Risk Management

A sound system of internal control provides assurance that the organisation will not be hindered in achieving its objectives or in the orderly and legitimate conduct of its business, by circumstances, which may be reasonably foreseen. Therefore, one of the key system of an organisation's internal control is risk management. All levels of the organisation have a role in risk management.


Leaders of the organisation must ensure that risk management practices and ethos are well embedded into its culture, and set policies and procedures which ensure that the organisation complies with current best practice management arrangements. Leadership is also responsible for:

Chief Risk Officer

Leaders may delegate certain risk management responsibilities to the chief risk officer. Some of their responsibilities can be:

Audit Committee

In many organisations, the audit committee has a key role to play in the risk management process. They can review and monitor various aspects of the risk management system, and can seek assurance around risk management from audits and control reviews, communications with the Comptroller and Auditor General and also Chief Risk Officer and management assurances on risk management and control arrangements.


All staff members have a key part to play in managing risk by:

There is a wide range of relevant guidance in relation to effectively implementing risk management within organisations including risk management guidance from the Department of Public Expenditure and Reform. In terms of international best practice, International Standards Organisation (ISO) 31000:2018 Risk Management - Principles and Guidelines, provides authoritative guidance on what organisations need to do to embed risk management systems and processes.