Gold by MangoMagic

CEO · Template · Intermediate · Saves 20+ hours

Board Risk Reporting

Templates for board risk reporting.

Get coached on this — free

What's included

  • Risk Dashboard
    • Key risk summary
    • Trend indicators
    • Action status
  • Deep Dive Reports
    • Risk-specific analysis
    • Mitigation progress
    • Recommendations
  • Presentation Framework
    • Risk narrative
    • Board discussion
    • Decision requests

Best used when

  • Quarterly board risk updates
  • Risk committee presentations
  • Annual risk review
  • Post-incident board briefing

Why this is Gold

Board risk oversight requires clarity. These templates ensure effective communication.

The template

The Template

BOARD RISK REPORTING PHILOSOPHY

Understanding Board Risk Reporting for CEOs

Boards have a fiduciary duty to oversee risk. As CEO, your job is to give them what they need to fulfill that duty—not to overwhelm them with detail or hide material risks. Effective board risk reporting builds confidence, enables governance, and prevents surprises. Poor reporting creates liability and erodes trust.

THE BOARD RISK REPORTING REALITY
═══════════════════════════════════════

WHAT BOARDS NEED:

Boards need to know:
☐ What could materially harm the company
☐ What you're doing about it
☐ Whether mitigation is working
☐ What decisions they need to make
☐ What they should be worried about

Boards do NOT need:
☐ Every risk you manage
☐ Excessive technical detail
☐ Risks without context
☐ Status updates without analysis
☐ Surprises

THE PURPOSE OF BOARD RISK REPORTING:

1. GOVERNANCE: Enable board oversight responsibility
2. ACCOUNTABILITY: Show management is managing
3. ALIGNMENT: Ensure risk appetite is followed
4. DECISION-MAKING: Get input on major risk decisions
5. EARLY WARNING: Prevent surprises

REPORTING PRINCIPLES:

☐ Material risks only (not comprehensive lists)
☐ Trend and trajectory (not just point-in-time)
☐ Action-oriented (not just informational)
☐ Forward-looking (not just backward-looking)
☐ Decision-focused (what do you need from the board?)

COMMON MISTAKES:

☐ Too much detail (boards don't need to manage risk)
☐ Too little context (numbers without meaning)
☐ No trends (static snapshots miss the point)
☐ No asks (wasted governance opportunity)
☐ Surprises (material risks should never be news)

THE CEO'S ROLE:

☐ Own the risk narrative
☐ Present with confidence
☐ Invite discussion, not rubber-stamping
☐ Be honest about what you don't know
☐ Prevent surprises at all costs

COMPREHENSIVE BOARD RISK REPORTING

Board Risk Dashboard

═══════════════════════════════════════
SECTION 1: EXECUTIVE DASHBOARD
═══════════════════════════════════════

BOARD RISK REPORT

Company: _______________
Quarter: _______________
Presented by: _______________
Date: _______________

EXECUTIVE SUMMARY:

OVERALL RISK POSTURE:
☐ Improving ☐ Stable ☐ Elevated ☐ Critical

One-sentence summary:
_______________________________________________

KEY CHANGES THIS QUARTER:
• _______________
• _______________
• _______________

RISK SUMMARY:
┌─────────────────────────────────────────────┐
│                                             │
│  RISK INVENTORY                             │
│  ─────────────────────────────────          │
│  Total risks tracked:      ___              │
│                                             │
│  Critical/High risks:      ___  (↑↓→)       │
│  Medium risks:             ___  (↑↓→)       │
│  Low/Monitor risks:        ___  (↑↓→)       │
│                                             │
│  New risks this quarter:   ___              │
│  Risks elevated:           ___              │
│  Risks reduced:            ___              │
│  Risks closed:             ___              │
│                                             │
└─────────────────────────────────────────────┘

RISK HEAT MAP:
           │ Low Impact │ Med Impact │ High Impact │
─────────────────────────────────────────────────────
High Prob  │            │            │             │
Med Prob   │            │            │             │
Low Prob   │            │            │             │

TOP 5 RISKS:
| Rank | Risk | Category | Score | Trend | Owner |
|------|------|----------|-------|-------|-------|
| 1 | | | /25 | ↑↓→ | |
| 2 | | | /25 | ↑↓→ | |
| 3 | | | /25 | ↑↓→ | |
| 4 | | | /25 | ↑↓→ | |
| 5 | | | /25 | ↑↓→ | |

CEO RISK COMMENTARY:
_______________________________________________
_______________________________________________

Risk Category Summary

═══════════════════════════════════════
SECTION 2: CATEGORY SUMMARY
═══════════════════════════════════════

RISK BY CATEGORY:

