How to create standout risk reports that demonstrate the real value of Risk

24 min read
Apr 25, 2023

Risk management - and the risk team itself - can gain greater traction with senior leaders and the board if risk reports centre around a few key principles; know your audience, make it relevant, hone the narrative, visualise your risk, and provide a future outlook. From examples contributed by our membership, we've aggregated the core components that make up effective risk reporting.


How to create standout risk reports
How to create standout reports that demonstrate the real value of Risk
Download this article as a PDF so you can come back to it whenever you need to.
Download Now

As risk leaders look for a way to advance their risk reporting frameworks and better engage the business on risk, the next step for many risk teams is finding a way to add demonstrable value to the business through reporting.

With this in mind, we have distilled key insights shared by risk leaders in our membership to produce this article. It provides a high-level overview as to why risk reporting is important, how risk teams can effectively report risk to senior leaders, and how businesses report risks to the wider world.

It also underlines the importance of evolving your risk reporting process so that it remains relevant and continues to meet the needs of business leaders, as well as the wider pool of external stakeholders who keep a watchful eye over how the organisation is managing its risks. 

1-What is risk reporting 2-Internal-risk-reporting
3-external-risk-reporting 4-how-to-be-relevant-and-effective

1. What is risk reporting and why is it important?

 

a. Risk reporting definition

b. What is the difference between internal and external risk reporting?

c. When and how often should companies generate risk reports?

d. How can risk reporting add value to a business?
Risk-Leadership-Network-combination-logo_RGB


a. Risk reporting definition

It is not enough for the risk team to identify threats and opportunities to the business and monitor them in a silo. Ultimately, the purpose of the risk management function is to support the rest of the business to manage its risks better. This is where risk reporting comes in.

Through the risk reporting line, risk teams typically feed information up to the audit and risk committee and/or the executive board to raise awareness of any new risks to the business, provide updates on the status of existing risks, and potentially get senior leaders' buy-in for risk projects (read more on common risk reporting lines).

With this information, senior leaders (especially risk owners) can cascade responsibility for the steps that need to be taken to the relevant parts of the business. For instance, if the risk team had determined that health and safety risks have become more probable based on indicators, the risk owner (with the support of the risk function) can work with parts of the business to strengthen controls and mitigate the potential risk.


b.  What's the difference between internal and external risk reporting?

Graphic 1

Reporting to who?

  • Internal risk reporting is delivered by the risk team to their direct report - which in some cases is the board itself.
  • External risk reporting is conducted by the business on a yearly basis via the organisation's annual report. This lets external stakeholders, such as investors, know what risks the business is monitoring and how they are being managed.

What frequency?

  • Internal risk reporting tends to happen on a more frequent basis for the business to be agile enough to anticipate and respond to risks.
  • External risk reporting is less frequent, as it's produced for the company annual report.

How does the content differ?

  • Internal risk reporting has greater depth than what is covered in a typical risk section of a company annual report. With more detail and no mandated requirements, the report is tailored to the needs of the business, focusing on action points.
  • External risk reporting is a more brief, high-level overview of the risks the business is focusing on. The contents is often dictated by the mandates of the jurisdiction the company is in. These require listed businesses to include certain information in their reports (e.g. since April 2022, the UK has required listed businesses to report on their climate-related financial disclosures).

c. When and how often should companies generate risk reports?

According to two benchmark studies we've conducted recently: 

  1. It is most common for risk reports to be generated quarterly, regardless of the company's risk operating model. This is because, for most companies, the CRO or direct report of the risk team (for example, the chief financial officer) reports to the audit and risk committee (ARC) or the board once a quarter. This places a requirement on the centralised or decentralised group risk function to review their risk registers, indicators and other data sources and prepare their report on a regular basis.

  2. When risk teams report directly to the board, 48% of businesses generate and deliver risk reports on a biannual basis.

  3. 69% of companies report quarterly into the audit and risk committee.

risk-report-graph-2

Two risk reporting benchmarks

To help members of Risk Leadership Network with their risk priorities, we've recently conducted two benchmark studies on risk reporting:

1. Risk reporting to the ARC and board

Risk reporting to the ARC and board

This ongoing survey benchmarks the processes, content and formats of risk reporting for 120+ leading companies from around the world. Take the self-assessment and you'll instantly get a bespoke benchmark report that compares your (anonymous) answers against the latest data.

