Log in Join now Library
Airmic regularly carries out research, and publishes the results in the form of reports, guides and benchmarking documents.

EXPLAINED: Risk and managing risk


Airmic, Marsh 22nd September 2020


Risk taking is fundamental to the success of any organisation. The leaders of an organisation must decide the extent to which risk needs to be sought, accepted, addressed or avoided and their approach to this will determine how risks are managed across their organisation.

The concept of risk management has been of increasing relevance and importance in recent years, triggered in part by well publicised large company failures and the increasing maturity of corporate governance frameworks.

Societal trends such as business accountability, disclosure of information, the velocity of change, the connectivity of risks, the impact of emerging technologies and high impact, low probability risk lie the Covid-19 pandemic, have all added emphasis and importance to the need for effective risk management. Coupled with the rise in global regulations and laws, risk management has never been higher on the board agenda nor required more of today’s risk manager.

A wealth of knowledge, guides, standards and publications exists to help with the detailed development of risk management strategies and implementation of risk management programmes. 

However, increasingly, the focus now is to address increased complexity and connectivity and ensure that risk management enhances business models by operating as an integral part of established and future processes. This approach requires a shared view of the impact of risk on business objectives and effective communication between business leaders, functional teams and business operations.  

This guide summarises current approaches to risk management to promote a shared understanding. It will be particularly useful for those new to risk management.

It looks initially at the definition of risk and how risk management helps organisations address uncertainty.

It then summarises the key principles underpinning the design and operation of a risk management programme with reference to the international risk management standard ISO 31000: 2018. It moves on to consider how risk governance fits within the developing corporate governance frameworks. 

Human and cultural factors have a fundamental impact on the success of the risk management programme; these factors and the importance of leadership are considered in section 5.

Section 6 focuses on articulating risk within the organisation and will help the reader understand how risks are identified and assessed in the internal and external context of the business. The approach to accepting and managing risks in order to create and protect value varies substantially across businesses and this section highlights the way risks are evaluated in conjunction with the risk criteria developed by the business.

The guide incorporates practical examples where appropriate. It also introduces the subject of organisational resilience and outlines the importance of appropriate resilience within the wider risk management approach. The International standard ISO 22301:2019 which specifies the requirements for a management system to protect against, reduce the likelihood of, and ensure a business recovers from disruptive incidents and British standard BS 65000:2014 which provides guidance on organisational resilience, are both referenced alongside cases from the Airmic Roads to Ruin and Roads to Resilience publications.

The guide outlines why internal and external communication and monitoring are a key part of any successful risk management programme. The impact of the Financial Reporting Council (FRC) guidance is considered as part of the external communication strategy of a listed company.

This guide is intended to be used by Airmic members starting out in their career in the profession, and by those who may be new to this subject, or to be shared with their business colleagues in areas such as procurement, finance, human resources, IT and internal audit.

Table of contents