As the group summarized their discussion about board reporting, the participants each described things that had worked well and those things that hadn’t worked as well.
Success stories that resulted in action:
- Implementing a capability scale: Where are you today? Where do you want to be tomorrow? How do you compare with other business units? Your competitors?
- The problem list, which clearly identifies what management is doing about risks in the business. This prompts discussion about whether those actions are appropriate or not
- Detailed, proactive analysis of external losses
- Identifying excess risk exposure on a local level (even if the exposure doesn’t exceed firm-level tolerance)
- Reporting on what you believe in (despite the pressure to do otherwise)
- Integrating SOX with operational risk
Things you would never do again:
- Don’t make this a big mathematical exercise
- Broad questions about risk appetite; better to have specific recommendations that board members can react to
- Using a 5-color scheme (brown looks too much like red!)
- Going to risk committee with information only, without a recommendation for action
- Mixing the discussion of quantifiable risks with those that are harder to quantify (address the latter as a scenario analysis discussion)
- Responding to a board request with a half measure
- Allowing disparate processes throughout the organization
As another great Executive ERM Forum comes to a successful conclusion, we’d like to thank PwC for their generosity in hosting us.