Reportable Offences

Reportable Offences

Board reporting is the logical follow on from my blog last week on reporting to Audit and Risk Committees (ARCs).

The “reportable offences” I am talking about this week stem from the type of reporting that is often inflicted on boards from risk and related functions. Reporting that causes boredom, that provides an excuse to reach for the phone to check emails and, occasionally, causes pain and suffering as each excruciating detail is “communicated” to the board.

Just as I wrote last week, performance and risk reporting should be integrated and should reflect on whether the organisation is operating within appetite for risk. Which leads to the question of who is doing the reporting to the board. The risk team or management?

When it comes to this first part of reporting, the answer must be management (don’t worry, there is other important reporting for the risk team). The CEO should be presenting the quarterly performance against strategic plan, the risk to future performance and whether or not the organisation is operating, and is likely to continue to operate, within the board’s appetite for risk.

The risk team’s role in all of this is to help prepare the CEO and broader executive. To help interpret the results of updates to business unit risk profiles, for example, identifying new systemic enterprise risks. Helping to ensure they are properly understood, rated and articulated for the board to comprehend.

Now enter the risk team. Some of the risks the CEO has been talking about may need a deep dive. Preparing and explaining the plan for a deep dive will be both valuable and comforting for the board.

Last but not least the risk team should be updating the board on the key metrics that indicate the maturing (hopefully!) culture of risk-based decision making. These might include basic metrics on shifts in risk profile, the % of controls behind schedule for testing or the number of risk treatments that are overdue. It might also be reporting on risk culture assessments conducted by internal audit or external experts. The focus here is on behaviours. What people do is proof of the culture you have.

I recently asked a group of participants what their biggest takeaway was from the RMIA ERM Course they had just completed. One person piped up straight away, “My job is to change behaviours!”. It was music to my ears.

Speaking of music to one’s ears. The board don’t want to be bored. They want risk reporting to be valuable to them so they can perform their oversight role in ensuring the organisation has a great strategy and understands the risks involved. Simple.

Votes: 0
E-mail me when people leave their comments –

Bryan is a management consultant operating since 2001, specialising in risk-based decision making and influencing decision makers, born from his more than twenty years of facilitating executive and board workshops.

Bryan’s experience as a risk practitioner includes the design and implementation of risk management programs for more than 150 organisations across the public, private and not-for-profit sectors.

Bryan is the author of Risky Business : How Successful Organisations Embrace Uncertainty; Persuasive Advising : How to Turn Red Tape into Blue Ribbon, and Team Think : Unlock the Power of the Collective Mind [to be published in 2022].

He is licenced by the RMIA as a Certified Chief Risk Officer (CCRO) and is the designer and facilitator of their flagship Enterprise Risk Course since 2019.

<a href="http://www.bryanwhitefield.com">www.bryanwhitefield.com</a>

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead