Boards of directors and C-suite executives can often find it very difficult to take the management information (MI) reporting they receive on risk and use it to make real decisions. Risk MI can often be vague, with no clear cause-and-effect for executives or board members to focus on.
For decades, risk MI has been deeply flawed – the focus can often be on the way the information is displayed rather than on the actionability of the information itself. In today’s rapidly changing world, where there can be significant financial, reputational, and regulatory consequences for risk management gone wrong, it’s more important than ever to adopt a more intelligent approach to risk reporting.
In a new article, Net Risk – Transforming Risk Intelligence for the Board and C-Suite, Chase Cooper explains how firms should be taking a different approach to understanding and managing risk.
A first step to getting risk MI right is to focus on reporting net risk. Net risk – which puts a real monetary value on the amount of risk left after the control framework has been applied – should be calculated based on the output of a firm’s risk and control self-assessments (RCSAs).
Often RCSA data is ignored because it is considered to be “qualitative” – but the truth is that it can, and should be modelled. Qualitative modelling techniques have been around for a long time – for example, the insurance industry regularly uses them to generate insurance quotes, while the gaming industry turns to qualitative data when it is seeking to generate betting odds for less traditional forms of wagering.
Engineering experts use qualitative data to calculate the amount of load a bridge can take – there is no reason why the financial services industry cannot benefit from these techniques too.
Out of qualitative modelling that uses RCSA data can come real risk intelligence – the kind of risk intelligence that Boards and C-suite executives should be using to make informed, risk-based decisions. By looking at risk appetite through the lens of net risk, organisations should be better able to:
- Think more strategically about risk appetite, as well as the risk and control framework that supports it
- Better connect risk appetite with what actually happens across all three lines of defence
- Translate “tone at the top” statements about risk appetite into reality within the organisation’s risk culture
The management information that comes out of this work is truly powerful. By focusing on net risk, reports can shift from being about colours – red, amber, green – to being about numbers, by putting a value in a currency on the amount of risk that a firm is facing. By translating risk into money, Boards and the C-suite can transform their thinking from what can often seem like abstract concepts about risk to clear thinking about the situations the organisation could potentially face.
The new article from Chase Cooper, Net Risk – Transforming Risk Intelligence for the Board and C-Suite, explains in more detail the kinds of management intelligence that can be gained from taking a net risk approach.
To read the article, fill out the form below.