2. Risk operating models - the market benchmark

Risk operating benchmark

This extensive report highlights trends in risk operating models, reporting lines and risk responsibilities. We've aggregated data and insights from over 50 multinational companies from around the world spanning 15 sectors, mixing extensive quantitative data with in-depth one-on-one interviews. Download the full benchmark report or read some key learnings from the benchmark in our most recent analysis.


d. How can risk reporting add value to a business?

It is one thing to improve the quality of different aspects of your risk reporting, but the key question risk leaders are asking themselves is, how can risk reporting add value to the business? Having the answer to this question is what will get you noticed by senior stakeholders and business decision-makers.

Three ways risk reporting can add value to a business

  1. Address threats that may cause business failures, as well as identifying opportunities for success. 


    Finding the right balance between the two is key: it helps to challenge any preconceived notions that the risk team is the 'policy police', and can help support the board to build resources and manage risks more efficiently.

  2. Report on risk through a strategic lens.

    Consider the long-term impacts as well as their short-term effects, and question any assumptions upon which business objectives are based. Business leaders care, first and foremost, about what they are trying to achieve, so framing your risks from the perspective of meeting strategic objectives can make risk management more valuable to the business.
    More on linking risks to strategic objectives in reporting

  3. Look back as well as forwards.
    Our ongoing Risk reporting to the ARC and board benchmark finds that one quarter of businesses provide lessons learned within their regular risk reports to the audit and risk committee. Even fewer include this when reporting to the board. It becomes challenging to manage risks effectively without acknowledging what worked and what didn't in the past. Establishing an iterative cycle of improvement through risk reporting can allow you to evolve your risk approach and make the business stronger.

2. How do risk teams report on risk to the business?

  1. Most common risk reporting lines used by businesses

  2. Create an effective risk reporting template

  3. Source information by using the right indicators

  4. Engage stakeholders with visual risk reporting

  5.  Get buy-in from the board and ARC

  6.  Link risk to strategy and objectives

  7. Create a radar of risks for emerging risk reporting

                       Risk Leadership Network combination logo_RGB
 

a. Most common risk reporting lines used by businesses

A typical risk reporting structure at most businesses will see the risk team report information up to senior management and the board. However, the risk reporting lines that sit beneath this broad structure tend to differ from company to company.

Based on research we have conducted with a range of practising risk managers across multiple sectors in our global benchmark on risk operating models, two risk reporting lines stand out:

  1. For companies with a 'head of risk' the most common reporting line is to the organisation's chief financial officer (CFO), who would be responsible for providing feedback on risk at board-level management committees.
  2. For companies that have a chief risk officer (CRO), approximately half of them have a direct reporting line into the CEO and the board on risk. This is a particular trend amongst heavily regulated organisations, such as financial institutions.

While these two reporting lines stand out from the rest, the graphic below highlights the diversity of risk reporting lines currently being used by organisations - many heads of risk report into general counsel, while the number of risk teams who report into a chief strategy officer is on the rise, indicating a movement towards integrating risk with strategy at many organisations.

Most-common-risk-reporting-lines

Most common risk reporting lines
Download the global benchmark on risk operating models and reporting lines
See the image above in full, as well as breakdowns of the key risk operating models and risk reporting lines in operation at large corporations.
Download Now

There are many variables at play that may influence the risk reporting lines certain cohorts of businesses have in place. Companies within particular sectors may be more likely to have a specific type of risk reporting line, while geography is also a factor - for instance, European-based companies tend to have a CRO who reports into the board. Download the benchmark for more trends and analysis.


b. Create an effective risk reporting template

In order to standardise risk reporting and ensure consistency, most risk teams use a template to structure their risk reporting. When preparing their risk reporting template, risk leaders should consider who the audience will be and factor this in when deciding what details (and how much) to include.

If the answer is a member (or members) of the executive committee, several of whom may be risk owners, you may want to include more practical information to help them understand how to manage these risks better. However, if the report is going to the board, it may be better to keep information high level so that they are not overwhelmed with the specifics and are more likely to engage.

Our Risk reporting to the ARC and board benchmark highlights divergences between the reports delivered to these two entities - for example:

  • 55% of those contributing to the benchmark agree that ARC and board reports required different content.
  • 30% of companies comment that their board reports are more strategic, while 20% note that ARC reports focus more on the short-term impact of risks.
Risk Reporting Self Assessment-1
Risk reporting to the ARC and board benchmark
Take the self-assessment (anonymously) and get a personalised benchmark report of 120+ global organisations.
Get the benchmark

What almost all risk leaders agree on is that risk reporting should be used to anticipate and answer questions before the audience asks them - this is a key part of building trust with the board. How do you get buy-in from the board and ARC?

