11 ways to present top risks to the board

When approaching the challenge of risk reporting, there are a number of key questions risk leaders may want to ask themselves: how do you present top risks to the board, what’s the best way of engaging with them, and what information do they need to know?

These questions have been at the centre of risk reporting discussions held by our network of risk managers, who regularly interact with each other about the challenges they face when trying to communicate with different levels of the business about the risks they face.

How to create standout risk reports that demonstrate the real value of Risk

Read our risk reporting feature

Read it now

To summarise the range of practical insights exchanged by Risk Leadership Network members about their experiences reporting on risks to the board, we have highlighted 11 key pieces of advice below.

1. Most boards like it to the point

Know your board members and be aware of how knowledgeable they are about risk-related matters. Do they have a lot of knowledge or not? Are they especially into risk? This may impact how you report to them.

2. Mitigate the need for detail

Organising pre-meetings with board members who want to receive a more detailed overview of the risks facing the business can help you mitigate the effect of their influence.

The risk report should be a catalyst for an informed discussion on risk, as opposed to a simple box-ticking exercise that just creates administrative burden for board members.

3. Get feedback

Get feedback from the board and CEO on what they are looking for.

Depending on the business and its reporting structure, this may not always be possible, so focus instead on what is most important for the board:

• What risk information will help them execute their current strategy?
• What assurance can you give them about the control environment of key risks?
• Check the information you are presenting against the question that the board will inevitably ask: so what?

4. Focus on KRIs

A risk report focused on high-level aggregated KRIs and appetite can give the board a better view of which risks and opportunities the company should focus on right now.

5. Include emerging risks

Include emerging risks and horizon scanning findings. This can provide an insight into which direction the organisation should be looking at, as well as helping the risk team to apply a strategic lens to the business' key risks and opportunities.

Benchmark your internal risk reporting to the ARC and board against 120+ risk leaders

Take our internal risk reporting self-assessment and get an instant benchmark report that compares the contents (including emerging risk), structure and frequency of your reporting against 120+ leading organisations.

Get started

6. Don’t focus on long-term risks

The biggest and most important risks to a company will often be those long-term threats and opportunities that the board are aware of; hence the same risks could be presented over and over again. Unsurprisingly, the board will not need (nor want) to hear about these repeatedly.

7. Highlight risks you want the board to consider

Highlight the risks you want the board to discuss and those you need guidance on.

These could be:

• New and emerging risks, or risks related to new strategies
• Ways to enhance your risk management maturity or simplify your current approach
• Risk appetite/risk tolerance
• Whatever you believe would be relevant for them and helpful for management/you.

8. Talk in plain English

The board will want to talk about the business in plain English – without reference to special risk techniques, templates or terminology.

Ultimately, if you can tell them something they didn't know, then you've already added value.

Take two or three risk topics they intuitively understand, bring in the risk owner, and try to frame the risk as a problem statement with a clear gap, while referring to a few internal data points or facts that they may not be aware of.

This tends to result in lively discussion, a focus on practical actions and an ongoing review of progress.

9. Break up the discussion into manageable pieces

Break up any prolonged interaction and discussions with the board into manageable pieces that are very focused on the purpose of the session.

10. Strike a balance

Regular reporting needs to strike a balance between qualitative and quantitative, historic and forward-looking, summary and detailed, financial and non-financial risks.

Deep dives should be called out separately to regular reporting.

Likewise, more strategic sessions should focus on a much longer time horizon and focus and strategic risks.

11. Use visuals

Boards (and risk and audit committees) prefer visual presentations of top risks. Risk dashboards, highlighting key actions to be taken or already in place, are a good start.

Actions and decisions should come out of these meetings.

The visualisations tools and graphics risk leaders are using for risk reporting

Read the feature and download example templates

See the examples

Are you an in-house risk leader who would benefit from collaborating with a global network of senior risk professionals? All our collaborations are bespoke and tailored to our members needs - so let us know what your risk reporting priorities are, and we'll look for an appropriate opportunity.