Boards are under pressure like never before to assure their organization has an effective risk management program.  The SEC, through the Proxy Disclosure Enhancements amendment,  is holding them personally responsible for risk management.

If your board hasn't already come knocking on your door for a briefing on the effectiveness of risk management, they will be soon.  So the $64,000 question remains:

ERM Risk Reporting: What should you present to the board?

The short answer is the larger picture of risk with a connection directly to the front-line.  This is the crux of the problem.  As you know, the board makes strategic decisions by viewing your organization from a 35,000-foot perspective.  They aren't interested in a list of hundreds of risk indicators, or even the top 10 operational risks. 

Your board needs to understand the sources of uncertainty that could impair continuing operations or reaching your organization's strategic goals.  The risk is not the event of a lawsuit, but rather the uncertainty that employees are acting appropriately that the board needs to know about.  It's not the event of supply chain disruption, but rather the uncertainty of preparedness for changes in weather patterns.  The board needs to understand trends in uncertainty, that is the larger risk picture, on the commitments they have endorsed.

Sounds simple enough, so how do you assemble this information?

You need to take these big picture issues one by one, and connect them to the real activities that materially contribute to each issue.

How to connect operational risks to strategic goals:

  1. Choose one of the board's strategic imperatives.
  2. Identify the business processes that contribute to that goal.
  3. Assess the root cause of risk for each corresponding process.
  4. Connect the corresponding risk assessment templates to that strategic goal.
  5. Repeat steps 1 through 4 for each of the board's strategic goals.
  6. Report the impact of risk on each strategic goal to the board.

Any one of these steps can be a challenge for risk managers.  Find out how ready you are to present to the board, evaluate your risk program with the RIMS Risk Maturity Model Assessment.

You can also learn more about what the board requires by watching this on-demand webinar What is Strategic ERM?

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!