So, what might you include in your risk reporting template?

Based on our discussions with risk leaders, here are some common sections featured in businesses' risk reports:

  • Principal risks - overview of current list of principal / material risks including deep-dives on select risks, update on key risk indicators, and a list of key actions required to address risks that are moving closer to agreed appetite limits.
  • Monitoring action update - an overview of the impact major events have had on the risk profile of the business and an assessment of whether controls are still effective. 
  • Emerging risks - update to risk radar, changes in status of emerging risks and a high-level overview of what is driving emerging risk trends.
  • Horizon scan update - material risk developments in the organisation's internal and external environment.

 


c. Source information by using the right indicators

According to risk leaders, the main challenge when it comes to sourcing data for your risk report is identifying a single source of truth, especially if there are multiple legacy systems to combine and different processes across the business for collecting risk information. The latter is a particular obstacle for large, multinational organisations with a decentralised governance structure.

Ultimately, to have confidence in your risk reporting, you need to have confidence in your key risk indicators (KRIs). Many risk leaders define a set of relevant and manageable KRIs by adopting a quality-over-quantity mindset, focusing on indicators that i) actually matter to the organisation and ii) are not too complex to monitor and update regularly.

To make these KRIs reliable, it is important to establish clear ownership for gathering and inputting information. In most cases, this will mean risk owners taking responsibility for their risk registers and checking that tasks have been completed consistently and at the right time. Many risk teams also remain on hand to support risk owners and challenge the data provided when necessary.

In addition, indicators are most useful when they have a dual purpose: to monitor an increase (or decrease) in the likelihood of any given risk, and provide an insight into the potential impact and appetite of the risk.

Examples of key risk indicators across three key sectors:

Health, safety and security

  • Near-miss and hazard frequency rates
  • The number of business continuity plans in place across critical assets and facilities
  • Lost time injury frequency rate.

IT

  • Number of phishing emails opened
  • Percentage of servers and workstations with effective endpoint protection
  • Number of passwords adhering to the quality standard set by organisation

People

  • Percentage of staff turnover per year
  • Rate of employees working overtime
  • Percentage of key positions with succession plans agreed

Connecting your suite of indicators to risk appetite will help to keep the threat and opportunity aspects of risk in balance. While it is vital to wave the red flag to executives and the board when too much risk is being taken, not taking enough risk should also be highlighted in risk reports.

RLN-logo-square-whitebg
Internal risk reporting
How and why are CROs benchmarking their approaches?
Read article

d. Engage stakeholders with visual risk reporting

When preparing a risk report, risk teams have to consider what will engage senior leaders - an overabundance of narrative and text, or visuals that communicate ideas simply and efficiently

For most companies, a visual representation of how the business' principal/material risks are developing - most commonly displayed in the form of a heatmap - is the preferred method. But risk leaders at organisations in our network are taking their risk reporting to the next level with their visualisations.

risk appetite scorecard
The visualisation tools and graphics risk leaders are using for risk reporting
Read the feature detailing the visualisations risk leaders at multi-national organisations are using in their risk reports and download the templates.
Read now

e. Get buy-in from the board and ARC

While using visuals is one effective method to boost engagement from senior leaders during the risk reporting process, there are many other ways to get buy-in from the board and ARC that risk leaders in our membership are implementing. 

Firstly, it's crucial to tell a story during risk reporting and provide context to your audience: don't just tell them what is happening, but why it is happening. For instance, one risk leader in the network uses a visual moodboard of risks to tie the business' principal/material risks to events developing in the organisation's external environment:

A visual moodboard of risks

Some risk teams are working with guest contributors to add credibility and weight to their risk reporting. Using a subject matter expert voice from within the business to add credence to your argument - whether it be a quote in a risk report or attending a meeting with the board in person - can get senior leaders to take notice and place more importance on suggested actions.

Moreover, deviating from the status quo every so often can prove effective so that the content of your risk reporting doesn't become stale or boring - if business leaders feel like risk reporting is a repetitive process that rarely develops or changes, this may cause certain risks to be overlooked.

