Clear risk reporting creates value
By Marinus de Pooter en Cees Visser*
Organisations benefit from high-quality reporting about riskmanagement. Stakeholders greatly appreciate receiving information about risks and about the way in which an organisation is managing these risks. Another benefit is that clear reporting forces the board to take stock and draw up a list of the risks and risk management systems.
This is an important first step on the road to improving the quality of the risk management process. Directors can create value by adopting a positive approach to new rules and codes that encourage them to produce high-quality risk reporting. Internationally harmonised standards for risk reporting can promote clear reporting too.
Investors understand that companies can only make profits if they make a conscious decision to take certain risks – no risk, no reward. It is a known fact that risks and returns are inextricably interlinked, which is why investors expect to receive accurate information about both aspects. note that the public sector is exposed to risks in a similar way when it comes to the realisation of the formulated goals.
Stakeholders do not mind accurately described risks that they can comprehend, even if these risks increase the volatility of the forecasted results. However, their pet hate is when risks suddenly appear from nowhere that the organisation failed to describe or only described in very broad terms. This is true especially if these risks lead to material financial setbacks that hit stakeholders like a bolt from the blue.
In other words, an organisation’s use of external reporting to explicitly discuss the risks it is facing is a very effective way of satisfying stakeholders’ need for information about risk profiles and risk management.
At the same time, this reporting means that the organisation can manage the expectations of regulators and other stakeholders about the results and their volatility. This in turn means that they feel that any fluctuation in the desired outcome of the objectives is less unexpected.
Risk reporting pays off
Reporting about risks is integral to the quality of the risk management process at organisations and contributes to its improvement.
High-quality risk reporting by directors requires them to first obtain an accurate view of the most important risks and of the effectiveness of the internal controls designed to mitigate these risks. In many cases, these new insights then lead to improvements in the risk management system.
As a rule, when drawing up a list of their risks, organisations discover a variety of ‘low hanging fruit’ and can significantly reduce their exposure to certain risks with relatively little effort.
Companies, government bodies and other public organisations can no longer circumvent accurate risk reporting. One example of mandatory legislation is the European Transparency Directive •, which came into force recently.
Annual reports must contain a section on risk that sets out the major risks and uncertainties that the issuing institution is faced with. The board must explicitly confirm in a statement that the annual report describes the material risks that the company has to deal with.
As a rule, corporate governance codes require the board to provide information in the annual report that not only describes the most significant risks but also how effective their systems are in dealing with those risks.
Taking a positive approach
It pays for directors to implement the relevant provisions of the corporate governance codes in a way that benefits their company. After all, proper risk management – including accurate reporting – gives companies a competitive edge and creates value.
Proper risk management brings benefits for directors of not-for-profit organisations too, as it creates greater trust on the part of regulators and other stakeholders. nevertheless, we have noticed some reluctance to discuss risk management practices in the financial statements.
This may be down to directors’ unwillingness to provide stakeholders with another frame of reference – namely ‘risk management’ – that the latter could then use to judge their managerial performances.
However, good directors do not need to be afraid of providing additional parameters or yardsticks to be judged by: in contrast to popular belief, accurate, transparent reporting about risks can actually protect directors against liability claims.
The increasing juridification of society has meant that directors are afraid of called to account for the risks and controls they have reported on. However, in many cases transparency on the part of directors beforehand is deemed to be an excellent defence.
Whatever the case, it is the top management that bears the ultimate responsibility for prudently managing the risks an organisation faces. Indeed, providing clear information to stakeholders (about the specific risks faced, about the ways in which management is endeavouring to contain these risks and about the effect that these risks could have on the results) reduces the risks involved in directors’ and officers’ liability. This is because stakeholders will have no reason for claiming afterwards they were not properly informed about the relevant risks.