Chapter 15: Risk Reporting

Question 1

What is the primary purpose of risk reporting?

Answer 1

To inform decision-making, support risk management processes, and ensure compliance with regulatory requirements.

Question 2

What is a golden rule of reporting?

What must exceed what?

Answer 2

Value must exceed cost; information should influence decision-making.

Question 3

Which 5 points, should typical risk reporting content include?

Answer 3

• Incident reporting: # and size events, frequency, trends etc
• Top risks: Top 10 risks reported to board
• KRIs: Dahsboards, thresholds and colours
• Emerging risks: Changes in, but not limited to, regs
• Action plans

Question 4

What are the 5 challenges in risk reporting?

Balancing, preventing, filtering, aggregrating and maintaining?

Answer 4

• Balancing information
• Preventing (oversimplification)
• Filtering
• Aggregation
• Maintaining engagement.

Question 5

How should risk data be aggregated?

To adress the issues with qualitative data.

Answer 5

Convert qualitative metrics into monetary units and report worst-case scenarios.

Question 6

What are best practices in risk reporting?

Answer 6

Use clear taxonomy, focus on controls, and report on a need-to-know basis.

Question 7

What is the issue with using averages in risk reporting?

Water is 3 feet deep ON AVERAGE…..what could be used instead

Answer 7

Averages can be misleading due to outliers; use medians and quartiles instead.

Question 8

How can operational losses be benchmarked?

Why will this catch management attention?

Answer 8

Report losses as a percentage of gross income to capture management’s attention.

Question 9

How can data be turned into stories?

Focus on what?

Answer 9

Focus on deviations, outliers, and patterns to interpret and summarize data.

Question 10

What is the role of positive risk management

Paying just as much attention to what as to what?

Answer 10

Highlight successes by paying attention to positive deviations as much as negative ones.

Question 11

What is the importance of filtering and escalation in reporting?

Who needs to see what?

Answer 11

Different management levels need different amounts and types of risk information.

Question 12

What is the significance of a clear risk taxonomy?

Answer 12

It helps categorize and report risks effectively.

Question 13

How should unexpected losses be reported?

How frequently do they usually occur?

Answer 13

Individually, as these occur very infrequently.

Question 14

What is the benefit of real-time reporting?

It supports timely what

Answer 14

It supports timely decision-making with up-to-date data.

Question 15

What is the “so what?” approach in risk reporting?

What does this ensure?

Answer 15

Ensuring all reported information has a clear purpose and relevance to decision-making.

Question 16

How should emerging risks be addressed in risk reporting

On the horizon

Answer 16

Through horizon scanning, focusing on regulatory changes and broader risk environments.

Question 17

What is the importance of reporting conduct metrics?

Answer 17

To monitor compliance and employee behavior, aiding in informed decision-making.

Question 18

What is the significance of separating monitoring from reporting?

What actually is the difference?

Answer 18

Monitoring focuses on operational data, while reporting escalates critical issues for management.

Question 19

What is the impact of underreporting operational losses?

What could this show to the risk management function?

Answer 19

It may signal issues with data collection rather than excellent performance.

Question 20

Why might “Positive Reinforcement” good for reporting?

Answer 20

• Sending thank younotes for reporting, ecourages future cooperation and improve data qaulity