Can Risk Reporting Drive Risk Management?A year ago, my team conducted some research into risk management. We wanted to assess the state of risk management adoption, the role of technology, and the evolution of risk management practices.
We combined our research with that of others and issued an infographic illustrating our conclusions. To summarize, everyone thinks risk management is important. But “good enough” practices and technologies rule. Things are changing slowly and not necessarily for the better, if at all.
In this blog, I want to assess the state of the risk management profession generally and provide an example of what a leading edge risk management initiative looks like in an external disclosure.
Risk management: Still an immature profession
Overall, we found that risk management was still immature as a profession and as a management practice. The table below compares risk management to financial management against a number of criteria. I’ll leave you to your own conclusions, but risk management looks weak to me.
Can Risk Reporting Drive Risk Management?
What will drive risk management?
The logical question was, “What will it take to drive risk management?” There appear to be no driving forces from within or any single compelling event driving the profession, and I see little momentum pushing risk management quickly up the maturity curve.
I concluded that the only thing that could possibly drive risk management was mandated external risk reporting. I believed mandated risk reporting would drive risk management into the business and drive vastly improved practices, standards, and value to investors.
Unfortunately, today’s mandated risk reporting standards are weak. Corporate reporting of risks for the most part are boilerplate exercises, providing little if any insight for stakeholders and investors. But that may be about to change.
Exxaro: Illustrating the future of risk management
Last week, I saw the future of risk management in the 2012 Integrated Report from Exxaro, a South African mining company. Issued as part of its integrated report, based on the framework being developed by the International Integrated Reporting Council (IIRC) this risk report is the single best instance I’ve ever seen of external risk reporting.
It must be seen to be believed. Risk management is firmly tied to business strategy and business performance and seems to drive Exxaro’s integrated reporting initiative.
I had the pleasure of meeting with and interviewing Saret van Loggerenberg, Exxaro’s Manager of Risk and Compliance, recently at a conference in Amsterdam. You can watch that interview on video.
It’s no surprise that South Africa is leading the way, both in risk management and integrated reporting. They’ve been leaders in governance standards for years and their influence is spreading.
If Exxaro’s example is what the future holds for risk reporting, I believe risk management will mature as a profession we can all be proud of.
I’m interested in seeing more example of innovative risk reporting. What is your company doing? What changes would you like to see?
More Business articles from Business 2 Community: