5.2 Risk reporting
It is common for large organisations to set thresholds for risks (typically based on their impact and probability) above which they need to be shared (or reported) with certain groups of people; these are commonly called ‘escalation criteria’ and are often linked to ‘delegated authority’ levels. Very large organisations may set several such levels (e.g. a level for the project manager, a separate level for the managing director and a separate level again for the board).
Risk reporting provides information to help decision making, enables risks to be communicated across the organisation and also drives improvements to the way in which risk is managed.
There is no right or wrong answer to how to do this and different organisations have different ways of approaching it, but the fundamental requirement is accurate, complete, unbiased, timely information about risk.