CHAPTER 15Risk Reporting

This chapter presents the principles of reporting and the types of content that are common in risk reporting in financial institutions. It explores the main challenges of reporting on non‐quantitative data, presents options to address risk aggregation and gives examples of conduct reporting. Finally, it proposes solutions to deal with the heavy tail nature of operational losses while turning data into reporting stories.


Except for regulatory reporting, which is a mandatory requirement, firms should consider a few golden rules for efficient reporting:

  • The value must exceed the cost of collection: there is no point collecting and reporting information when the cost is greater than the intrinsic value of the information.
  • Know how you will use the information: if you have a clear purpose – usually to help make or confirm a decision – it helps you decide whether the information is worth knowing.
  • Reporting influences decision‐making, even if the decision is to confirm the status quo. Rule 3 connects rule 1 and rule 2; a piece of information is valuable if it influences decision‐making, even if the decision is that the findings are good and nothing needs to change.

These rules are variations of the “so what?” approach to reporting, ensuring that everything reported has a purpose.


Reporting packs in operational risk commonly include the following:

  1. Incident reporting: this covers number and size ...

Get Operational Risk Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.