Ultimately, engaging with executives and the board requires you to know your audience: what concerns them, and how can risk management impact this in a positive way. If the board cares about the long-term success and viability of the business, framing risk through a strategic lens is a good way to get their attention.


f. Link risk to strategy and objectives

Risk leaders in the network have shared, from experience, that compiling a risk report from the default position of "what could go wrong" can leave you with a list of risks that feels disconnected from the business itself. Instead, asking first "what matters to the business" can help you to achieve greater stakeholder engagement from the outset.

In order to focus on what matters to the business, it can help to overlay risks onto the company's strategic objectives - in other words, how will risks impact, for better or worse, the ability of the business to achieve its goals? An easy way to visualise this relationship is employing a Venn diagram: 

Risk reporting venn

Where there are overlaps between risks and objectives, you can signal to business leaders that threats or opportunities should be prioritised. 

Furthermore, drawing a clear link between strategy in your reporting can help to embed risk within the strategic mindset of the business and get Risk a regular role in strategy conversations. While it is useful for the risk team to highlight areas where risks may affect the business' existing strategy, the next evolution of this is for Risk to guide the development of new goals and strategies. Once again, this will allow risk management to add value.


g. Create a radar of risks for emerging risk reporting

Resilient organisations need a long-term view of the uncertainties they face to enable proactive decision-making among business leaders. As such, effective risk reports typically reflect an organisation's emerging risks, as well as its principal / material risks. 
 
A compelling way to document these risks and chart their progress is to use a risk radar. There are different ways to present this radar - for example, you may want to divide it into high-level risk categories, such as financial, people, governance and so on. Usually though, a radar is used to demonstrate which risks, if any, are escalating and becoming material to the business. 
 
risk radar for emerging risk reporting
 

Outer layer

Emerging threats and opportunities the business should be aware of, even if no actions are required at this point.

Middle ring

Contains what some risk leaders refer to as 'Tier 2 risks' - those risks that the executive leadership team (including risk owners) should be monitoring.

Innermost circle

'Tier 1 risks' - the priority risks that need to be escalated to the board.

Using a graphic like this can help to ensure businesses do not sideline emerging risks in their risk profile, as this will place them in proximity to the business' principal / material risks, with the potential to become either less or more important. Download the risk radar template and 6 other visualisations used by risk leaders.
 
Member meeting
Join Risk Leadership Network's next collaborative meeting on risk reporting
Tell us what your risk reporting priorities are, and we'll invite you to the most relevant upcoming meeting, bringing together risk leaders at large organisations to share practical insights on specific issues (subject to qualification).
Request to participate
 

 3. How are companies reporting on risks externally?

  1. What are the key features of a risk section in an annual report?

  2. What are the top principal and emerging risks? 

  3. What do companies include in TCFD disclosures?

    Risk Leadership Network combination logo_RGB
 

a. What are the key features of a risk section in an annual report?

Most businesses, especially listed companies in jurisdictions where there are specific reporting requirements, will include a risk section in their annual report, although the content of these sections, as well as the amount of detail given, varies between companies.

Risk Reporting Comparison Tool

To enable our members to validate their approach to external reporting, we created an interactive database of the information included in the external reports of 190+ company reports.

Risk Reporting Comparison Tool

The Risk Reporting Comparison Tool allows risk leaders to compare and benchmark their own reporting approach, by understanding what information other companies in their industry include in their annual report. Find out more here.

Using data from the Risk Reporting Comparison Tool, there are some clear trends around the risk section of an annual report:

  1. On average the risk section of a company's annual report takes up about 5% of the overall document, highlighting that it is not an insignificant part of the overall reporting process.
  2. Rounded to the nearest whole number, the average number of principal / material risks shared by businesses is 12; usually, a company's list of principal or material risks only varies slightly year-on-year.
  3. Most risk sections will include reference to the trend of individual risks (65%) - in other words, is the risk increasing, stable or decreasing - and how each risk links to strategy (56%).
  4. Although the majority of companies do not categorise principal/material risks as part of their annual report, a significant number of businesses (43%) do organise their risks under a few key headings (e.g. financial, operational, strategic etc.).
  5. Just 16% of companies mention their appetite for each risk in their annual reporting and even fewer (5%) refer to opportunities in the risk section.
  6. In terms of emerging risks, 35% of companies list these specifically in the risk section of their annual report, although a much larger proportion will acknowledge that they conduct horizon scanning for threats and opportunities to the business.

These figures are based on data in the Risk Reporting Comparison Tool, as of February 2023.

Risk Reporting Comparison Tool
Risk Reporting Comparison Tool
Find out more
Find out more

b. What are the top principal and emerging risks companies currently report?