STRATEGIC RISK:
Overall status: ☐ G ☐ Y ☐ R
Trend: ↑↓→
Top risk: _______________
Key update: _______________

OPERATIONAL RISK:
Overall status: ☐ G ☐ Y ☐ R
Trend: ↑↓→
Top risk: _______________
Key update: _______________

FINANCIAL RISK:
Overall status: ☐ G ☐ Y ☐ R
Trend: ↑↓→
Top risk: _______________
Key update: _______________

COMPLIANCE RISK:
Overall status: ☐ G ☐ Y ☐ R
Trend: ↑↓→
Top risk: _______________
Key update: _______________

CYBERSECURITY RISK:
Overall status: ☐ G ☐ Y ☐ R
Trend: ↑↓→
Top risk: _______________
Key update: _______________

PEOPLE RISK:
Overall status: ☐ G ☐ Y ☐ R
Trend: ↑↓→
Top risk: _______________
Key update: _______________

REPUTATIONAL RISK:
Overall status: ☐ G ☐ Y ☐ R
Trend: ↑↓→
Top risk: _______________
Key update: _______________

CATEGORY STATUS SUMMARY:
| Category | Status | Trend | Concerns | Actions |
|----------|--------|-------|----------|---------|
| Strategic | ☐ G ☐ Y ☐ R | ↑↓→ | | |
| Operational | ☐ G ☐ Y ☐ R | ↑↓→ | | |
| Financial | ☐ G ☐ Y ☐ R | ↑↓→ | | |
| Compliance | ☐ G ☐ Y ☐ R | ↑↓→ | | |
| Cyber | ☐ G ☐ Y ☐ R | ↑↓→ | | |
| People | ☐ G ☐ Y ☐ R | ↑↓→ | | |
| Reputation | ☐ G ☐ Y ☐ R | ↑↓→ | | |

Risk Deep Dive Template

═══════════════════════════════════════
SECTION 3: RISK DEEP DIVES
═══════════════════════════════════════

DEEP DIVE: [RISK NAME]

RISK IDENTIFICATION:
Risk: _______________
Category: _______________
Owner: _______________
Board attention: ☐ Information ☐ Discussion ☐ Decision

RISK ASSESSMENT:

Current Status:
┌─────────────────────────────────────┐
│ Likelihood: ___ (1-5)               │
│ Impact:     ___ (1-5)               │
│ Score:      ___ / 25                │
│ Prior:      ___ / 25                │
│ Trend:      ↑↓→                     │
└─────────────────────────────────────┘

Risk Description:
_______________________________________________
_______________________________________________

Potential Impact:
• Financial: $_____
• Operational: _______________
• Reputational: _______________
• Other: _______________

ROOT CAUSE ANALYSIS:

Primary causes:
1. _______________
2. _______________
3. _______________

Contributing factors:
☐ _______________
☐ _______________

CURRENT MITIGATION:

| # | Mitigation Action | Owner | Due | Status |
|---|-------------------|-------|-----|--------|
| 1 | | | | ☐ Complete ☐ On track ☐ Delayed |
| 2 | | | | ☐ Complete ☐ On track ☐ Delayed |
| 3 | | | | ☐ Complete ☐ On track ☐ Delayed |

Mitigation effectiveness: ☐ High ☐ Medium ☐ Low

KEY RISK INDICATORS:

| Indicator | Threshold | Current | Prior | Status |
|-----------|-----------|---------|-------|--------|
| | | | | ☐ G ☐ Y ☐ R |
| | | | | ☐ G ☐ Y ☐ R |
| | | | | ☐ G ☐ Y ☐ R |

RESIDUAL RISK:
After mitigation: ☐ Acceptable ☐ Tolerable ☐ Unacceptable

BOARD DISCUSSION:

Management's view: _______________

Decision or input needed:
☐ None - information only
☐ Acknowledge risk acceptance
☐ Approve mitigation approach
☐ Provide guidance on: _______________
☐ Approve additional investment: $_____

Questions for discussion:
1. _______________
2. _______________

Key Risk Indicators Dashboard

═══════════════════════════════════════
SECTION 4: KEY RISK INDICATORS
═══════════════════════════════════════

KRI DASHBOARD:

FINANCIAL KRIs:
| Indicator | Threshold | Current | Prior | Trend | Status |
|-----------|-----------|---------|-------|-------|--------|
| Cash runway | >18 months | ___mo | ___mo | ↑↓→ | ☐ G ☐ Y ☐ R |
| Burn rate vs plan | ±10% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |
| Customer concentration | <20% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |
| DSO | <45 days | ___d | ___d | ↑↓→ | ☐ G ☐ Y ☐ R |
| Net retention | >110% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |

