Report on Risks to Set Goals, Gain Buy-In, and Document Efforts
There are multiple uses for enterprise risk management (ERM) reporting, the fourth step of the ERM process. Throughout the year, the ERM committee Chairperson will track the progress and next steps shared by all risk owners in a single report. Then, at the end of the ERM process cycle, the Chairperson will summarize this year’s risk management efforts and identify next steps for next year’s ERM process in a risk summary report.
Remember: Reports are living documents with uses beyond simply documenting information. Some additional uses for reports include using them as a means to:
- Spark discussion or get buy-in from others.
- Provide details about progress and next steps to the ERM committee.
- Provide a high-level summary to board and senior administration.
- Highlight successes and demonstrate the value of risk management to the board and senior leaders.
- Set future goals, measure progress, and collect data.
Key Information to Include in ERM Committee and Board Reports
Effective reports on ERM compile information related to the board’s or leaders’ responsibilities and exclude details each audience doesn’t need.
Board members and ERM committee members have different responsibilities and needs when it comes to ERM efforts. Below are some tips for tailoring ERM reports to different audiences.
Report on Details to Hold the ERM Committee Accountable
The committee should meet regularly to discuss progress and identify next steps and can use reports disseminate information and hold leaders accountable.
The committee Chairperson often will start by compiling information from Step 3: Treat Risks reports from specific risk owners and providing the ERM committee with a single report.
A report to committee members summarizing efforts on all top risks should include:
- Specific risk management goals, metrics used to evaluate success and deadlines
- Status and progress updates
- Next steps
- Details about task owners assigned to each sub-risk
The Chairperson also will consolidate all information collected in an annual ERM committee report, which can be used to inform next year’s efforts. Leaders can use this annual summary report as part of annual recordkeeping and succession planning.
Report on Big Picture and Strategy to Educate the Senior Administration and Board
Since boards aren’t involved in day-to-day risk management efforts, they often use ERM reports to inform strategy and budget. Board members sometimes push back when the committee shares too much information about its operational work, so keep board reports concise and limited to information that can help inform your institution’s strategy.
Consider pulling information about your top five risks rather than reviewing all risks for your board, and include only high-level summaries instead of operational details. Be prepared to elaborate on additional details or metrics, or grant board members access to your committee reports or ERM dashboard should they have additional questions.
When it comes to frequency and timing when reporting to senior administration and the board, ask the board how often it would like to receive reports. Board committees that oversee ERM, like the Audit committee, may prefer reports for each board meeting or may request more details about one specific risk at a time. Full boards often prefer less frequent reporting at an even higher level of detail.
Use Reporting to Celebrate People
The ERM process allows leaders at all levels to get on the radar of senior leadership and boards by achieving a common goal – successfully managing a complex and shared risk.
Leaders who champion ERM efforts and use the process to work on meaningful initiatives can win big. Board members and senior administrators will remember leaders who demonstrate innovative ideas and cross-functional leadership abilities through ERM. They may consider these leaders for additional opportunities and funding down the line.
While most stakeholders only consider risk management after something has gone wrong, you can use reports to create a culture that celebrates proactive risk management efforts. Use reports to highlight the successes of ERM and its participants, celebrate your colleagues’ contributions, and encourage people to engage in risk management.
Encourage Discussion, Problem-Solving, and Succession Planning
Additional ways for fostering discussion and problem-solving through reporting:
- Distribute ERM committee reports to committee members before meetings. Save your committee time for discussion by celebrating project milestones, brainstorming solutions for potential obstacles or next steps, and learning from strategies that may not have worked as planned.
- Seek input on one or two risks at a time. Do this when working with senior leadership or boards. This helps you highlight existing projects, discuss budgeting, and seek guidance for next year’s risk management strategy.
- Use ERM reports for succession planning and leadership development. Share last year’s summary report with leaders who may be involved in future ERM efforts as development opportunities.
Continue onto UE’s blog Monitor Risks and Repeat the Process by Starting the Next Round of ERM or use our ERM Process Tracker to report your ERM efforts.
About the Author
Liza Kabanova, Esq.
Risk Management Consultant
Liza serves K-12 schools, colleges, and universities by discussing campus-specific risk management questions. Her areas of focus are enterprise risk management (ERM), COVID-19 response, change management, and training facilitation. She creates practical resources, leads education-specific ERM workshops, and co-authored Risk Management: An Accountability Guide for University and College Boards. Prior to joining UE, Liza served as Assistant Director for Safety and Learning at Pepperdine University. There, she worked to centralize campus safety programs, implement the first employee learning management system (LMS) platform, and serve on the university’s threat assessment team and its workers’ compensation and hazardous waste committees.