Last week, I was in a discussion with our development team and the topic revolved around potential enhancements to the reporting that we include in our governance, risk and compliance (GRC) solution. One of the questions for which they seemed to be hoping I’d have a straight forward answer was: “So, what makes a good report template that all will love and use?”
A simple question, indeed, that I’m sure you have all been confronted with at some point in time, but it doesn’t have an easy answer…
Many requirements came to my mind, and I wanted today to somewhat structure and share my thoughts on this with you.
First, let me add a caveat: I don’t think there is a one-size-fits-all solution, every company and every stakeholder will have different needs.
To satisfy most and to be efficient, I believe that a good report template should at least tick the boxes below.
A report is always, whatever happens, a snapshot in time: the day when the report is displayed, a selected date, and so on.
Much like the balance sheet gives a picture of the company at a given date, the risk heatmap is a picture of the risks of an organization at a point in time.
Nevertheless, as for the balance sheet, what is most relevant is to compare different versions to understand the evolution of these risks.
Reports (and this is the essence of risk management reports) should support the decision-making process.
What’s useful is when the stakeholder displaying the report cannot only make the decision but also enforce it directly.
A report should therefore give access to the information source so that a new action plan can be added straightaway: on a risk whose level has increased and is now above the tolerance defined, or on a control that is no longer effective for instance.
Visual and graphical
One of the tricks of a good report is to ensure that people will understand it and to do so, will spend sufficient time on the information it displays.
If the report has a unattractive display, the risk is that it will only receive a glimpse and might miss the target. Being able to make it visually appealing should help to ensure that stakeholders will stop and read it.
With the help of graphics, a point can be made quite simply, without needing too much text. As they say, a picture is worth a thousand words.
Now, this doesn’t mean that more details won’t be required, and this is where my next point comes into consideration.
Simple but adaptable
Complexity on demand is an approach that I very much like.
A report can therefore show limited information when displayed on a simplified mode and, at the choice of the stakeholder, it can then grow in complexity by displaying much more information while also proposing sorting and filtering capabilities and so on, as required.
These are, of course, only a few requirements for a good report template. But to my mind, they constitute a solid foundation and enable an evolution in time, hence accompanying the stakeholder’s needs.
What other “must have” requirements do you think all report templates should cater to? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard