Nick Leeson will forever be remembered as the man who single-handedly brought down a venerable but highly successful British institution - Barings Bank in 1995 - yet his name could equally be linked to a resurgence in good corporate governance. Sadly, this is unlikely.

We live in a society that communicates much of its information globally and rapidly through the sound-bite, televisual appeal of headline-makers. Nick Leeson - the man who lost his Barings and made £869 million disappear into a banking black-hole - rates as front-page news. The banking system (or lack of it), which allowed an individual to take such uncontrolled risks with investors' savings, is a story but not a headline-grabber.

But those of us who manage risk and have the responsibility for ensuring good corporate governance within their organisations would do well to consider the sub-text of front-page news when it breaks. News stories often report dramatic changes and when things change so do the present and future risk implications. That is one of the reasons that Nick Leeson and the Barings debacle in 1995 prompted a fresh examination and interest in the practice of corporate governance within organisations worldwide, and particularly in the UK and European banking and financial sectors.

Not that the risk management practitioners were unaware of the need for good corporate governance prior to Nick Leeson's activities. Let us just say that, when centuries-old banking institutions and enough money to run a small country disappear overnight, it tends to focus management minds.

The important management discipline of good corporate governance evolved in the 1990s through a series of official reports - Cadbury, Greenbury, Hampel and finally, in September 1999, Turnbull. Each emphasised the need for integrated risk management.

Turnbull makes it clear that the main board is responsible for “embedding” proper internal controls in the company's culture and ensuring that the businesses, while taking risks, guard against a range of threats to shareholder value. Nigel Turnbull (then finance director of the Rank Group), whose committee published its report last year, said that companies which embraced risk management positively would find it of benefit in identifying opportunities as well as pitfalls. Successful risk management also provides an early warning system in vulnerable areas.

The automatic reaction of most people to the word “risk” was the need to reduce it, he said when giving the Association of Insurance and Risk Managers (AIRMIC) lecture in 1999. “But in many companies a more important key risk could be the failure to do something, for example produce a new product on time, widen the customer base or prepare for e-commerce. Internal control encourages best practice and can add value.”

Nigel Turnbull said his committee had sought to produce robust and practical guidance that would help companies ensure they have effective risk management and internal control systems. The guidance stated that listed companies should disclose in their annual accounts a system of internal control that goes far beyond what was previously regarded as adequate to safeguard shareholder interests. This system had to be reviewed on an annual basis to ensure all risks were properly managed. Companies are expected to monitor a wide range of threats, such as potential damage from unethical behaviour, and directors are responsible for checking non-financial risks such as those posed by environmentally-unfriendly policies and changes in markets and technologies.

Importantly, towards the end of the 20th century, running parallel to this growing requirement for good corporate governance practices within organisations, there had been a growing awareness of the value of good risk management to the corporate bottom line. Indeed, Mark Butterworth, my predecessor as AIRMIC chairman, has said: “Good risk management and the continued development of corporate governance principles go hand-in-hand, and so they should. The management of risk is a fundamental on the road to a secure and successful business future in today's competitive world.”

Organisations are increasingly becoming aware of this link between managing risk well and cost effectiveness. Over the past 20 years, AIRMIC has conducted surveys among its members and can reveal that the trend since 1981 shows risk management as being a finance-linked rather than administration-linked function. The 1981 AIRMIC survey showed that 13.2% of respondents had a reporting line to the financial function of their organisation. Now most do.

Also of note is the change in job titles. During the period, there was a shift away from the use of “insurance” in our members' job titles towards the use of the word “risk”. This can be seen as an indicator of the position of insurance as a tool in the management of an ever-widening range of risks, and the role of risk management within the overall corporate governance programme.

So where does this all leave the risk manager of the 21st century? I think he is well placed to drive forward the culture of risk management and good corporate governance within organisations. With the majority of risk managers now reporting through the finance function, they are already in the loop as far as Turnbull is concerned. In fact, I would go so far as to say that risk managers are at the focal point of the loop - or the “virtuous circle” as I prefer to view the management of risk.

Let me explain. The Oxford English Dictionary's definition of a virtuous circle is: “a beneficial recurring cycle of cause and effect.” I believe this concept relates to both the process and to the culture of risk management. The process is like a cycle or wheel which starts with the objectives and standards of the organisation - the essential foundations of any risk assessment and improvement process.

It involves the setting of business objectives, the identification of threats and opportunities which will affect those objectives, and the quantification and evaluation of the options relating to risk mitigation or enhancement, leading to a process of continuous improvement. Also incorporated into this cycle must be the need for assurances that proper monitoring processes are in place, as well as a “response” process, as there will inevitably be crises. This process should, therefore, incorporate disaster and business continuity planning, media management and insurance.

Risk management is everyone's problem and everyone's opportunity. And, because it affects every aspect of the business, no single person in any company has total ownership. Turnbull has raised the profile of risk management and encourages cooperative working with colleagues. But it needs a focused approach, and I see the risk manager's role as effectively driving the process by facilitation and communication. The concept of the virtuous circle helps break down barriers, creating a partnership approach among professional disciplines that can result in a risk management strategy that is greater than the sum of the parts.

Turnbull has also helped gain the support of the very highest level of management, particularly from directors who see and appreciate the strategic implications of integrated risk management. If they have not already done so, organisations should consider the creation of an integrated risk management forum - a risk advisory committee perhaps - as the foundation for a successful corporate governance framework to comply with the requirements of the Turnbull report and its predecessors.

AIRMIC believes a typical risk advisory committee might be chaired by a main board director, and should include representation from relevant functions such as risk management, internal audit, health and safety and operational input. But the association accepts that individual companies will establish the constituent functions and members of their risk advisory committees according to their corporate structure, culture, and objectives.

Institutional investors have also gained through Turnbull. They will now be able to assess more fully a company's approach to risks and its risk management strategy - risk reports are increasingly becoming part of the annual report. And, as senior management minds explore risk management strategies and policies, the opportunity opens up for the risk financing and insurance markets to provide specifically designed products to meet business needs.

Although Turnbull relates to public listed companies, AIRMIC's sister risk management organisation within the public sector, the Association of Local Authority Risk Managers (ALARM), is also aware of its implications. ALARM chief executive Liz Taylor has said: “Our lives in the public risk sector may change as a result of a renewed management focus on good corporate governance.” Ms Taylor is encouraging ALARM members to keep abreast of the corporate governance legislation and guidelines within the private sector, since she believes they may well influence management thinking within local authorities in the near future.

AIRMIC has been keeping its members fully informed about corporate governance. It recently practised what it preaches about “creating a partnership approach among professional disciplines” by staging a joint seminar with the Association of Corporate Treasurers which was entitled Treasurers and risk managers - working together to turn corporate governance into superior performance.

Alan Fleming is chairman of the Association of Insurance and Risk Managers (AIRMIC), 6 Lloyd's Avenue, London EC3N 3AX, Tel: + 44 (0)20 7480 7610 Fax: +44 (0)20 7702 3752, Email: david.gamble@airmic.co.uk

Topics