The correct answer is B. Addressing risk exposures that can be controlled at the operational level and monitoring key performance indicators. ISO 31000 emphasizes that communication should be tailored to the needs, responsibilities, and decision-making authority of different organizational levels.
Operational managers are responsible for day-to-day activities, implementation of controls, and performance management. Therefore, risk communication directed to them should focus on practical, actionable information, such as current risk exposures, control effectiveness, deviations from expected performance, and relevant indicators (including KPIs and KRIs).
Option A is more relevant to top management and external communication, where reputation and crisis management are primary concerns. Option C focuses more on first-line employees, who need clarity on individual responsibilities and safety practices. Option D relates to strategic-level communication and is not the primary focus for operational managers.
From a PECB ISO 31000 Lead Risk Manager perspective, effective risk communication ensures that operational managers receive information that enables them to take corrective actions, allocate resources, and maintain control over operational risks. By aligning communication with operational responsibilities, organizations improve responsiveness and resilience. Therefore, the correct answer is addressing controllable operational risk exposures and monitoring indicators.
