Please enable JavaScript.
Coggle requires JavaScript to display documents.
Risk Management Internal Control and Related-Reporting (FRC 2014)…
Risk Management Internal Control and Related-Reporting (FRC 2014)
Monitoring and Review of the Risk Management and Internal Control Systems
When reviewing reports during the year, the board should consider
whether necessary actions are being taken promptly to remedy any significant failings or weaknesses
and whether the causes of the failing or weakness indicate poor decision-taking, a need for more extensive monitoring or a reassessment of the effectiveness of management's on-going processes
how they have been managed or mitigated
how effectively the risks have been assessed and the principal risks determined
The annual review of effectiveness should, in particular, consider
the changes in the nature, likelihood and impact of principal risks, and the company's ability to respond to changes in its business and the external environment
the extent, frequency and quality of the communication of the results of management’s monitoring to the board which enables it to build up a cumulative assessment of the state of control in the company and the effectiveness with which risk is being managed or mitigated
the integration of risk management and internal controls with considerations of strategy and business model, and with business planning processes;
issues dealt with in reports reviewed by the board during the year, in particular the incidence of significant control failings or weaknesses that have been identified at any time during the period and the extent to which they have, or could have, resulted in unforeseen impact; and
the operation of the risk management and internal control systems, covering the design, implementation, monitoring and review and identification of risks and determination of those which are principal to the company
the effectiveness of the company's public reporting processes
the company’s willingness to take on risk (its “risk appetite”), the desired culture within the company and whether this culture has been embedded
Related Financial and Business Reporting
The assessment and processes set out in this guidance should be used coherently to inform a number of distinct but related disclosures in the annual report and accounts. These are
reporting on whether the directors have a reasonable expectation that the company will be able to continue in operation and meet its liabilities as they fall due (as required by the Code)
reporting on the going concern basis of accounting (as required by accounting standards and the Code); and
r
eporting on the principal risks facing the company and how they are managed or mitigated (as required by the Companies Act 2006 (the “Companies Act”) and the Code)
reporting on the review of the risk management and internal control system (as required by the Code), and the main features of the company’s risk management and internal control system in relation to the financial reporting process (as required under the UK Listing Authority’s Disclosure and Transparency Rules).
Establishing the Risk Management and Internal Control Systems
The risk management and internal control systems encompass the policies, culture, organisation, behaviours, processes, systems and other aspects of a company that, taken together:
help to reduce the likelihood and impact of poor judgement in decision-making; risk-taking that exceeds the levels agreed by the board; human error; or control processes being deliberately circumvented
help ensure the quality of internal and external reporting; and
facilitate its effective and efficient operation by enabling it to assess current and emerging risks, respond appropriately to risks and significant control failures and to safeguard its assets
help ensure compliance with applicable laws and regulations, and also with internal policies with respect to the conduct of business
When considering risk the board should consider the following aspects:
the exposure to risks before and after risks are managed or mitigated, as appropriate
the operation of the relevant controls and control processes
the company's ability to reduce the likelihood of the risks materialising, and of the impact on the business of risks that do materialise
the effectiveness and relative costs and benefits of particular controls
the likelihood of the risks concerned materialising, and the impact of related risks materialising as a result or at the same time
the impact of the values and culture of the company, and the way that teams and individuals are incentivised, on the effectiveness of the systems
the nature and extent of the risks, including principal risks, facing, or being taken by, the company which it regards as desirable or acceptable for the company to bear