[Jan 2016]




Featured images

Comparison of risk management in UK and US

Written by: Ms. Winnie Leung - Risk Manager

Risk management is established to analyze, assess, control and avoid, minimize or eliminate unacceptable risks. The company should use risk assumption, risk avoidance, risk retention, risk transfer or other methods (or combine the methods) to manage risk. Risk management could help to protect shareholder’s long-term interests and build a better defense against potential risks.
The awareness and importance of risk management has been enhanced in Hong Kong after the Consultation Conclusions on risk management and internal control in 2014. In fact, the UK and the US, whose approaches are completely different, have enforced the requirements of risk management in their own system after the scandals in financial services sector and the global financial crisis. In this newsletter, we are going to compare the risk management in the UK and the US.

Regulations on risk management
In the UK, the Corporate Governance Code (“UK Code”) provides a guide on the principles and code provision of good corporate governance as well as effective board practice to all companies with a listing of equity shares. Risk management and internal control systems have also been included in the UK Code. Under the UK Code, company should report whether they have followed the requirements or provide the reasons for non-compliance. The UK Code will be updated to adapt the changing business environment on a regular basis. It provides buffer time for companies to comply.
Rules-based approach is adopted in US risk management. Securities and Exchange Commission has set rules and regulations to ensure that the listed companies in the US comply with Section 404 of Sarbanes-Oxley Act (“SOX”) which regulates the internal control and risk management practices in business. Under SOX, company has to comply with every detail; otherwise, they will breach the law. SOX may not provide timely response to the changing environment and any deviation are not allowed once the law takes effect.

Board level: As per the UK Code, the board is responsible for determining the risk appetite and ensuring the design and implementation of the risk management system. In the US, the board is only responsible for monitoring the risk management framework and significant risks faced by the company, such as compliance risk and operational risk.
Management level: For UK risk management framework, management is responsible for daily operation and actual implementation of the policies and strategies which have been established by the board while the primary role and responsibility of management in the US is to establish and carry out risk management.

Attestation and reporting
Refer to the UK Code, audit committee is required to review the internal control and risk management systems and the effectiveness of the internal audit function. Audit committee or other parties do not have to prepare attestation or report on risk management. In the US, assessment on internal control should be conducted by the management and attested by a registered public accounting firm.

There are advantages and disadvantages in both UK and US risk management framework, but they are established to protect the interests of the investors, rectify the misconducts in the past and enhance business behaviors with a focus on risk. Company should undertake risk management in accordance with the local characteristics of different country.


If there are any aspects which we may assist, please do not hesitate to contact:

Partner in charge - Mr. Roy Lo
roy.lo@shinewing.hk (Tel. 3583 8048) or

Senior Risk Manager - Ms. Gloria So
gloria.so@shinewing.hk (Tel. 3583 8517)


SHINEWING Risk Services Limited

Contact Us

SHINEWING Risk Services Limited
43/F., Lee Garden One, 33 Hysan Avenue Causeway Bay, Hong Kong,

T. (852) 3583 8000

F. (852) 3583 8532

W. www.shinewing.hk

E. risk@shinewing.hk


product image


SHINEWING Risk Services Limited is an industry leader with many years of experience in risk management and internal control review services in China and Hong Kong. SHINEWING has maintained its leadership position in the market over the years.

Headquartered in Beijing and with branch offices in Hong Kong, Singapore, Japan and Australia, Shenzhen, Chengdu, Shanghai, Xi’an, Tianjin, Qingdao, Changsha, Changchun, Yinchuan, Jinan, Dalian, Kunming, Guangzhou, Fuzhou, Nanjing, Urumqi, Wuhan, Hangzhou, Taiyuan, Chongqing, Nanning and Hefei. SHINEWING is ideally positioned to provide services for our valued clients.


(c)2016 SHINEWING Risk Services Limited. All rights reserved.

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.