Archives For risk reporting

integrated

By Eric Tracey, investor, Governance for Owners

An integrated and individual approach to risk reporting is the key to helping investors make the right decisions.

When I read about a company’s strategy and objectives I want to read about risk as well. You can have higher and lower risk strategies depending on what you are trying to do but risk is inherent: what you want to see is how two companies that do ostensibly similar things are going about, or might go about, them in a way that is different, and that’s what you want to understand.

I want to read about what the directors are really worrying about – not something that is just made up for the annual report.

The great challenge in all reporting is that it gets taken over by advisers. They either make it all very bland or alternatively put everything in but the kitchen sink, in which case it becomes completely useless. That’s the biggest threat to good risk reporting.

Risk reporting should contain a certain amount of policy, but it’s more about what’s changed than what carries on from year-to -year.

What you want people do each year is not to quite start from a blank sheet of paper, but it’s important to say this is what we’ve done this year. Reporting needs to be in the past tense – if it just becomes a whole series of policy statements then it frankly becomes pretty meaningless.

I am also not impressed when issues of commercial sensitivity are used as a barrier to risk reporting.

It’s a fantastic smokescreen to hide all sorts of things and I don’t give it much credence at all. You ought to be able to describe your risks to the business without giving away something that you should keep secret. It’s precisely because it’s sensitive that something should be reported to shareholders.

Where the law limits what can be said, looking forward, there is still a lot that can be said about the company’s approach to risk and who is managing it.

If I saw something that said risk is the responsibility of the audit and risk committee, I’d be more wary than if a company told me that risk is the primary responsibility of the CEO and the management team. Those would be quite different statements.

Similarly a company’s risk appetite can be better communicated by talking about what the company actually does and is revealed in the decisions the company makes. It is reflected in the exposures taken, and whether you are comfortable with them and if the return you are getting is acceptable.

What’s important is that this risk appetite and approach is reflected right through the business all the way up.

In good companies that’s what they try to do – they say, this is how we do what we do, this is how we approach risk, now let’s write that story. So you don’t have these enormous exposures that the board is not fully aware of, which is clearly what happened in the financial crash, when there would have been people somewhere in the banks who understood the risks.

I want to get a clear understanding of regulatory risks and how these are shaped by the various financial control authorities around the world.  More standardisation of the reporting of risk around the world would in theory be a good thing, but the perfect should not be the enemy of the good.

While you can’t object to standardised international reporting, you don’t want to say you want everyone to be in the same place before you do anything.

As far as frequency goes, I am fine with ‘proper annual reporting’. If you do anything other than that you can overload people with information so that they can’t cope or use it in any way. You need to know what’s going on but the shareholder can’t cope if it’s every quarter or every six months – that’s too often and encourages short-termism.

Risk is the “core of capitalism” and developing an adequate understanding of it is an “interesting challenge.”

Does the growth of risk reporting make organisations more risk averse? Possibly, but it’s not necessarily a bad thing. You can have an adequate discussion of risk without beating the hell out of any entrepreneurial spirits.

Advertisements

By Ewald Müller, director, Financial Analysis, QFCRA

Oil and gas-rich Qatar is one of the fastest-growing economies in the world, reporting GDP growth of more than 14% in 2011. Since the turn of the century, though, the country has taken steps to diversify its interests and has established a successful financial services sector in Doha, known as the Qatar Financial Centre (QFC).

Qatar Skyline

The relative newness of Qatar’s financial services industry means that the regulatory system around it has also been created almost from scratch. The Qatar Financial Centre Regulatory Authority (QFCRA) was established in March 2005 and was tasked with building a principles-based regulatory and financial reporting regime that is aligned with best practice internationally.

QFCRA’s objectives include the ‘maintenance of efficiency, transparency, integrity and confidence in the QFC, as well as the maintenance of financial stability and reduction of systematic risk’. Effective risk reporting is an essential element of that objective, but is something that is relatively new to companies based in Qatar. The prevalence of risk reporting has increased across the Middle East in the past few years, but there is a lack of a broad understanding of risk reporting, a lack of skills around risk reporting, and a lack of understanding among users about what risk reports are meant to convey.

In many developed countries, the global financial crisis has been a catalyst for a more focused conversation about the value of risk reporting. One of the difficulties for those hoping to encourage better risk reporting in Qatar, though, was that the impact of the crisis was not felt as keenly in that country.

One of the benefits of starting with a blank piece of paper is that the QFCRA has been able to focus on what it sees as the essentials of good risk reporting: brevity. In Qatar a lot of what we’ve focused on in terms of risk reporting has come from the IMF’s financial stability indicators, which is not a vast set of data. It is a very good starting point, in the sense that it reflects the work of the entire world and focuses only on key indicators.

The biggest issue for me around risk reporting is quality versus quantity. Internationally, I think there’s so much disclosure that often users can’t see the wood for the trees and risk reports do more to confuse them than they do to help them. As far as I’m concerned, the crux of successful risk reporting is that it tells me what is useful – and materiality plays probably the single biggest role in that. Brevity is the key, and that is driven by materiality.

So far companies in Qatar have been “very appreciative” of the work of the QFCRA from a prudential perspective and there is an appetite for better risk reporting. Good risk reporting, which is linked to transparency, is a cornerstone to good governance. If risk reporting becomes a habit, it will create value. The problem is that the flipside is easier to prove – those who do not report risk well probably have something to hide.

 

Ewald joined the QFC Regulatory Authority in April 2012 from the South African Institute of Chartered Accountants (SAICA) where, as Senior Executive: Standards, he influenced developments in international standard-setting and South African legislation and regulation.  Prior to his position with SAICA, Ewald held senior roles in financial management, regulation, financial analysis and investor relations, primarily in the financial services industry.