Ten Qualities of A Good ERM Report

In order to make informed decisions, risk reporting must be of high quality. Managers need to be able to evaluate the suitability of the risk management methods they are employing to identify, assess, mitigate and monitor enterprise risks. Are these methods working? Do employees know when these methods are not working? What are the consequences of risk management failure? How can this risk management failure be resolved?

If the data used to identify and assess enterprise risks is flawed, regardless of how excellent the risk mitigation strategies are, the organization will just be wasting resources. One advantage of good regular enterprise risk reporting is that it helps management identify and evaluate the risk profile and risk strategy of the organization.

Poor enterprise risk reporting often leads to poor decision making and in the worst case scenario no decision making at all. Today, sources of risk data are vast. Managers need to know what to do with this data.  They must be able to turn this huge amount of data into a strategic asset in the form of information and knowledge that can be used to make effective decisions capable of helping the organization mitigate risks, achieve its strategic objectives and drive business performance.

The problem so many managers make poor enterprise risk management decisions is because of basing their decisions on poor quality reports. There is little value in carrying out the processes in your enterprise risk management framework without good reporting. Thus when designing and building your enterprise risk reporting structure, it is important to ensure that the report:

  • Is defined clearly: When defining the report it is important to consider the name of the report, objective(s) of the report, distribution list of the recipients, names of fields to be used, calculations required in each field, manual actions to be performed in each field and how the final report will be used. You should start considering design of the report only after the definition stage.
  • Uses a common language understood throughout the organization: Employees normally have a different understanding of the true meaning of risk. It is therefore important to ensure that there is a common understanding of the terms used in the organization’s risk report. The terms used must be clear and mean the same thing to every employee who reads them. One way of achieving this involves managers running risk awareness programs/workshops or incorporating a glossary in the enterprise risk policy document.
  • Highlights the important messages: Since managers have busy schedules, because of the limited time at their disposal, sometimes they just scan through the reports. It is therefore important that the produced risk report highlights the critical risk areas. The producer of the report need not assume that they possess equal enterprise risk management knowledge as the reader. By highlighting those critical risk areas that need management attention, for example through colour shades, managers will know where their focus is highly required and will therefore not spend much time in unimportant parts of the report.
  • Integrates quantitative and qualitative information: Enterprise risk management generates both quantitative and qualitative data thus both sets of data must be interlinked in risk reports. Relying on one set of information to report risks leads to treating risks in isolation and in turn flawed decision making.
  • Uses reliable quality data: The quality of data used in enterprise risk reporting is critical to making informed decisions. How reliable are your risk data sources? Failure to fully embed ERM throughout the organization leads to poor data quality as risk and control assessments are still not yet accepted. Continuously using data of poor quality to produce reports used by senior managers to make strategic decisions can cause them to make poor and loss-making decisions and this in turn affects buy-in of ERM throughout the organization.
  • Guides effective decision-making: Are your reports stirring up action? Many at times managers receive reports that are useless. A lot of time and resources is spent producing these reports but they serve no purpose in aiding effective decision-making. In addition to highlighting values, a good risk report must guide managers in deciding whether or not action is required. If the produced reports fail to highlight the need for action or some form of decision, then their existence should be question.
  • Is produced in a timely manner: Let us suppose that risk reporting is done on a monthly basis, chances are that values in the report will change monthly, there is no point in producing a risk report halfway through the month as the report would have relatively little value. It is therefore important to ensure that reports are produced in time to enable management make use of them and embed ERM throughout the organization.
  • The report’s structure is evaluated continuously:  In a constantly dynamic and volatile business environment, the organization’s risk profile, indicators and controls is also most likely to change. This therefore signals a need for change in the structure of the organization’s risk report. For example, if the risks confronting the organization increase in number, the risk report(s) can easily grow in both length and number. It is therefore important for the report producers to establish what information really matters to the audience for whom the report is intended.
  • Enables risk ownership: Management need to take ownership of the information contained in the risk report. Thus a risk owner must be identified and this can either be an individual or a department or business line. A good risk report should enable the risk owner to take action when required to.
  • Is integrated with other processes: Organizational risks do not happen in isolation. Other business processes play a part and these should be taken into account when reporting enterprise risks. For example, by taking into account audit conclusions, resources will not be wasted as a number of people seek to solve the same problem. Also, taking into account of other processes reduces confusion and chances of inaction as the report will indicate risk acceptable actions from the other processes.

Good reports are essential to good enterprise risk management. Thus a good risk report should be able to deliver information in such a way as to support informed business decisions on the organization’s risk profile.

What else would you say are the qualities of good enterprise risk reports?

I welcome your thoughts and comments.

Thanks for sharing:

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get notified of new posts by email

Recent Posts

Categories

Finance Analytics: It’s Not About the Size of The Data

As the need to make impactful operational and strategic decisions in real time increases, CFOs are playing a greater role in the adoption and integration of data analytics in their organizations to support data-driven decision making.