OPERATIONAL KRIs:
| Indicator | Threshold | Current | Prior | Trend | Status |
|-----------|-----------|---------|-------|-------|--------|
| System uptime | >99.9% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |
| Major incidents | <2/qtr | ___ | ___ | ↑↓→ | ☐ G ☐ Y ☐ R |
| Support SLA | >95% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |
| Critical bugs | <___ | ___ | ___ | ↑↓→ | ☐ G ☐ Y ☐ R |

SECURITY KRIs:
| Indicator | Threshold | Current | Prior | Trend | Status |
|-----------|-----------|---------|-------|-------|--------|
| Security incidents | 0 critical | ___ | ___ | ↑↓→ | ☐ G ☐ Y ☐ R |
| Patch compliance | >95% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |
| Security training | 100% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |
| Phishing test pass | >90% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |

COMPLIANCE KRIs:
| Indicator | Threshold | Current | Prior | Trend | Status |
|-----------|-----------|---------|-------|-------|--------|
| Audit findings | 0 material | ___ | ___ | ↑↓→ | ☐ G ☐ Y ☐ R |
| Policy compliance | 100% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |
| Training completion | 100% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |
| Open issues | <___ | ___ | ___ | ↑↓→ | ☐ G ☐ Y ☐ R |

PEOPLE KRIs:
| Indicator | Threshold | Current | Prior | Trend | Status |
|-----------|-----------|---------|-------|-------|--------|
| Attrition (voluntary) | <15% | ___% | ___% | ↑↓→ | ☐ G ☐ Y ☐ R |
| Key role vacancy | <___ | ___ | ___ | ↑↓→ | ☐ G ☐ Y ☐ R |
| Engagement score | >___ | ___ | ___ | ↑↓→ | ☐ G ☐ Y ☐ R |
| Glassdoor rating | >4.0 | ___ | ___ | ↑↓→ | ☐ G ☐ Y ☐ R |

KRI ALERTS:
| Indicator | Issue | Action Required |
|-----------|-------|-----------------|
| | | |
| | | |

Emerging Risk Report

═══════════════════════════════════════
SECTION 5: EMERGING RISKS
═══════════════════════════════════════

EMERGING RISK SCAN:

HORIZON SCANNING SUMMARY:
Looking ahead 12-24 months for risks not yet on our radar.

IDENTIFIED EMERGING RISKS:

EMERGING RISK 1:
Risk: _______________
Category: _______________
Source: ☐ Market ☐ Technology ☐ Regulatory ☐ Competitive ☐ Other

Description:
_______________________________________________

Probability of materializing: ☐ High ☐ Medium ☐ Low
Potential impact if materializes: ☐ High ☐ Medium ☐ Low
Timeline: _______________

Current monitoring: _______________
Potential response: _______________

EMERGING RISK 2:
Risk: _______________
Category: _______________
Source: ☐ Market ☐ Technology ☐ Regulatory ☐ Competitive ☐ Other

Description:
_______________________________________________

Probability of materializing: ☐ High ☐ Medium ☐ Low
Potential impact if materializes: ☐ High ☐ Medium ☐ Low
Timeline: _______________

Current monitoring: _______________
Potential response: _______________

EMERGING RISK 3:
Risk: _______________
Category: _______________
Source: ☐ Market ☐ Technology ☐ Regulatory ☐ Competitive ☐ Other

Description:
_______________________________________________

Probability of materializing: ☐ High ☐ Medium ☐ Low
Potential impact if materializes: ☐ High ☐ Medium ☐ Low
Timeline: _______________

Current monitoring: _______________
Potential response: _______________

EMERGING RISK SUMMARY:
| Risk | Probability | Impact | Timeline | Action |
|------|-------------|--------|----------|--------|
| | H/M/L | H/M/L | | ☐ Monitor ☐ Prepare |
| | H/M/L | H/M/L | | ☐ Monitor ☐ Prepare |
| | H/M/L | H/M/L | | ☐ Monitor ☐ Prepare |

BOARD DISCUSSION:
Are there emerging risks the board is seeing that management should add?
_______________________________________________

Mitigation Progress Report

═══════════════════════════════════════
SECTION 6: MITIGATION PROGRESS
═══════════════════════════════════════

MITIGATION ACTIVITY SUMMARY:

ACTIONS COMPLETED THIS QUARTER:
| Risk | Action | Impact |
|------|--------|--------|
| | | ☐ Risk reduced ☐ Risk eliminated |
| | | ☐ Risk reduced ☐ Risk eliminated |
| | | ☐ Risk reduced ☐ Risk eliminated |

