Internal risk reporting: how & why are CROs benchmarking their approaches?
The majority of chief risk officers (CROs) report to either the board or the audit and risk committee (and in many cases, both). While there may already be an established process in place, how can businesses optimise risk reporting so that it adds genuine value and better influences decision-making?
Internal risk reporting is, by its nature, hidden from the rest of the world. But progressive risk managers see value in sharing the content and structure of their reporting framework in exchange for insights from other businesses.
This is why the value of benchmarking your internal risk reporting approach is so high: not only can you contribute to a powerful body of collective knowledge, but there is also an opportunity to peek behind the curtain and see how other companies are reporting on and monitoring their risks.
For example, a risk function might be keen to explore emerging risks further in their internal risk reporting to the board. They may find comfort in knowing that, according to our latest global benchmark we conducted with over 100 risk leaders, 70% of risk functions include emerging risk impact on the business in their board risk reporting, while less than 23% also include emerging risk causes, consequences, and mitigation.
Equally, risk leaders want to be sensitive to their audience and take care not to overwhelm senior management with too much information. For example, if risk reporting relies upon an overabundance of narrative – as opposed to simple visuals that deliver information clearly and concisely – it can be difficult to engage the board and keep their attention.
For businesses that want to optimise their own reporting procedures across a range of different verticals (for instance, engagement with the board), it can help to understand how other companies across the broader market, or even in the same sector, approach their reporting.
Some of the main benefits of benchmarking your internal risk reporting process against other businesses are outlined below, as well as tried-and-tested approaches practitioners are taking right now to make their internal risk reporting more meaningful to the business.
Validate your existing approach
As part of their role, risk leaders know what it means to deal with uncertainty, but how do they overcome this? For example, someone new in role may not be sure whether a certain aspect of their organisation’s risk reporting process – i.e. deep dives into individual principal risks – is fit for purpose.
To give them more confidence that their approach is correct, it can be useful to know whether other companies are doing the same thing. For example, our global benchmarking reveals that 67% of risk teams include deep dives in their report to the audit and risk committee (ARC), although this number drops to 48% when reporting to the board.
On the other hand, risk leaders at some companies may be looking to break the mould of the majority approach and carve out a risk reporting process that improves on tradition.
For example, 63% and 73% of ARC and board risk reports, respectively, don’t reflect on lessons learned. This might present a window of opportunity, for some organisations, to perhaps reconsider if there is value in incorporating such insights into risk reports.
Take inspiration from other businesses
Organisations are at different levels of maturity, and not all risk leaders have a sophisticated reporting process in place. Benchmarking can generate new ideas and a better insight into what mature risk reporting may look like.
The way businesses are reporting on principal risks is a particularly good example of the insight you can gleam from benchmarking your reporting process with other companies. For instance, if you’re trying to level up your risk reporting to how the market approaches it, you may be interested to learn that most companies include both a high-level principal risk dashboard and one or two subsequent detailed pages per risk, according to our benchmark results – if you’re only doing one or the other, it might be time to review this.
Boost engagement with the board
While it is helpful for risk leaders to validate their approach and get inspiration from such benchmarking, how can they leverage this information when interacting with senior executives and, in particular, board members?
Any effort to update and optimise risk reporting processes may be met with resistance from the board – unless the directive for transformation has come from them, senior leaders are not typically favourable to change.
However, benchmarking against other organisations – especially those which trade in a similar space – can give risk leaders hard evidence to back up their proposals.
For example, if you can demonstrate that (according to our global benchmark) more than 70% of businesses link their risks to strategic objectives and decision-making when reporting to the board, senior leaders may be more receptive to the idea of Risk having a seat at the strategy table and, more broadly, integrating strategic planning with risk reporting.
How can you benchmark your organisation's internal risk reporting against others?
To help risk leaders benchmark themselves against other organisations, we are pleased to introduce our risk reporting self-assessment tool. Using this tool, practitioners can benchmark their business against a global market of more than 60 companies and see how they compare.
After answering a set of questions, a personalised PDF report will be generated in a matter of seconds to show the respondent how their organisation’s risk reporting structure, format and content stacks up against the rest of the market.
Want to benchmark your internal risk reporting approach?
Take our self-assessment now and get your own personalised benchmark report today.
Furthermore, members of Risk Leadership Network have access to a wide range of content and tools that are designed to support them with various aspects of risk management – from identifying emerging risks to seeing how their risk operating model compares with that of other companies.
Want to benchmark your internal risk reporting approach?
Take our self-assessment now and you’ll get a bespoke report that benchmarks your Board and ARC risk reporting processes, content and formats with 100+ leading companies from around the world.