Since the financial crisis, the need for greater control and compliance has been a recurring theme. But while this may already have been evident in most companies’ financial processes, the challenge comes from extending this to every area of the business.

Paul Moxey is ACCA’s head of corporate governance and risk management and a regular on risk management. Like Richard Anderson, deputy chairman of the (IRM) -- and European governance, risk and control practice leader at Wipro Consulting -- Moxey also believes that trying to define the different types of risk is fraught with difficulty - but he also thinks that there is confusion over the concept of risk itself. “Are we talking about an event, or a cause or the impact of an event?” he asks. “It seems to me that there’s a great deal of confused thinking about those. People tend to use the word risk for any or all.”

A methodology developed by the IRM based on the Fundamental Information Risk Management (Firm) Scorecard, provides a useful reference for companies trying to assess the different types of risks they face. It breaks it down into financial, infrastructure, marketplace and reputational risks; and then again into those that are internally and those that are externally driven.

Financial risksInternally driven- Internal control, fraud, historical liabilities, investments, Capex decisions, liquidity and cashflow. Externally driven- Accounting standards, interest rates, foreign exchange, funds and credit