Frank Curtiss, head of corporate governance at RPMI Railpen Investments

Investor primacy and a clear narrative in the voice of management are key elements in risk reporting.

What I want to see is an honest explanation in the context of the business strategy and the business model and how that risk is managed. While I recognise that other stakeholders will want to look at corporate reports and there is a wider public interest, the purpose of reporting is about stewardship and accountability to those who provide the risk capital.

Boilerplate reports are of little use, as are reports which drag investors into the micromanagement of the business.

A boilerplate approach may be what your lawyers think is a good idea and you may think you can’t be faulted but you can. Even worse is just an exhaustive list of risks, some of which are so obvious. What we need to know are the key risks, why management thinks they are critical and what they are going to do about it.

As a member of the IIRC working group I am naturally a keen proponent of integrated reporting, and keeping risk reporting connected to the broader risk management approach of the company.

It’s also about integrated thinking and working across the company. We see enthusiastic companies taking part in the IIRC pilot programme where finance and corporate social responsibility and investor relations are working together, not in silos.

The less enthusiastic finance departments tend to throw out excuses about sensitive information and increasing the reporting burden. In many cases they should be reporting on these things anyway if only for management information. There’s clearly a balance between informing the markets and giving the game away, but the more transparent companies don’t seem to have a problem. If people tell me ‘it can’t be done, it can’t be done’ I just tell them that some people are already doing it.

Some of the companies I think demonstrate good risk reporting include:

  • Admiral – highlighted the risk relating to their change of strategy in the CEO’s statement – which is where it should be
  • Aggreko – written in a personal voice, refreshingly honest and doesn’t shrink from telling us the potential risks to revenue
  • BT - very good description of the business model and very good up-to-date risk section – we don’t want to read the same thing year after year
  • Great Portland Estates – they explain the strategy pretty clearly, each risk is identified and discussed with helpful cross references to other parts of the report
  • Provident Financial – lending to subprime customers is a very risky business and terribly topical: the risk section is very good and tells what their risk committee agenda is.  But it’s a hugely controversial sector and they know they need to explain it—we don’t need that level of detail from every company.

Often higher levels of transparency can be found in those areas, such as gambling and tobacco, where the ‘licence to operate’ is in question. They are all too aware that the spotlight is on them and they’ve got to justify themselves.

But some industries are in general better than others – the extractive industries are generally ahead of many financial services organisations, for example.

An important factor is the general level of information that is around. There’s the risk of assuming prior knowledge. For a mid-tier company there’ll be nothing like the level of analysis that there is on say, the big telecoms providers and their peers. And even the most clued-up investors don’t know everything – they’re not present at board meetings or risk committee meetings or audit committee meetings so the more that a company explains the better.

In recent years RPMI has shifted its asset allocation considerably away from UK equities and is now a truly global investor across a number of countries. I would like to see a more closely aligned international standard of reporting. However with even English-speaking countries with common traditions having wide variations, it is difficult for companies simply to import a better reporting regime into a different jurisdiction.

There’s got to be a race to the top, that’s why I support the IIRC attempt to promote best practice internationally. There’s definitely a willingness by governments and regulators to embrace this, but investor and privately led initiatives tend to be more successful, as by definition regulation has to be more detailed. We don’t hope to change it tomorrow but we might see a significant step-change between now and 2020.

By this time I hope that more and more reporting will have moved online, hopefully in standardised formats that make it easier for investors to mine and work with the data.

An annual report is useful as a snapshot for stewardship purposes—but as technology improves you will see dynamic integrated reporting as reporters and users become more confident, and that will eventually replace the massive end-of-year annual report.

I have seen a lot of progress in risk reporting since the financial crisis. Risk has now become something that can be discussed when previously it was a four-letter word. The better reporters are telling us something useful about risk—the levels of disclosure used to be terrible across the board, now there are plenty that are not.

Successive generations of management will wonder what all the fuss was about. The benefits of better quality information and greater transparency must outweigh the risks of an enhanced disclosure regime, and any unhelpful side effects will be more than balanced by the positives.

The big challenge now is the mass of companies whose risk reporting is inadequate at best:

There are some shining examples, good reports that tell the story honestly and in the voice of the company. The trick is to get the others up to speed.

