Board and executive risk reporting
PAGER supports organisations to develop a repeatable and scalable approach to risk reporting that is focused on strategic uncertainty.
Our approach is part of our comprehensive enterprise risk management framework, which connects risk appetite, risk evaluation and emerging risk to deliver genuinely useful risk reporting.
See how PAGER works below.
Your business
Do you feel like your risk reporting is just going through the motions? Perhaps this sounds familiar:
- Risk reports are focused almost entirely on past performance and/or risk assessments and heat maps.
- Risk reports are repetitive from one period to the next, causing audiences to lose interest.
- Risk reporting is time-consuming and cumbersome - we seem to jump straight from finishing one report to starting the next.
- Emerging and external risks are omitted or reported adjacent to the main risk report.
- There is too much detail in reports and directors dive into too much tactical detail.
- There is too little detail in reports and Director’s lack confidence they have all the information they need.
- Board directors “don’t like” the current risk report but also don’t know what good looks like to ask for.
Our approach
Our expertise in risk assessment has been honed over decades of experience as practising risk professionals in a range of different industries.
Risk aggregation is critical to PAGER’s board and executive risk reporting approach.
The goal is for these audiences – in particular board directors – to be focused on ‘the big picture’. This is delivered by reporting on aggregate risk performance against risk appetite – not the risk ratings of individual risks.
This means fundamentally changing the input information for the board risk report.
We guide you on what to include in your reports and how to present the information to stimulate the right conversations on the right risks.
Our experience is this is where the balance of risk as a science and art comes in. Risk is not a mathematical formula, but nor is it freeform speculation. To achieve the right outcomes at this level requires subjective determinations using objective criteria for what should go in the report.
We recommend 5 objective criteria to help management assess risk appetite performance each period: risk assessment or evaluation results; performance of the control environment (delivered via assurance); incident information (to validate assurance findings); metric information (KRIs, KPIs, other data points); and a view of representation across the risk taxonomy (i.e. checking for blindspots).
This structured approach enables board directors and leaders to clearly see the big picture with confidence in where they should focus their attention – and can help inform the decisions they need to make.
Outcomes and outputs
- Oversight transparency that fosters trust and confidence, with healthy tension between directors and management
- Reporting approach that provides the stimulus to have the right conversations on the right risks for the right reasons
- Board and executive risk reporting that shows the big picture with drill-down emphasis into areas requiring focus
- Board and executive risk reporting that focuses on strategic uncertainty rather than tactical operations
- Reporting against risk appetite performance, bringing optimised risk management to life
- External and emerging threats and opportunities brought in, connected to your internal risk context
- Flexible yet consistent approach tailored to your needs, but based on proven templates from leading corporations