As risk is inherently unpredictable, the Board of Directors (BOD) and those charged with governance need to have timely and adaptable data, capable of depicting current risks affecting the lines of business they govern. Naturally, as discrete risk events such as inflation, supply chain complications, and geopolitical impacts continue to appear, business imperatives evolve, subsequently causing strategies to be amended that create new facets for the governance of risk.
Key lessons learned from the pandemic demonstrate the importance of preparing for the unforeseen and the need for adaptable risk reporting systems, which are equipped to support companies through an evolving risk landscape. Those responsible for governance need to be mindful of risks that would impede business imperatives and prevent them from achieving their goals. In today’s fast-paced and continuously evolving world, BODs face perpetual distress on day-to-day operations, calling for the importance to proactively manage risk events and the ability to adopt operational resilience.
Risk reporting historically highlights risk based on past events, primarily using Key Performance Indicators (KPIs) as a form of measurement. However, KPIs only portray what has already happened in the past. Risk reporting is most effective in a dynamic, forward-looking state, where real time data is used to create actions to address strategic risks going forward.
Common challenges seen in BOD risk reports include siloed risk information, reactionary reporting processes, and a lack of interconnectedness between reporting frameworks that are not dynamic enough to address emerging risks.
Risk reporting should balance the assessment of emerging strategic risks with more traditional risk reporting that details key risk metrics, risk limits, risk appetite monitoring, and scenario analyses. Keeping a focus on emerging risks that directly affect the most critical strategic elements would help those charged with governance keep the organization’s focus on future growth aligned with strategic imperatives such as Environmental, Social, and Governance regulatory requirements.
Recent Risk Reporting Trends
BODs are now seeking input on what lies ahead and how those risk factors are going to affect the strategy of a business. Impending data needs to be reliable and emanate from agreed upon data sources that enable validation between risk reports, KPIs, and financial statements. Further, BODs have stated the importance of establishing agile and adaptable risk reports to effectively keep-up with the dynamic risk environment.
What more BODs are asking for is:
(1) The single source of truth and (i.e., validation between what is being reported in financial statements and what is being reported through KPIs)
(2) Agile reports that adapt to current trends; and
(3) Integrating emerging risks into the reporting package.
Risk Reporting Approach
Every company has a dynamic set of risks, processes, and controls to consider and there is no single best way to design risk reporting. Risk reporting should be one of the BOD’s most valuable tools for understanding, governing, and drawing out the expertise of its members to manage risk. Therefore, to give BOD members a clear view of the risks and opportunities facing the organization, Accenture suggests the following success factors for risk managers to focus on when it comes to developing a BOD risk package:
- Risk Sensing
Challenge: Keeping the BODs and management team well-informed about risks that may emerge in the future on a regular basis.
One of the key responsibilities of a CRO (Chief Risk Officer) is to consistently be aware of and scanning for risks that are on the organization’s horizon and have risk mitigation plans ready. One approach to overcome that challenge is to develop a risk radar dashboard to illustrate emerging risk events’ time horizon and assessment. A risk radar tool visualizes an analysis of risk sources categorized in a manner right for the organization with indications of near, mid, and long-range risks.
2. Utilize Intelligent Automation & Business Intelligence to Enable Risk Reporting Capabilities
Challenge: There are three pain points typical to risk reporting, including resource constraints, lack of consistency, and unstructured data.
Potential solutions for solving these challenges include using intelligent automation, NLG (natural language generation), artificial intelligence, and business intelligence tools. We help clients streamline risk reporting processes, using NLG to develop initial risk narratives, and using structured data to draft consistent, high quality risk reports. Intelligent automation is a technique used to prepare data for reporting consumption, as risk data tends to exist in many disparate systems; business intelligence software, cloud-based tools, workflow automation, and data integration technology can be used to provide proactive risk metric reporting.
3. Right Sizing the Risk Report
Challenge: Risk reporting tends to become additive over time as risk managers field a variety of risk reporting requests from a variety of stakeholders and regulatory bodies.
Generally, a BOD reporting package should focus on the most pertinent risks. The risks highlighted in the reporting package should typically be prioritized by combinations of impact likelihood, velocity, and interconnectedness while using a combination of narrative discussion and supporting visualizations for presentation. After presentations to the BODs of the top and emerging risks facing an organization, deeper dives are at the request of the BODs, prepared by the risk owner, management or internal audit and reported at the committee level. Overwhelming the BODs with too much information poses its own risk by shifting focus away from pertinent issues and increases the legal liability of the BOD.
4. Define a Flexible Operating Model
Challenge: Bandwidth and the need to collaborate effectively across multiple functional organizations to deliver executive level risk reporting. Since BOD teams typically offer a diverse set of perspectives it can be challenging to predict every question or desired insight.
Therefore, it is critical to set up an operating model that is designed to effectively gather and address ad-hoc questions as they arise. A best practice with Enterprise Risk Management organizations is to assemble small “SWAT” teams who manage the BOD’s feedback, addressing it with other risk, technology, and data management teams. This team also plays a key role in assessing and reporting on the interconnectedness of risks, highlighting linkages and implications across the risk taxonomy.
5. Establish a Well Governed Risk Reporting Process
Challenge: There are typically many employees contributing to a report that should be professionally written with fresh data and analytical insights, which is susceptible to human error. BOD reporting requires many different experts and teams to work collaboratively to meet a high standard of quality in a short amount of time with many different reviews and checkpoints along the way.
A key success factor to overcome these challenges is to define a repeatable process that is geared toward risk reporting governance standards. A well governed process can also help to avoid internal political implications which need to be managed through socializing the discussion ahead of time.
As the role of the BODs is to make actionable decisions based on available risk reports, it is crucial for them to be presented holistic risk reporting in a concise manner. Presenting adaptable reporting connected to emerging and strategic risks allows management to showcase how they are managing and being held accountable to the rapidly evolving risk landscape. This positions the BOD to make informed decisions on key risks. Accenture is well-positioned to support companies with the modernization of their reporting to build operational resilience and enable flexibility for board reporting needs.
This blog is intended for general informational purposes only, does not take into account the reader’s specific circumstances, may not reflect the most current developments, and is not intended to provide advice on specific circumstances. Accenture disclaims, to the fullest extent permitted by applicable law, all liability for the accuracy and completeness of the information in this blog and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professional.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 650,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Its home page is www.accenture.com.