It is ten years since the Turnbull Report on Corporate Governance was published. The report focused on internal control guidance for directors on the combined code, but the most significant recommendation was that major companies should have a system in place for reporting risk. Since then most FTSE 100 companies either have a Chief Risk Officer (CRO) or Risk Committee; some wrap risk reporting within Business Assurance or Internal Audit which are departments that typically report to the Finance Director.