Don’t expect miracles from risk reporting

RISK REPORTING is a tricksy beast, according to the ICAEW’s latest missive.

The institute’s Reporting Business Risks: Meeting Expectations warns it can create as many risks as it manages and will never prevent business failure, exhorting users “not to expect miracles”.

Inadvertently giving peers a competitive advantage is one major peril of risk reporting. If companies provide too much detail on problems and how they are managed, competitors might glean valuable commercial insight.

Additionally, companies reporting on new and significant risks could scare investors, potentially hurting share prices or access to credit.

For this reason, the temptation to give a generalised run-down of every conceivable risk is strong. This bad habit is more prevalent in the US, but some UK companies are also guilty.

Brian Singleton-Green, ICAEW manager of corporate reporting, spoke of the “tension between transparency and competitiveness” in risk reporting.

He admitted that maintaining this balance means risk reporting will always contain an element of boilerplate disclosure, potentially reducing its value.

For example, energy companies around the world report largely analogous risks. An investor familiar with the sector could find this disclosure of limited value, and might not bother to read the risk report at all.

Keeping competitors in the dark means investors are also deprived of detailed company risk information, but Singleton-Green said this trade-off is acceptable.

“Investors do want good disclosure, but they also want the company to make lots of money. Therefore, they don’t want risk reporting that will damage its prospects.”

Corporate reports might, at best, give a general impression of risk management. Before BP’s Deepwater Horizon disaster, the energy giant said it “continued to show [its] ability to take on and manage risk, doing the difficult things that others can’t do or choose not to do”.

By implication, BP might have been considered more of a risk-taker than peers, but this is the best steer an investor could hope for upon reading its annual report.

Risk reports are so generalised that arguably, only intimate company knowledge would help the investor differentiate between enterprises’ risk management.

Singleton-Green said outsiders “can never judge, except by financial results, which company handles risk better”.

“Report preparers can always find positive ways of describing risk and risk management but without inside eyes, investors would need fantastically detailed knowledge to work out what this means in practice.”

So what is the true value of risk reporting? If preparers produce boilerplate disclosures useful only to those with the most rudimentary sector knowledge, why bother in the first place? And why, on this basis, has the ICAEW produced a seven-point plan to improve risk reporting?

Conscientious reporters are urged to:

• Provide information that allows users to make their risk assessment;
• Focus on quantitative information rather than long, descriptive lists;
• Integrate information on risk with other disclosures;
• Think beyond the annual reporting cycle and update information on changes in key risks more than once a year;
• Keep lists of principal risks short to make it less likely they will be ignored;
• Highlight current concerns;
• Review experience of risk in the current period.

Given that risk reporting is, and probably always will be, fairly standardised, is this wish-list just a case of tidying round the edges? Singleton-Green said this was “probably a fair comment”, but insisted improvements do not need to make “dramatic changes”.

“It is still worth doing,” he said, and better for the information – such as it is – to be published than not.

The ICAEW publication highlights the limitations of risk reporting, saying users should not have “unrealistic expectations”.

Executive director Robert Hodgkinson commented: “There are a number of ways risk reporting can be improved and made more objective and useful. The danger is that people expect it to foretell impending events. Risk relates to an uncertain future, and some risks will always seem more important – and more likely – to one person than to another.”

The CFA Institute investor association is less understanding of competitive considerations in risk reporting.

Director Vincent Papa said “proprietary issues and cost” are often cited as reasons to avoid detailed risk reporting, but claimed these are “often overemphasised”.

He urged companies to prioritise “meaningful communication” that is relevant, complete and well presented.

This dovetails with ICAEW recommendations, but the CFA insists on more from report preparers, including an executive summary and integration of related risks.

A soon-to-be-published study of risk reporting under IFRS 7 shows the worst offenders present interrelated information – such as credit and liquidity risk – in a very dispersed manner.

“We want to see the linkages between risks,” said Papa. “One bank detailed Basel III issues 100 pages away from IFRS 7, even though it’s the same kind of information. This makes it very hard to see how the risks interrelate, and points to a stand-alone, tick-box type of reporting that is not helpful.”

Another common investor complaint is reporters’ habit of simply stating accounting requirements. “This is not meaningful disclosure,” Papa grumbled.

He also called on preparers to declare whether the numbers in risk reports have been audited, saying without this, “there is no comfort on the level of assurance provided”.

It is clear that neither investors nor the ICAEW are anticipating miracles from risk reporting, but the two stakeholders nevertheless have very different expectations.

While the institute warns against unrealistic ambitions for risk reporting, the investors are gunning for more and better disclosure. Companies are likely to gravitate towards the ICAEW’s viewpoint, so investors must yell loudly to ensure theirs is heard.

Related reading