A critical component to any enterprise risk management (ERM) program is reporting the results.
Providing an update on the ERM program and what has been accomplished allows the ERM culture to continually be fostered at the credit union. It also supports board oversight, reinforces key ERM concepts, and demonstrates the organization’s commitment to ERM.
“What gets measured gets managed,” says Drew Smith, a business and risk consultant with Rochdale Paragon Group.
Smith discussed ERM and the advantages it provides to credit unions but focused on reporting ERM results during a breakout session at the 2019 CUNA Supervisory Committee and Internal Audit Conference Tuesday in Las Vegas.
Depending on the audience that is reviewing the report, the content that should be included in the ERM report varies:
When crafting the report, Smith says there are several things to keep thing mind.
Each report should have a summary of the ERM process and goals and a summary of the organization’s overall risk profile. In addition to the current risk profile, include how that profile has changed in recent months and what caused the changes.
“Looking at the top risks, they don’t really change,” he says. “But having an understanding of why they changed makes the report much more effective.”
Consider using quantitative and qualitative metrics in the report so readers can understand the ERM profile not only from an ERM perspective, but also from the credit union’s financial perspective. Include a discussion of external economic factors that contribute to the changes in the risk profile and a section that shows how the credit union’s activities are adhering to the organization’s established risk appetite.