High quality risk reporting increases investor confidence, not just in terms of the risks being discussed, but also in the overall quality of management:

It provides reassurance in terms of stewardship and responsibility that the management are taking on all this and that they are looking at the right risks.

Ultimately it’s all about what management think and what they are doing.  And if a company can’t explain its own strategy and its business model itself, then who can?

Jarlath Molloy

Dr Jarlath Molloy CPhys, CDSB Technical Manager

A wide range of voluntary and mandatory external drivers influence reporting in the environment and sustainability domain. For example, many organisations may prepare and publish a range of information requested by CDP, Global Reporting Initiative, International Organization for Standardization, OECD guidelines for multinational enterprises, Principles for Responsible Investment, UN Global Compact, Water Accounting Standards Board (WASB) and this list may soon include CEO Water Mandate, International Integrated Reporting Council and Sustainability Accounting Standards Board (SASB). A question you could legitimately ask is whether there is a need for yet another Framework?

The Climate Disclosure Standards Board (CDSB) is a consortium of business and environmental organisations formed at the World Economic Forum’s annual Davos meeting in 2007 and has been chaired by the managing director of WEF since. CDP has kindly provided secretariat support to us since our inception. We are supported by a group of leading industrial and financial services companies together with governmental and non-governmental representatives, who act in an advisory capacity to CDSB. A Technical Working Group formed of representatives of the major accounting firms and professional bodies, including ACCA, coordinates CDSB’s work program with expert input from academics and specialist collaborators.

We are committed to the integration of climate change-related information into mainstream corporate reporting. The Framework is designed to allow investors to assess the relationship between environmental performance and risks, and the organisation’s strategy and prospects. Moreover, it will encourage analysis and decisions which recognise the dependence of economic and financial stability on a healthy environment.

With the inclusion of this information in a mainstream report, the organisation’s environmental performance and risk is subject to the same International Financial Reporting Standards and assurance requirements as financial information. This information is centrally deposited with the competent national authority in a timely fashion and is publically available. We are working with regulators, CDP and the Fujitsu Research Institute to develop an eXtensible Business Reporting Language (XBRL) taxonomy to enable digital, structured communication and exchange of this information and closer alignment with financials in mainstream reports.

What sets CDSB apart from the chorus is that we set out to specifically harmonise reporting of environmental and sustainability risk. We have identified how the other reporting requirements link to each other and to our updated Framework. With the addition of cross-references to CDP, CEO Water Mandate, GRI, IIRC, OECD, PRI, UNGC, WASB and others we compliment their work, adding value by drawing it together in a meaningful narrative for responsible investors.

Our focus to date has been on risks and opportunities that climate change presents to an organisation’s strategy, financial performance and condition. The consultation we have just launched expands that scope into forest commodity risks (i.e. the drivers of deforestation) and water. The public consultation for the updated CDSB Framework opened on 17 February and will run until 19 May 2014. We invite you to comment on the draft and tell us if and how we can do more to address your needs and expectations. Visit http://www.cdsb.net/climate-change-reporting-framework/framework-consultation for more information and to sign up for our consultation briefing webinars on 19 March 2014.

integrated

By Eric Tracey, investor, Governance for Owners

An integrated and individual approach to risk reporting is the key to helping investors make the right decisions.

When I read about a company’s strategy and objectives I want to read about risk as well. You can have higher and lower risk strategies depending on what you are trying to do but risk is inherent: what you want to see is how two companies that do ostensibly similar things are going about, or might go about, them in a way that is different, and that’s what you want to understand.

I want to read about what the directors are really worrying about – not something that is just made up for the annual report.

The great challenge in all reporting is that it gets taken over by advisers. They either make it all very bland or alternatively put everything in but the kitchen sink, in which case it becomes completely useless. That’s the biggest threat to good risk reporting.

Risk reporting should contain a certain amount of policy, but it’s more about what’s changed than what carries on from year-to -year.

What you want people do each year is not to quite start from a blank sheet of paper, but it’s important to say this is what we’ve done this year. Reporting needs to be in the past tense – if it just becomes a whole series of policy statements then it frankly becomes pretty meaningless.

