One of the problems of risk management is who it should belong to. Financial services firms are often more advanced than other sectors in their approach and will almost certainly employ a chief risk officer. Other industries will share the responsibility out among finance, legal and various committees.

Richard Anderson, deputy chairman of the Institute of risk management and European governance, risk and control practice leader at Wipro Consulting, believes that a large part of the responsibility falls with the CFO.

“Sometimes you talk to organisations and they have a risk management group, they have an internal audit group, they might have an internal control function - they’ll clearly have an IT department - and they’re all working in their own silos,” said Anderson. “Somebody’s going to have to take control and pull it together under what we might describe as a good GRC [governance, risk and control] approach. The CFO has got to play a leading role in that.”

A changing tide

The financial crisis certainly shone a spotlight on risk management, but, according to Anderson, it has fundamentally changed how companies must approach the subject. “Essentially, it [the FRC] is asking them to look at their risk appetite and tolerance at a strategic level,” he says.