Risk reporting: Are you providing the right risk information

Risk reporting is a vehicle for communicating the value that the risk function brings to an organisation. It allows for proactive risk management as organisations identify and escalate issues as they arise or before they are realised, to effectively manage risks. Risk reporting demonstrates to the board of directors that the company has the systems and capability in place to deliver on business strategy, and ultimately increase and protect value over the long term. Is your risk reporting relevant enough to enhance shareholder confidence?

Although many companies are undertaking well-structured and comprehensive risk management activities, some are failing to report the full extent of the processes and procedures they have in place. According to Leon Soko, a business analyst and adviser at CURA Software Solutions, it is in the best interests of the board of the company to provide full disclosure on risk management activities. “If the company is undertaking effective risk management actions which are aligned with the success of the organisation and the delivery of the required strategy, tactics and operations, then it is in the best interests of the board, the company, the shareholders and other stakeholders to make this clear.”

Soko elaborates: “Over the past three years, we have watched significant global events unfold. The world has been marked by momentous change: economic, political and environmental. These events have shown how quickly the environments in which we operate can change and this highlights the importance of robust and effective risk management strategies. As landscapes change, so does the environment for risk events. This necessitates improvements in both risk assessment and risk management to make future crises less likely and, ultimately, more quantifiable.”

Soko has identified six practical steps to how risk reporting can be improved:

  • Tell users what they need to know

Users of corporate reporting require information about a company in order to adequately measure their risk landscape. Companies should focus on this objective in deciding what to disclose. The company is best placed to know what users of annual reports and financial statements are interested in because it is the board of directors and management that have direct contact with investors, analysts and other users of the annual report and the financial statements.

  • Focus on quantitative information

Disclosing more detailed analyses of the quantitative data that firms already provide would give helpful new information. Too much weight has been placed on the production of descriptive risk lists. This is not a call for quantification of risks ‒ which usually involves dubious assumptions about the probability of future events ‒ nor is it a call for qualitative information to be neglected. The focus should be on detailed, measurable breakdowns of firms’ activities ‒ geographically and by sector ‒ and on their assets, liabilities and commitments.

  • Integrate information on risk with other disclosures

Financial reporting should be integrated with other risk disclosures. Further to this, information on risk should be integrated with firms’ descriptions of their business models, their forward-looking disclosures, their discussion of past performance and their financial reporting. A firm’s risks are usually inherent in its business model, so, by virtue, detailing the business model should involve explaining its risks. Risk is prospective and cannot be fully understood unless the context of broader information about a firm’s performance, plans and prospects is considered.

  • Keep lists of principal risks concise

Users are currently faced with long and indigestible risk lists that are all too easy to ignore. While extensive data is necessary, excess information may render the key factors unclear. Shorter lists make it easier for users to clearly identify where their focus should be.

  • Highlight current concerns

It is of interest to users to understand which risks are currently most discussed within a firm. The concerns identified in this way will often be different from the firm’s principal risks and disclosing them could give users valuable insight into the business.

  • Review risk experience

The insight garnered from risk reporting transcends just one reporting cycle. Companies must be cognisant of what has been learnt in the previous cycle to adequately mitigate potential risks going forward. The risk landscape is rarely stagnant and requires constant analysis.

Soko concludes, “In a competitive economy, business failures are inevitable and it would be unreasonable to expect risk reporting to provide reliable early warning signs of which businesses are most likely to fail. However, with vigilant assessment, agility and a clear paradigm of analysis, a robust risk reporting system could potentially save companies millions in lost revenue, while ensuring the company achieves its strategic and operational objectives.”

Share this post

You might also be interested in:

Blog
Why A Risk Based Approach To Compliance Is Important
July 10, 2023
The 2020 global pandemic is recognised as an event that brought about significant mindset shifts…
Blog
How Organizations Can Manage AI Risks With Guidelines From The EU’s AI Act
July 6, 2023
The EU’s AI Act outlines a new legal framework that aims to significantly bolster regulations…
Blog
A Beginners Guide To Aligning ESG With Your GRC Strategy
June 30, 2023
ESG (environmental, social, and governance) criteria are part of a company’s operational requirements to attract…
Article
Cura Client Lucara Botswana Wins Prestigious GRC Award
June 8, 2023
CURA client Lucara Botswana, a diamond mining company and a subsidiary of Lucara Diamond, has…
Blog
The Beginning Of An Era For Multi-Stakeholder Capitalism, Driving Radical Climate Action
May 6, 2023
We are moving into the era of multi-stakeholder capitalism, shifting corporate leadership away from a…
Article
Don’t Succumb to Organisational Silos – Increase the Visibility of Risks Across Your Entire Organisation With CURA
April 26, 2023
CURA is a global governance, risk, and compliance (GRC) software provider that helps you better…
Article
Fact vs.Fake: Managing The Risk of Misinformation
February 16, 2023
Misinformation and disinformation are significant risks for South African organisations, and can have a direct…
Article
Future-Focused Governance Trends Businesses Need To Know About
November 29, 2022
CURA Software has published a report which focuses on future-focused governance trends that businesses and…
Blog
Resilience By Design
October 19, 2022
Earlier this month, Hurricane Ian lay waste in Florida. But two communities remarkably withstood the…
Blog
What Long-Covid Means For Businesses
October 3, 2022
Organizations worldwide were negatively impacted by COVID-19, but at the same time, have also had…
Scroll to Top