In today’s volatile global landscape, corporate boards are no longer able to rely on the traditional assumption that risks can be neatly categorised and managed in isolation.

The lines between financial, operational, technological, regulatory, and reputational risks are blurring. For UK boards and the accountants who advise them this presents both a challenge and an opportunity.

A key part of corporate governance now involves ensuring that boards can navigate this increasingly varied set of risks with confidence, foresight, and accountability.

Historically, board discussions around risk concentrated on financial resilience, compliance with accounting standards, and maintaining stakeholder trust through effective reporting. While these remain essential, it could be argued that the scope of risks has widened dramatically in recent years.

Horizon scanning for interconnectivity

Strategist and author Paul de Ruijter would argue, however, that the assortment of risks facing business is unchanged. What differs is the pace of change. For cash-rich businesses with an abundance of time and resources, horizon-scanning and scenario planning has always been a priority.

He cites his time working at Shell 30 years ago. “Shell was so rich, they could think about future risks,” he says. “It was a nice-to-have and a very, very good investment because they were always prepared for what was coming. They always had an edge.”

Nowadays, for most organisations, scenario planning is a need-to-have. Although today, CEOs must have a risk paragraph in their annual report, it’s vital to avoid seeing risk assessment as a compliance exercise.

“The way I was trained is you want to see your risk as an opportunity rather than as a possible downside,” says De Ruijter, who worked on international strategy projects with a variety of multinationals, global institutions and NGOs.

He points to Dutch bank Rabobank as a clear example of preparedness. While governments around the world had to bail out their banks during the financial crash of 2007/08, Rabobank was one of the few major Dutch banks that did not need a state bailout and was able to maintain consistent profitability. Primarily because it had scenario planned for such an occurrence and had a more cautious business strategy.

For boards today, the challenge lies not just in recognising these risks individually but in understanding their interdependencies. For accountants, this means supporting the board in adopting integrated risk management approaches rather than treating each category in isolation.

The UK Corporate Governance Code places clear expectations on boards to establish a robust framework for risk management and internal control. Yet effective practice extends beyond compliance. Boards are expected to demonstrate active oversight, ensure alignment between strategy and risk appetite, and foster a culture where risks are identified and escalated early.

“External risks such as a pandemic or anything else that is outside of your control, like new regulations, new technologies or new competitors. Your task is to be prepared. To be better prepared than your competitor to these disruptions in the external world,” De Ruijter says.

Boards are increasingly expected to be more agile. Governance structures must allow for rapid decision-making when emerging risks materialise.

Non-financial risks such as ESG, technology, and reputational risks must feature alongside financial risks in boardroom discussions. And boards must be clear about ownership of risk oversight, ensuring committees (such as audit, risk, and remuneration) are aligned.

Managing strategic risk

Accountants serving as advisers or sitting as board members play a pivotal role in bridging the gap between technical expertise and strategic oversight. Financial acumen, risk sensitivity, and professional scepticism are invaluable in helping boards respond to complex challenges.

Especially in regard to strategic risk. “There is no return without risk. So, you also need to be risk seeking.” He argues that board members should ask themselves:

• Where do I want to be risk seeking?
• What is the type of risk that I’d like to have? (Because I understand it better, and because I see a return in taking the risk.) 

“A lot of risk is there to be prepared for, and a lot of risk is there to be taken,” he says.

To achieve robust risk assessment and identification it is critical to ensure boards have diversity of thought, background and experience, according to De Ruijter.

Scenario planning, stress testing, sensitivity analysis and connecting risks allow diverse boards to make better-informed decisions. “Connected risks require military minds, technologists and lawyers to work with economists, social scientists and political scientists, for example,” he says.

Moreover, De Ruijter says that governments alone can no longer combat things like cyber-attacks. All sections of society must learn to share intelligence to navigate these large-scale interconnected risks we face. That also involves connectivity of people’s networks.

Indeed, today, the Netherlands’s national security authority, like the UK's National Security Strategy 2025, has adapted its approach to risk where it takes an all-of-society approach.

Practical steps

Many UK boards are adapting their governance practices to better manage an expanding risk profile by establishing dedicated risk committees. While audit committees traditionally bore responsibility for risk, complex risk landscapes are leading many boards to create standalone risk committees with broader remits.

Ideally, risk assessments discussions should be dynamic and regular. Board members should also be responsible for maintaining up-to-date knowledge on cyber security, ESG, and regulatory changes. Structured training and external briefings are now standard practice.

Digital dashboards, heat maps, real-time risk analytics, and predictive modelling tools are enabling boards to stay up-to-date on developments.

Risk management will remain at the centre of corporate governance developments, with growing pressure on boards to demonstrate not only compliance but effectiveness.

Managing an increasingly varied set of risks requires boards to think differently about governance. It is no longer enough to rely on financial metrics or reactive controls. Boards must adopt a holistic, forward-looking approach that integrates financial, non-financial, and strategic risks into their decision-making. Or their competitors will gain the edge.