The management of risk in an organisation is considered as part of corporate governance because it requires the development of structures, policies and procedures which when operationalised effectively, should create a culture that leads to a better performing organisation more likely to weather the shocks of the environment within which it operates leading to its continued sustainability

The board as part of its role in governing an organisation has a responsiblity to manage the risk that the organisation is prepared to take in achieving the strategic objectives it has set itself

How successful the board is in doing this can affect the performance of the organisation and in some cases where risk is not successfully managed can lead to the insolvency of the organisation

Part of the risk management process is to develop an internal control system.

Corporate governance best practice refers to a boards responsibility for ensuring the effectiveness of the organisation's risk management and internal control systems

The CS should advise the board on the significance of risk management to corporate governance and the board's responsibilities regarding risk management and the internal control system

The board should establish procedures to manage risk, oversee the internal control framework and determine the nature and extent of the principal risks it is willing to take in order to achieve its long term strategic objectives

The Board should carry out a robust assessment of the company's emerging and principal risks. The board should confirm in the annual report that it has completed this assessment, including a description of its principal risks, what proceeders are in place to identify emerging risk and explanation of how these are being managed or mitigated

The board should monitor the company's risk management and internal control systems and at least annually carry out a review of their effectiveness and report on that review in the annual report. The monitoring and review should cover all material controls, including financial, operational and compliance controls

Identify the principal risks it is willing to take to achieve its strategic objectives and those that could threaten the company's business model, future performance, solvency and liquduity

Explain how the principal risks are being managed or mitigated

Monitor the risk management and internal control systems

At least annually carry out a review of the effectiveness of the risk management and internal control systems

Annually carry out an assessment of the future viability of the company for a period to be determined by the board considering the organisation's current position and the principal risks. This provision is instead of the current going concern statement which only covers a 12 month period. The change has been introduced as a period of 12 months may not be appropriate for every company, allowing the flexibility for boards to determine their own time periods was seen as beneficial

Report on these in the company's annual report and accounts

That the audit committee should review the company's internal financial controls. The review of the company's internal control and risk management systems could be done by the board itself, the audit committee or by a separate board risk committee. The company secretary should advise and facilitate the board to consider how this might best be done in their company