This chapter presents the principles of reporting and the types of content that are common in risk reporting in financial institutions. It explores the main challenges of reporting on non‐quantitative data, presents options to address risk aggregation and gives examples of conduct reporting. Finally, it proposes solutions to deal with the heavy tail nature of operational losses while turning data into reporting stories.

GOLDEN RULES OF REPORTING

Except for regulatory reporting, which is a mandatory requirement, firms should consider a few golden rules for efficient reporting:

• The value must exceed the cost of collection: there is no point collecting and reporting information when the cost is greater than the intrinsic value of the information.
• Know how you will use the information: if you have a clear purpose – usually to help make or confirm a decision – it helps you decide whether the information is worth knowing.
• Reporting influences decision‐making, even if the decision is to confirm the status quo. Rule 3 connects rule 1 and rule 2; a piece of information is valuable if it influences decision‐making, even if the decision is that the findings are good and nothing needs to change.

These rules are variations of the “so what?” approach to reporting, ensuring that everything reported has a purpose.

TYPICAL CONTENT OF RISK REPORTING

Reporting packs in operational risk commonly include the following:

1. Incident reporting: this covers number and size ...