Unsurprisingly, the leading principal / material risks reported by companies vary by sector. For example, while Cyber Security and Digital Transformation are top risks for computer software companies, businesses in other industries are focusing more on other kinds of threats and opportunities. 

Here are a few trends based on a cross-sector analysis of companies across all industries based on data from our Risk Reporting Comparison Tool:

  • Legal and Regulatory is the most reported risk category.
  • Talent and Cyber Security is the second most reported risk category.
  • While there wasn't any significant change in top principal risks between 2021 and 2022, it is worth noting that Treasury risks - which encompasses financing, liquidity and insurance - fell year-on-year in terms of number of mentions in companies' annual reports.
top principal material risk categories
Top 10 principal/material risk categories in 2022 vs 2021
What principal/material risk categories are 170+ listed organisations including in their annual reports?
Download data

As for emerging risks, Technology continues to be the most prominent risk area that companies are focusing on, particularly new technologies. In 2022, this accounted for a quarter of all tech-related emerging risks reported, up from 18% in 2021. Other top emerging risk categories range from Geopolitical risks, which companies are reporting more year-on-year (likely in response to the Russia-Ukraine war, trade tensions between the US and China and other events) and Climate Change.

emerging risks-1
What are the top emerging risks globally among organisations?
Take a look at our analysis of the latest trends in reported emerging risks among major global organisations.
Read the article

 


c. What do companies include in TCFD disclosures?

The purpose and content of annual reports continue to evolve as companies adapt to changing regulations and investor demands.

In April 2022, it became a requirement for FTSE-listed businesses in the UK to include a TCFD disclosure in their annual report. It seems likely that the requirement will soon be imposed on listed businesses in other markets, which raises the question: what should you include in your TCFD disclosure?

TCFD Reporting Comparison Tool

To save our members time in researching what other organisations are including in their TCFD disclosure, we created a new tool. 

TCFD

The TCFD Reporting Comparison Tool empowers members to easily benchmark against listed companies' approaches to climate risk disclosures, saving them time and strengthening their own methods for this kind of reporting. Find out more here.

Based on data from our TCFD Reporting Comparison Tool, trends are starting to emerge:

  • The most common aspects of a TCFD disclosure are risks (and opportunities), targets and scenarios, all of which are covered in over 75% of the reports we have analysed.

  • While the different climate-related risks are essentially split into two categories - physical and transition - there is a wide variety of scenarios and targets that businesses are reporting against. For example, many companies have a short-term emissions target to 2025, though some organisations also have set goals (e.g. net-zero emissions) up to 2030, 2040 and even 2050.

TCFD Reporting 2021 vs 2022

As more companies include a TCFD disclosure in their annual report for the first time, it is also clear how they are evolving their reporting of climate risks in annual reports:

  1. Companies are including more detail
    The average word count of TCFD disclosures nearly doubled between 2021 and 2022, up from 2680 to 7309, while the percentage of reports that include risks, opportunities, scenarios and financial impact as part of the TCFD disclosure all rose significantly year-on-year.
  2. The average number of opportunities mentioned decreased slightly from 2021 to 2022
    This suggests that companies who are now including TCFD in their annual report - in order to meet the requirement - are less mature in their approach than companies who started including TCFD disclosures before it was a requirement.
  3. Companies are making the transition elements of climate risk (e.g. the financial cost of 'going green) more distinct from the physical elements
    This may include the long-term viability of physical assets as temperatures rise.
TCFD
TCFD Reporting Comparison Tool
See more trends and insights relevant to your own report.
Request a demo

4. How do you maintain relevant and effective risk reporting?

  1. Ensure the risk reporting process is fit for purpose

  2. Monitor the effectiveness of risk reports

  3. Update your risk reporting templates                                                                                                                                                 Risk Leadership Network combination logo_RGB

a. Ensure the risk reporting process is fit for purpose

In order to validate your risk reporting approach and identify areas for improvement, it's worth considering how (and where) you can build in opportunities for feedback into your risk report. This is especially important when it comes to engaging the board - is there a communication channel in place for them to ask the risk team questions if they are confused, or provide a healthy amount of challenge if they disagree with aspects of the risk report?

Ultimately, the only way you can be sure that your risk reporting process is fit for purpose is to understand business leaders' response to it. Below we have highlighted some key questions a risk team may want to ask themselves before delivering their latest risk report. 