I am also not impressed when issues of commercial sensitivity are used as a barrier to risk reporting.

It’s a fantastic smokescreen to hide all sorts of things and I don’t give it much credence at all. You ought to be able to describe your risks to the business without giving away something that you should keep secret. It’s precisely because it’s sensitive that something should be reported to shareholders.

Where the law limits what can be said, looking forward, there is still a lot that can be said about the company’s approach to risk and who is managing it.

If I saw something that said risk is the responsibility of the audit and risk committee, I’d be more wary than if a company told me that risk is the primary responsibility of the CEO and the management team. Those would be quite different statements.

Similarly a company’s risk appetite can be better communicated by talking about what the company actually does and is revealed in the decisions the company makes. It is reflected in the exposures taken, and whether you are comfortable with them and if the return you are getting is acceptable.

What’s important is that this risk appetite and approach is reflected right through the business all the way up.

In good companies that’s what they try to do – they say, this is how we do what we do, this is how we approach risk, now let’s write that story. So you don’t have these enormous exposures that the board is not fully aware of, which is clearly what happened in the financial crash, when there would have been people somewhere in the banks who understood the risks.

I want to get a clear understanding of regulatory risks and how these are shaped by the various financial control authorities around the world.  More standardisation of the reporting of risk around the world would in theory be a good thing, but the perfect should not be the enemy of the good.

While you can’t object to standardised international reporting, you don’t want to say you want everyone to be in the same place before you do anything.

As far as frequency goes, I am fine with ‘proper annual reporting’. If you do anything other than that you can overload people with information so that they can’t cope or use it in any way. You need to know what’s going on but the shareholder can’t cope if it’s every quarter or every six months – that’s too often and encourages short-termism.

Risk is the “core of capitalism” and developing an adequate understanding of it is an “interesting challenge.”

Does the growth of risk reporting make organisations more risk averse? Possibly, but it’s not necessarily a bad thing. You can have an adequate discussion of risk without beating the hell out of any entrepreneurial spirits.

carol_adams (2)

By Dr Carol A Adams FCCA, member of ACCA’s Global Forum on Sustainability

If you are confused about what integrated reporting is, rest assured you are not the only one.

A lot of people think it’s about putting together your financial and sustainability reports. Wrong. It is much more than that – and much less. It will not replace either a financial or sustainability report – both must be in place for integrated reporting. But starting to think about the connections between the financials, the relationships your organisation has with its key stakeholders and how it makes use of natural resources, for a start, is a step in the right direction.

Integrated reporting requires thinking about ‘value’ beyond financial terms – a long overdue development given that around 80% of the value of company is typically in intangible assets.

Building strong relationships with stakeholders, building a loyal customer base, developing intellectual capital and managing environmental risks, etc, tend to fall off the radar when corporate execs think short-term. But they are critical to long-term success. Integrated reporting keeps the focus on long-term strategy and integrated reports are forward-looking documents covering strategy, the context in which it will be delivered and how the company has, and will, create value for providers of capital and others in the short, medium and long-term. The International <IR> Framework recognises that long-term success depends, amongst other things, on sound management, relationships, a satisfied workforce and the availability of natural resources.

Much of the information companies are providing to investors is not in their annual review or financial statements – further evidence of the need for change. An integrated report fills some of the gap and allows an organisation to tell providers of capital, and others, how it creates value for them.

If you asked your colleagues how they would describe your business model would they have the same view as you? Probably not. Many corporate execs think about their business model in narrow financial terms or from the perspective about the bit of the business they are responsible for. But if the senior exec work together in conceptualising the business model and start to think about inputs and outcomes in broader terms, a different picture about what needs to be managed and what adds value emerges.

The six capitals concept is intended to facilitate this broader thinking about value and the business model. ACCA has been at the forefront of its development coordinating the work of the IIRC’s Technical Collaboration Group on the capitals and funding my involvement.

Some companies are taking a first step towards integrated reporting by getting their financial and sustainability people working together. This is advantageous in that accountants could better understand social and environmental risks and their impact on reputation and the bottom line whilst sustainability teams need to develop skills in making a business case for their work. But the integrated thinking that goes behind integrated reporting needs to involve all the senior execs. And the Board.

