Risk Reporting and CommunicationFor internal reporting purposes different levels within the organisation need different information from the risk management process. For example while the board of directors would like to know about the most significant risks facing the organisation, business units within the organisation would be aware of risks which fall into their area of responsibility, and individuals would understand their accountability for individual risks.
External reporting enables a company to report to its stakeholders on a regular basis setting out its risk management policies and the effectiveness in achieving its objectives. Good corporate governance requires companies adopt a methodical approach to risk management.
Risk TreatmentThe process of selecting and implementing measures to modify the risk is called risk treatment. This process includes risk control/mitigation and extends to risk avoidance, risk transfer, risk financing, etc. A system of treatment should have a threshold of efficient and effective operation of the organisation; effective internal controls; and compliance with laws and regulation.
Making a detailed risk analysis assists the effective and efficient operation of the organisation by identifying those risks which require attention by management. Risk control actions are prioritised in terms of their potential benefit to the organisation. Effectiveness of internal controls is the extent to which the risk will either be eliminated or reduced by the proposed control measure by a cost/benefit analysis. Compliance with laws and regulations is not an option. Understanding the applicable laws and implementing a system of controls to achieve compliance is a must.