Is your risk reporting fit for purpose


b. Monitor the effectiveness of risk reports

Given the process-driven nature of risk reporting, it's easy to understand how this activity can become a repetitive exercise that disengages people around the business - especially leaders to whom risk reports are presented. For this reason, it's important to observe how effective your latest risk report is, in terms of provoking action and contributing to decision making.

The simplest way to test whether your risk report is actually having a meaningful impact on the business is to include key follow-on actions and monitor whether the organisation is putting these into motion from the top-down. If not, and in the absence of any communication as to why, it's evident that risk reporting has become a token exercise that senior leaders are all too willing to ignore.”
Untitled design (2)
Risk Leadership Network member

Of course, these actions may be a result of disengagement, lack of awareness or lack of motivation at the business unit level - in this case, it's important for the risk team to work together with risk owners and champions to cultivate the right kind of culture.

One way to gauge how risk reports resonate with senior leads is to push for a more active role in presenting this information. While handing an executive and/or member of the board a document might not get much of a response, presenting your risk report in person will enable you to engage directly with the intended audience and discover what does, and does not, resonate with them.

This is a popular option: according to our Risk reporting to the ARC and board benchmark, 80% of businesses state that their most senior risk resources presents both the board and ARC report entirely face-to-face or with some element of face-to-face interaction.

Untitled (1910 × 1000px) (800 × 800px) (2)
11 ways to present top risks to the board
Read our tips from global risk leaders.
Read now

c. Update your risk reporting template

If you want the board, ARC and other leaders around the business to continue engaging with your risk reports, it's vital to keep reporting fresh and add new layers of insight over time. You don't want to overwhelm the business by presenting a vastly expanded risk report with too much detail - however, incremental shifts in reporting may be greeted with a warmer response.

Risk leaders across the network are taking steps to update and advance their risk reporting process by incorporating elements such as appetite and culture if these are not already being reported on separately.

Interestingly, less than 50% of the companies in our Risk reporting to the ARC and board benchmark have risk appetite as a standalone section or agenda item in their report, suggesting that there is an opportunity for companies to add this particular lens to their risk reporting process. 

According to one of our members who does include appetite in their report, they feature a colour-coded dashboard that links risk appetite to the business' key risk indicators.

Using-a-KRI-dashboard-to-monitor-risk-appetite

If parts of this dashboard have turned red, this means that certain risks are starting to push either the upper or lower limit of risk appetite, constituting a threat to the business that must be addressed. This is designed to trigger action from senior leaders.

On the matter of culture, risk leaders note that persistent reporting on risk culture provides a record of an organisation's work in this area, signalling how the business has already evolved and ways for it to develop further. By at least including a reference to culture in your risk reporting, you may be able to prompt better discussion about the topic with the wider business. 


More on risk reporting at Risk Leadership Network

Risk Leadership Network empowers risk leaders to implement better risk practice by facilitating practical knowledge sharing between peers. Through bespoke and tailored network assistance, we facilitate the specific collaborations that enable our members to solve challenges quickly. 

This guide is an overview of some of the key lessons shared by risk leaders in our network on risk reporting. There are far more case studies, templates, tools and bespoke opportunities to collaborate with practising risk leaders with membership to Risk Leadership Network. Meanwhile, here are all the resources and opportunities to get involved mentioned in this article.

General resources/opportunities to get involved:

Member meeting
Participate in a member meeting
Join with other leading risk professionals to collaborate on risk reporting.
Download
Create standout risk reports
Download this article
Download this article as a pdf so you can come back to it whenever you need.
Download

 

Internal risk reporting:

Risk Reporting Self Assessment-1
Internal Risk Reporting Self-Assessment and Benchmark
Take part in our ongoing benchmark and get a bespoke "Risk reporting to the ARC and board" benchmark with data from 120+ organisations sent to you instantly.
Benchmark now
Risk reporting visualisations
Download 7 risk reporting visualisations
Leverage the examples contributed by risk leaders to enable better discussion around ARC and board reporting.
Download
Most common risk reporting lines
Global benchmark on risk operating models
Download our benchmark on risk operating models and reporting lines.
Download


External risk reporting:

RRCT
Risk Reporting Comparison Tool
Save time putting together your external risk report and benchmark your strategy against 190+ leading organisations.
Request a demo
TCFD
TCFD Comparison Tool
Validate your approach to TCFD reporting using trends data from over 130 organisations.
Download
top principal
Top 10 principal/material risk categories in 2022 vs 2021
Download data from 170+ listed organisations' annual reports.
Download

Get new blog posts by email