Performance and risk: two sides of the same coin

By Stacie Saunders

Integrating risk into performance: Professor Regine Slagmulder


This post from Professor Regine Slagmulder, looks at her research into risk reporting and her CGMA report Integrating risk into performance – reporting to the board of directors.

Performance and risk are increasingly viewed as two sides of the same coin.

Although performance and risk management have traditionally used separate information flows originating from different organisational functions, there is a tendency to link them, for example by integrating risk indicators into the company’s performance scorecard.

The new report Integrating risk into performance – reporting to the board of directors analyses company practices with respect to performance and risk reporting to the board of directors.

Since the board of directors holds the ultimate responsibility for the company’s success or failure, board members should be adequately informed about the company’s performance and risks in order to fulfill their strategic monitoring role.

The main lessons learned from our research are that:

  1. while companies increasingly focus on professionalizing their risk reporting, this trend is only partly to be attributed to the economic crisis;
  2. there is a tendency to look at both the negative and positive side of risk
  3. companies establish both separate and integrated board-level reporting on risk.

All companies studied had established a risk management system that was the source of input for the risk information flow to the board.

While the management team was generally held responsible for managing risks in their respective business unit or region, there was also a separate reporting line to the board on the top 10 “global” risks.

We observed that all companies had a separate function to assist the management with their risk assessment and which aggregated the information for subsequent reporting to the board. In some companies the reporting went to the Audit committee, while in others the reporting was done by the executive management to the full board.

Our research we did not identify a single best approach to organising risk reporting to the board. However, we noticed that while separate risk reporting zooms in specifically on the risk aspects of the business, it has the propensity to be primarily compliance driven.

Our respondents emphasised that specialized risk reporting tends to lead the company into a “box-ticking exercise”. In contrast, integrated reporting allows breaking through functional silos in the company, thus enabling more effective strategic decision-making.

The fact that integrated reporting provides risk information in the context of other types of information on performance, strategy, and operations adds to a more in-depth understanding of how the business is doing.

For the accounting professional dealing with risk reporting to the board we conclude that it is no longer sufficient to provide reporting that solely focuses on performance while ignoring the risks that may affect the company’s results. Risk-enhanced performance reporting is evolving from an ad-hoc event under pressure of the economic downturn, to a continuous process that must be embedded within the company’s governance processes.

To read a copy of the report go to