Report will aim to provide suggestions to help boards determine what approach to the FRC Code will work for them 

a

In the autumn Airmic will be launching a guidance report aimed at boards on the Financial Reporting Council (FRC) Code. The key message is that there is a real need to support the board in risk governance and that risk managers have an opportunity to elevate their role from risk manager to risk leader - and move to an environment with risk leadership expectations.

To govern effectively all boards must understand risk and opportunity. The question is: what are the risks that could derail the business and where are the opportunities to be converted?

The FRC published revised guidance entitled ‘Risk Management, Internal Control and Related Financial and Business Reporting’ in September 2014. It is referred to by the FRC as the ‘risk guidance’ and should be followed by all companies that are required to comply with the UK Corporate Governance Code.

The risk guidance states that economic developments and some high-profile failures of risk management in recent years have reminded boards of the need to ensure that the company’s approach to risk has been properly considered in setting strategy. The guidance emphasises that the board’s responsibility for the organisation’s culture is essential to the way in which risk is considered and addressed.

While risk managers may have day-to-day responsibility for implementation of risk management processes, the board has ultimate responsibility for risk management and internal control, including for the determination of the nature and extent of the principal risks it is willing to take to achieve its strategic objectives. It is up to the board to ensure that the appropriate systems and policies are in place, that understanding of risk is high, that risks are maintained within tolerable levels and that risk mitigation is appropriate. It is also responsible for ensuring that an appropriate culture has been embedded throughout the organisation.

The FRC is now undertaking a project with the objective to understand and develop the role of boards in shaping and embedding a healthy corporate culture and to add value by identifying best practice and developing practical, market-led ‘how to’ type resources to help boards take effective action on culture.

With this context in mind, twelve months on from the launch of the revised Code, Airmic through John Hurrell and Julia Graham have been working with the Chairman’s Forum, CIMA, and Alvarez & Marsal to explore the evolving needs of FTSE 250 chairmen and their boards in connection with their responsibilities for risk governance.

It was clear from three breakfast meetings they attended that chairmen and their boards recognise the scale of their challenge. They appreciate the need for support and expertise to help them understand the ramifications of a faster moving, more complex and interconnected world and the resultant rapidly changing and increasingly intangible risk profiles of their organisations.

Airmic is running a conference seminar this Wednesday (8 June) to preview the report and to help clarify what is required and consider some of the opportunities the FRC Code presents, as technical director Julia Graham explained to StrategicRISK.

“The FRC Code means companies have to talk about strategy, sustainability and principal risks – the aim of the report is to provide suggestions to help boards determine what approach will work for them and to help the board to frame the ‘right’ questions.”

“What the FRC code offers comparisons with the Insurance Act,” said Graham.

“One of the objectives of the Insurance Act was to raise the professionalism on all three sides of the deal: the buyer, the intermediary and the seller. By modernising the law, it places an onus on the partners in the deal going forward to behave in the most professional of ways.

“The FRC Code places a requirement on the shoulders of the board to build resilient businesses and provides an opportunity for risk managers to help them to travel The Road to Resilience. So as with the Insurance Act we are saying to our members that they need to raise their game as it is a great opportunity but they need to make sure that their knowledge and skills are up to converting it.”

Specifically, Graham said, that opportunity is for risk professionals to be the “trusted risk advisor to your board.”

“This comes back to the Tomorrow’s Risk Leader paper that Airmic wrote with Tomorrow’s Company last year. Be the leader and be involved in delivering risk management through the business model.”

“It is a very hot topic and I noticed from the circuit of lectures and business meetings that this subject is not far from any agenda which is talking about corporate governance.”

“Members have been telling us they think they are well-positioned to deal with some of the challenges required under the FRC Code as risk managers but one of the things they struggle with is getting all their peers to engage with them into helping deliver it.”

Cyber, Graham said, was an example of this. “This is not just an IT issue it is an enterprise issue and should be risk managed across all departments. First and third-party cyber/digital risk has been No1 for some time but it is increasingly further out in front as it becomes ever more topical, ever more relevant.

“So if you are going to fulfil the requirements of cyber as a principal risk under the code, you need to manage it as a team and you cannot just manage it as head of IT. Make enterprise risk management allies – no risk today is an island, risk management requires an approach developed and delivered by team players.”