Executives and business unit leaders are increasingly relying on insights produced by Finance to better understand enterprise performance. That is, what has happened, why it has happened, what is most likely to happen in the future, and the appropriate course of action to take.

In an era where data is proliferating in volume and variety, decision makers have realized it’s no longer enough to base key enterprise performance and risk decisions on experience and intuition alone.

Rather, this must be combined with a facts-based approach. Which means CFOs must set up modernized reporting and analytics capabilities with one of the main goals being the use of data as a tool for business decision making.

Appropriately analyzed and interpreted, data always has a story, and there’s always something to discover from it. However, many finance functions are failing to deliver value from their existing data analytics capabilities.

There is a misconception that to deliver actionable insights, the function needs more data for analysis. As a result, the supply of data keeps rising, while the ability to use it to generate informed insights lags badly.

Yet it’s not about the size of the data. It’s about translating available data and making it understandable and useful.

In other words, it’s about context and understanding that numbers alone do not tell the whole story. Finance leaders should connect the dots in ways that produce valuable insights or discoveries, and determine for example:

  • What is being measured, why, and how is it measured?
  • How extensive the exploration for such discoveries was?
  • How many additional factors were also reviewed for a correlation?

Further, to use data intelligently and influence better decision making, CFOs and their teams should recognize that most enterprise data is accumulated not to serve analytics, but as the by-product of routine tasks and activities.

Consider customer online and offline purchases data. Social media posts. Logs of customer communications for billing and other transactional purposes.

Such data is not produced for the purpose of prediction yet when analyzed, this data can reveal valuable insights that can be translated into action which delivers measurable benefits.

Often the company already has the data that it needs to answer its critical business performance questions, but little of it is being aggregated, cleaned, analyzed, and linked to decision making activities in a coherent way.

Exacerbating the issue is the mere fact that the company has a mishmash of incompatible computer systems and data formats added over the years ultimately making it difficult to perform granular analysis at a product, supplier, geographic, customer, and channel level, and many other variables.

There is nothing grand about data itself. What matters most is how you are handling the flood of data your systems are collecting daily. Yes, data can always be accumulated but as a finance leader:

  • Are you taking time to dig down into the data and observing patterns?
  • Are the observed patterns significant to altering the strategic direction of the organization?
  • Are you measuring what you really want to know, what matters for the success of the business?
  • Or you are just measuring what is easy to measure rather than what is most relevant?

CFOs do not need more data. What they need right now is the ability to aggregate, clean and analyze the existing data sitting in the company’s computer systems and understand what story it is telling them.

Before they can focus on prediction, they first need to observe what is happening and why. Bear in mind correlation does not imply causation.

Yes, you might have discovered a predictive relationship between X and Y but this does not mean one causes the other, not even indirectly.

For instance, employee training hours and sales revenue. Just because there is a high correlation between the two does not mean increase in training hours is causing a corresponding increase in sales revenue. A third variable might be driving the revenue the increase.

Jumping to conclusions too soon about causality for a correlation observed in data can lead to bad decisions and far-reaching consequences, hence finance leaders should validate whether an observed trend is real rather than misleading noise before providing any causal explanation.

Certainly, big data can be a powerful tool, but it has its limits. Not all data is created equal, or evenly valuable. There are situations where big data sets play a pivotal role, and others where small, rich data sets trump big data sets.

Before they decide to collect more data, CFOs should always remember data is comparable to an unexploited resource.

Even though data is now considered an important strategic asset for the organization, raw data is like oil that has been drilled and pulled out of the ground but not yet refined to its finer version of kerosene and gasoline.

The data oil has not yet been converted into insights that can be translated into action to cut costs, boost revenues, streamline operations, and guide the company’s strategic direction.

Thanks for sharing:

Doing The Right Thing For Too Long

Markets and business models are shifting, and so should you keep up with these market changes if your business is to survive and succeed. Compared with the past, the current era of digitization represents an inflection point.

Consider individual trends such as artificial intelligence, virtual reality, Big Data, cybersecurity threats, drones, the Internet of Things, driverless cars, blockchain technologies, and more.

These new technologies have significantly changed the way we connect and interact as individuals, including how businesses deliver products and services to their customers.

Reinventing your business will determine whether you succeed or fail in the digital age. As the saying goes, disrupt or be disrupted. No company, business, or industry is safe from disruption. Today, individual businesses have the potential to compete against multinational companies and win.

These businesses are quick to anticipate market changes and flexible to get ahead of the curve. Sadly, many companies are blinded by their successes and aren’t willing to disrupt themselves. They are not experiencing their desired growth trajectory because they are stuck doing the right thing for too long.

Don’t get comfortable with the status quo and allow your business to get stuck on a strategy and mindset that no longer fit the market.

