Boards are under pressure like never before to assure their organization has an effective risk management program. The SEC, through the Proxy Disclosure Enhancements amendment, is holding them personally responsible for risk management.
If your board hasn't already come knocking on your door for a briefing on the effectiveness of risk management, they will be soon. So the $64,000 question remains:
ERM Risk Reporting: What should you present to the board?
The short answer is the larger picture of risk with a connection directly to the front-line. This is the crux of the problem. As you know, the board makes strategic decisions by viewing your organization from a 35,000-foot perspective. They aren't interested in a list of hundreds of risk indicators, or even the top 10 operational risks.
Your board needs to understand the sources of uncertainty that could impair continuing operations or reaching your organization's strategic goals. The risk is not the event of a lawsuit, but rather the uncertainty that employees are acting appropriately that the board needs to know about. It's not the event of supply chain disruption, but rather the uncertainty of preparedness for changes in weather patterns. The board needs to understand trends in uncertainty, that is the larger risk picture, on the commitments they have endorsed.
Sounds simple enough, so how do you assemble this information?
You need to take these big picture issues one by one, and connect them to the real activities that materially contribute to each issue.
How to connect operational risks to strategic goals:
- Choose one of the board's strategic imperatives.
- Identify the business processes that contribute to that goal.
- Assess the root cause of risk for each corresponding process.
- Connect the corresponding risk assessment templates to that strategic goal.
- Repeat steps 1 through 4 for each of the board's strategic goals.
- Report the impact of risk on each strategic goal to the board.
Any one of these steps can be a challenge for risk managers. Find out how ready you are to present to the board, evaluate your risk program with the RIMS Risk Maturity Model Assessment.
You can also learn more about what the board requires by watching this on-demand webinar What is Strategic ERM?