If you would like to know more about integrated reporting, see some examples of good reporting practice and speak with some peers about the challenges and benefits, register for the Master Class in London on 14 March hosted by ACCA. You will hear from Eileen Rae, Director-Finance, ACCA and Jonathan Labrey, Communications Director at the International Integrated Reporting Council (IIRC). Eileen will discuss the preparation of ACCA’s second integrated report. A copy of
of my book Understanding Integrated Reporting: the concise guide to integrated thinking and the future of corporate reporting will also be given.

integrated

An ongoing tension in the debate around risk reporting is the gap between what investors want from a risk report and what companies feel is appropriate to disclose. The arguments are familiar: investors want a full and frank discussion of the risks the company faces; however companies say that providing any more detail than they currently do would require them to disclose commercially sensitive information.

In the first of a series of blogs on risk reporting, Jane Fuller, journalist and financial analyst, says this is a poor excuse for not being completely transparent.

I think it’s used too much as an excuse and it tends to infantilise the role of investors. Companies are effectively saying that they don’t want to frighten the horses.

I have been closely involved in responding to the initiatives developed by the IASB (the International Accounting Standards Board), the UK’s Financial Reporting Council and others since the financial crisis, which have collectively attempted to improve the risk reporting of financial institutions.

I feel that risk reporting in general still has some way to go, although guidance such as that from the Enhanced Disclosure Task Force of the Financial Stability Board has helped. The momentum towards better risk reporting has increased since 2008 – I have had more discussions about how to improve risk reporting since then. Moving things forward with purpose will require a change in attitude.

One of my major concerns about current risk reporting, and one that has been identified by CFA UK, is that risk reports rarely get to the fundamentals of what an identified risk would mean in practice i.e. the oil spill from BP’s Deepwater Horizon rig in the Gulf of Mexico in 2010. The group’s risk reports before the accident might have mentioned safety risks repeatedly, but there would have been little to help analysts in terms of what a rare accident might mean when looking at the financial impact it has.

BP could have said, for example, that accidents rarely happen but if one does, it will be very expensive for us and this is how we would mitigate the impact. Or a pharmaceutical company could disclose its general risk of litigation and say that while it happens on rare occasions, if it does happen the risk is considerable, perhaps illustrating this by disclosing the biggest payouts in the sector in the past.

This approach might cause migraines in many a boardroom but it would result in a far more useful discussion about risk. The main barrier to better risk reporting is companies’ reluctance to be frank. At the moment risk reporting is a process-driven exercise, which describes what they have looked at and the risk-management process, and that is a long way from a truly frank discussion.

The second problem is that risk reports have a management bias – a bias towards putting a gloss on everything. There is not enough challenging going on, from boards or auditors or investors, about the ‘what ifs’ – what if this went wrong? The reaction of some companies seems to be “don’t worry your little head about it.”

Ideally I would like to see risk reports that prioritise the major risks faced by the company, as well as identifying any emerging risks. A few banks, notably Barclays and HSBC, have experimented with this approach since the financial crisis and the results have been interesting.

This suggests that there is some scope for shortening risk reporting in the voluminous discussions and boilerplate lists sometimes produced. Some investors like the very detailed risk reporting you get in a prospectus. I’ve seen risk reports that run to pages and pages, Personally, I would like to see see risks prioritised, without losing too much detail. I would rather have 20 pages of risk disclosures and use my own brain than very few. If there is too much narrowing down of the reported risks it is more likely that something will be left out.

I don’t favour frequent or real-time risk reporting. It has to be a stand-back exercise and for that reason, I am generally happy with annual reporting. A focused, standalone interim report, which states the top risks and how the company is handling them, as well as any new risks that have emerged, might be a good addition, but risk reporting twice a year is enough.

The various initiatives designed to improve risk-based disclosures – such as the IAASB’s proposals on material misstatement – have had some impact. But even if the quality of risk reports improves, any sensible investor would see the report as just one element in making a decision. A risk report is the management’s perspective, after all. To get the full picture you need to look more broadly than that. You ask yourself if there is other evidence that you can collect that would shed more light.

It’s a timely reminder that to see the best view, you need to stand back.