Here are a few questions to ponder, the answers to which will determine the future of your business:

  • What is at the core of your strategy?
  • Are you in touch with the customers you want to serve? When customers give you negative feedback, how often do you listen and act on it?
  • Are you operating your business on the premise that you know what is best for your customers therefore they are supposed to buy whatever product or service you offer them?
  • Are you keeping up with market shifts or you only know how to grow under one set of conditions or products and services, but not how to survive and strive under another?
  • How robust and flexible is your IT infrastructure to help you innovate, perform your company’s Jobs To Be Done, and scale your business?
  • Are you creating a strong culture that is focused on customers, including a culture that not only embraces change but seeks it out?

Given our world is changing faster, it’s imperative to continuously look for signs that things are changing and think about how those shifts would play out in the short-term, medium-term, and long-term, not forgetting the impact on the execution of your strategy and enterprise performance.

The signs can reveal individually. At times, they are part of a wider trend.

Nonetheless, how you adapt will determine whether you succeed or fail. Keep learning. Learn about innovations in your industry and beyond. Try out new business models and technologies and embrace a philosophy of constant change.

Once you understand how the market is changing and evolving, you can develop the right product or service and strategy that will help you achieve your desired outcomes.

We often talk of the ability to “connect the dots” and “take a helicopter view of the business” as key ingredients for success. But how often are business leaders and their teams doing this?

Across the organization, a culture of “them versus us” prevails. Important decisions are made at a functional level with little or no consideration of their impact at the enterprise level.

Having the ability to grasp the big picture and see how different trends intersect is essential for determining the right path or course of action to pursue.

So, how do you spot market transitions and develop a clear sense of where the market is going?

  • Be curious and hungry for new ideas. Continuously ask tons of key performance questions and pay attention to what’s around you.
  • From time to time, challenge conventional wisdom. It’s easy to stick with what you know about your business model, customers, competitors, markets, or industry but dare to pivot when conditions change.
  • Don’t be nostalgic about the past or worried about protecting what you’ve built in the present. Always be curious about the future and develop a willingness to take calculated risks.
  • Ask existing and would-be customers how they feel about your company’s products, services, and strategy. Instead of turning to sources that reinforce your existing point of view, seek multiple perspectives and cross-reference them as new facts come in.
  • Develop an ability to handle multiple random data points at once. This will help you generate critical market, customer, and business performance insights and make smarter, informed decisions. Be careful to distinguish between the signal and the noise since data can be deceiving, especially when you’re looking for “confirmation” that protects your business model.

Data might not tell you why something is happening, but it does tell you what’s going on.

  • Look for patterns and abnormalities that might suggest something is going on, including any interdependencies.
  • Anticipate all the various scenarios of what could happen.
  • Plan your course of action in response to what’s happening in real time.

As the signals of a market shift increase, the need to act becomes more imperative. Note, monitoring and identifying market shifts, and effectively taking the appropriate course of action is a matter of timing.

If you continue doing the right thing for too long and lack the boldness to disrupt both the market and your own organization, you risk being disrupted and left behind. There is no company that is too big to fail. Neither is there a startup that is too small to succeed.

Thanks for sharing:

How Feasible Are Your Strategic Objectives?

Every organization sets out its goals and objectives, to accomplish its mission and vision. The two often seem like two interchangeable phrases but there is a distinction.

A goal is a desired result you want to achieve and is typically broad and vague. An objective, on the other hand, defines the specific, measurable actions each employee must take to achieve the overall goal.

It is every leader’s job to create a coherent set of feasible objectives or what Richard Rumelt calls proximate objectives. Objectives that define targets the organization is fairly expected to achieve, even overwhelm.

This is essential for ensuring energy and resources are focused on one, or a very few, critical objectives whose accomplishment will lead to a cascade of positive outcomes.

An effective strategy defines a critical challenge or opportunity and clearly articulates how the organization is going to play to win or perform customers’ Jobs to Be Done.

Thus, the objectives an effective strategy sets should stand a good chance of being accomplished, given existing resources and competence.

On the contrary, a bad strategy results in the setting of bad strategic objectives.

Long lists of “things to be done,” are often labeled wrongly as strategies or objectives. Or the desired outcome is simply rehashed with no explanation of how this will be accomplished.

It doesn’t matter how well-thought your strategy is in response to an identified challenge or opportunity. If the resultant strategic objectives are merely a list of things to do, or just as difficult to achieve as the identified key challenge, there has been little value added by the strategy.

In today’s highly competitive, uncertain, dynamic, and complex environment in which a leader’s ability to look further ahead is diminished, it is better to focus on a few pivotal items through taking strong positions, creating options, and building advantage.

First identify the key challenges or opportunities for the business. Look very closely at the changes happening within your business, where you might get an added advantage over competition.

Next, create a list of the issues, including the actions your company should take.

Then, trim the original list to a noticeably short list of pivotal issues and proximate objectives by identifying one or two feasible objective(s), when achieved, would make the biggest difference. Remember, the identified objectives should be more like tasks and less like goals.

Now, focus on the objectives by channeling skills and available resources to accomplish the overall goal.

Once accomplished, new opportunities will open up resulting in the creation of more ambitious objectives. This cycle will help you develop a system that enables the setting of feasible strategic objectives.

Thanks for sharing: