We have many years’ experience of undertaking risk management reviews within the sector – but also drawing in best practice from beyond. Our start point is evaluating the benefits of the process from both an executive and non-executive perspective.
Over more recent assignments, we are covering,
- the use of technology /platforms for ‘hosting’ the register – some institutions have moved to ‘real time’ registers as part of a suite of management information with the registers located on, for example, their SharePoint site. There is an expectation that risk owners update the risk and related detail on a regular basis
- reflections on risk appetite and its impact on the risks – we are seeing the refinement of registers using appetite statements and how that translates into gross and net risk scores (and, where appropriate, the necessary action plans to reduce scores to an acceptable level)
- different styles of registers e.g., strategic, compliance – and how the different types and levels of assurance are captured.
We have worked with institutions where they have asked us to review their risk management policies and also the development and structure of their registers – where we have shown examples of different frameworks deployed.
In addition, on an annual basis we publish two detailed briefing notes – one which collates the risks from registers across the sector detailing the common risks, mitigations and movement from year to year. This is accompanied by another which compares the position across different sectors and countries.