressed.

There was clear recognition that although risk managers have day-to-day responsibility for implementing the risk management system and providing help and support, it is up to senior management to ensure that the appropriate system is in place to support the effective integration of risk management and to foster collaboration in the management of risk, vertically and horizontally around the organisation.

For this to happen successfully, the risk management system should comprise a series of principles, frameworks and processes which must be embedded in all parts of the business model. The system needs to be dynamic and adaptable to respond to rapidly changing circumstances.

To quote Charles Tilley, Executive Chairman of the CGMA Research Foundation, who participated in the research for the report: 'Every aspect of the business has a risk management element; every decision made or action taken can be viewed as risk prevention or risk mitigation. For companies to have success over the long term, risk management should be integrated into the fabric of every business.'

Material impact

One of the most positive messages that rings clear throughout the report is that when risk management is elevated to a strategic level it opens up opportunities for value creation. In other words, good risk management is not just about 'saying no' or 'business prevention', but can have a material and positive impact on long-term resilience, competitiveness and value creation.

Managing risk, resilience and longer-term viability are inherently linked. Longer-term viability requires a good understanding of the risks facing the organisation, how they are being managed, and how the company would respond if they materialise. Resilience is the ability of an organisation to anticipate, prepare for, respond and adapt, to change and sudden disruptions in order to survive and prosper.

An integrated approach

The fact that risk management has a growing status within organisations has been backed up by surveys conducted by Airmic of its membership, which show that risk managers now find it easier to gain attention from the top. Respondents also reported greater support and leadership from the board on risk issues.

This remains work-in-progress, but it is clear that boards increasingly appreciate the value of risk management. But while the message is getting through to the top, research indicates that more is needed to embed risk management across organisations.

"When risk management is elevated to a strategic level it opens up opportunities for value creation"

In the same survey of Airmic members, almost three-quarters of respondents said they were concerned that risk management and risk education are not being fully integrated with wider business units.

Although different sectors approach enterprise risk management in different ways, one thing is common: all activities of an organisation involve risk. Successful enterprise risk management requires an integrated approach.

It is not possible for the risk function or senior management alone to be effective at identifying and assessing risks, and in particular identifying aggregations of risk across a business. As business models continue to become more complex, risk no longer falls into neat categories along organisational lines.

Take digital risk as an example. As the digital revolution penetrates all aspects of a business, so digital risk becomes a component of all risks in all areas of business. The only way to manage this is for departments to work together – digital risk is the biggest concern for most CEOs and managing it cannot be confined to the boardroom, the IT department or the risk management department.

Building relationships

Breaking down silos, however, can be a challenge – it requires a cultural shift for IT and risk departments to work together. Business function leaders have the potential to become influential business leaders if they are smart about building relationships with their peers, hire the right teams and build the right capabilities. Different functions typically have different profiles and these need to be understood to build sustainable, collaborative relationships.

Although boards play a vital part in promoting collaboration between functions, company secretaries also have an important role in meeting this challenge.

Managing risk is an important part of a company secretary's role and, as the key link between the board and other functions, they – together with their colleagues in risk management – can play a pivotal role integrating the management of risk across a business.

There are enormous demands placed on boards and, for many senior executives, finding adequate time to focus on risk management can be a challenge. One of the messages that rang clear from our conversations with boards is that senior management is looking for help on how to translate the risk management imperative into practice.

Collaboration across management and teams in an organisation not only produces collective intelligence but can create a united, diverse resource for boards to call upon.

Julia Graham is Deputy CEO at Airmic

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Topics
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions