Now that the essential principles and directives have been drawn up, the concept of risk management needs to be elaborated upon.
Principles and directives are drawn up throughout the project to summarize all decisions and procedures. These documents are approved by the company's managers and senior executives. Employees then use the documents as guidance when managing the company's risks.
The measures defined in the Risk-Management Process phase have now been implemented. A key component is the constant monitoring of implementation and the accompanying report, both of which are the responsibility of the risk manager. Periodic summaries of all the risks must be made and sent to the company's senior executives and board of directors, including the status of the measures implemented.
Communication in the management report
The new legal provisions (art. 961c, CO) require companies to append a risk assessment to the management report.
The information about the risk assessment must indicate the difference between the risk-assessment procedure and the risks themselves.
This information concerns the procedure and structure of the risk assessment and, potentially, risk management. It is supplemented by a report on the measures relating to the risks identified. It is a good idea to address the following points in the report: