A lot of people who receive your risk report never read it. Here is a simple fix:
Add narrative, qualitative information.
Years ago, a client asked me to attend his firm’s corporate board meeting. I got a front row seat for how one closely-held corporation’s CEO managed his board.
The CEO started with a detailed risk report his staff had prepared. He, the CEO, walked the board through the report, page by page, item by item, number by number.
It was tedious.
Occasionally a board member asked a question, and there was some discussion. But it was tactical stuff: How was this trader performing? What was the situation with that client? How long were those accounts overdrawn?
When the CEO finished with the risk report, he turned to a detailed sales report his staff had prepared, and the tedium continued.
After 90 minutes of this, the CEO proposed everyone adjourn next door for the sumptuous meal he had ordered.
That was it. There was never discussion of strategy, planning, emerging risks, or board oversight.
There was much wrong with this board meeting. Mostly, the fault lay with the board. They let the CEO get away with it.
But a contributing factor was the risk report. It was pages of raw data – numbers, tables and graphs – with no analysis or insights.
Adding qualitative information would have changed this.
Adding it to your own risk report can be transformative.
Start by treating the front page like a social media news feed, listing in narrative form items like
- company news
- recent mistakes or mishaps
- proposed changes to procedures
- unresolved disputes or disagreements
- industry updates related to innovation, competition or regulation
Items like these inform. They get people thinking, talking and taking action.
If some items are already known to recipients, that is okay. Just placing them in the communal context of the risk report can spur dialogue or draw in perspectives that might have been missed.
Here is an example.
Suppose the sales force has been violating some procedure. Asked about this, they respond that the particular procedure is outdated – it needlessly undermines their sales in the current business environment.
What does this mean?
It could mean the procedure provides important safeguards against abusive sales practices, and the salesforce is circumventing it to boost sales. If that is the case, there could be bigger issues of salesforce training, morale and commitment. What other procedures are being violated?
On the other hand, the salesforce may be onto something. They are your firm’s eyes and ears in the competitive marketplace. The procedure they are violating may actually be outdated, and their violations are your first inkling of changes in your industry. Maybe there is a new risk emerging – or an opportunity to be seized.
Whatever the case may be, mentioning the procedure violations – as well as the salesforce’s explanation – in the risk report could spawn an important and fruitful discussion at the highest levels of your organization.
It will never happen if your risk report is limited to providing quantitative information.
Proceed carefully with implementation. Qualitative information has a way of highlighting issues that otherwise hide behind numbers. Some people won’t like that. Over many years as a consultant, I helped enough clients to know that pushback is likely – and it may come from quarters where you wouldn’t expect it.
When the pushback occurs, mention it in the risk report as another qualitative item. Let the dialogue begin.
Glyn – your analysis is right on the mark. A combination of qualitative and quantitative analysis works best, with weightings moving toward narrative the higher you go in the organization. You still have the numbers if additional detail is needed, but a graph and a story allows the discussion to lean toward strategic planning.