There is not correct format for effective risk monitoring. however, the structure and content of risk report to executive management team and to the Board of Directors should align to the following practices to support effective risk oversight ( NACD Blue Ribbon Report on Risk Governance: Balancing Risk and Reward 2009)
1) An organization should address the comprehensive range of risks facing the organization as determined by the organization’s strategic and operational goals. The report should span the range of material risks that the company has identified as relating to the organization’s goals and objectives
2) Capture and align information at a level that is consistent with the organization’s risk management needs and goals. Risk exposure data should be presented using metrics that were determined appropriate for that risk type.
3) Link risk information to risk appetite and risk tolerance.
4) Current organizational risk exposures or positions should be presented alongside historical data and explanations of trends.
5) Update at a frequency consistent with pace of risk evolution and severity of risk.
6) Utilize standardized templates to allow for consistent presentation and structure of risk information both between risks and over time.