ACTIONS IN PROGRESS:
| Risk | Action | Due | Status | On Track |
|------|--------|-----|--------|----------|
| | | | ___% | ☐ Y ☐ N |
| | | | ___% | ☐ Y ☐ N |
| | | | ___% | ☐ Y ☐ N |

ACTIONS BEHIND SCHEDULE:
| Risk | Action | Original Due | New Due | Reason |
|------|--------|--------------|---------|--------|
| | | | | |
| | | | | |

INVESTMENT IN RISK MITIGATION:
| Category | Budget | Spent | Forecast | ROI/Impact |
|----------|--------|-------|----------|------------|
| Compliance | $ | $ | $ | |
| Security | $ | $ | $ | |
| Operations | $ | $ | $ | |
| Other | $ | $ | $ | |
| TOTAL | $ | $ | $ | |

MITIGATION EFFECTIVENESS:
| Risk | Pre-Mitigation Score | Post-Mitigation Score | Change |
|------|---------------------|----------------------|--------|
| | /25 | /25 | ↑↓ |
| | /25 | /25 | ↑↓ |
| | /25 | /25 | ↑↓ |

Board Risk Discussion Guide

═══════════════════════════════════════
SECTION 7: BOARD DISCUSSION GUIDE
═══════════════════════════════════════

BOARD MEETING AGENDA:

RISK PRESENTATION STRUCTURE:
| Section | Content | Time | Presenter |
|---------|---------|------|-----------|
| Executive summary | Overall posture, key changes | 3 min | CEO |
| Dashboard review | Top risks, KRIs, trends | 5 min | CEO |
| Deep dive 1 | [Risk name] | 5 min | Owner |
| Deep dive 2 | [Risk name] | 5 min | Owner |
| Emerging risks | Horizon scan | 3 min | CEO |
| Discussion | Board input, decisions | 10 min | All |

PREPARED DISCUSSION TOPICS:

Topic 1: _______________
Background: _______________
Management recommendation: _______________
Options for board:
☐ _______________
☐ _______________

Topic 2: _______________
Background: _______________
Management recommendation: _______________
Options for board:
☐ _______________
☐ _______________

DECISIONS REQUESTED:

| Decision | Recommendation | Rationale |
|----------|----------------|-----------|
| | | |
| | | |

QUESTIONS TO ANTICIPATE:

Q: _______________
A: _______________

Q: _______________
A: _______________

Q: _______________
A: _______________

BOARD MEMBER EXPERTISE:
| Member | Risk Expertise | Invite Input On |
|--------|----------------|-----------------|
| | | |
| | | |
| | | |

Annual Risk Review

═══════════════════════════════════════
SECTION 8: ANNUAL RISK REVIEW
═══════════════════════════════════════

ANNUAL RISK REVIEW (Board meeting)

YEAR IN REVIEW:

RISK POSTURE EVOLUTION:
| Quarter | Posture | Major Events |
|---------|---------|--------------|
| Q1 | | |
| Q2 | | |
| Q3 | | |
| Q4 | | |

SIGNIFICANT RISK EVENTS:
| Event | Impact | Response | Outcome |
|-------|--------|----------|---------|
| | | | |
| | | | |

MITIGATION ACHIEVEMENTS:
| Initiative | Risk Addressed | Investment | Result |
|------------|----------------|------------|--------|
| | | $ | |
| | | $ | |

RISK APPETITE PERFORMANCE:
| Category | Appetite | Actual | Within Bounds |
|----------|----------|--------|---------------|
| Strategic | | | ☐ Y ☐ N |
| Operational | | | ☐ Y ☐ N |
| Financial | | | ☐ Y ☐ N |
| Compliance | | | ☐ Y ☐ N |
| Reputation | | | ☐ Y ☐ N |

LOOKING AHEAD:

TOP RISKS FOR COMING YEAR:
1. _______________
2. _______________
3. _______________

RISK INVESTMENT PRIORITIES:
| Priority | Budget Request | Justification |
|----------|----------------|---------------|
| 1 | $ | |
| 2 | $ | |
| 3 | $ | |

RISK APPETITE UPDATES:
Proposed changes: _______________
Rationale: _______________

ANNUAL DECISIONS REQUESTED:
☐ Approve updated risk appetite
☐ Approve risk investment budget
☐ Approve risk committee charter (if applicable)
☐ Other: _______________

CEO Board Reporting Governance

═══════════════════════════════════════
CEO BOARD REPORTING GOVERNANCE
═══════════════════════════════════════

REPORTING CALENDAR:

| Timing | Report | Content |
|--------|--------|---------|
| Quarterly | Board risk report | Dashboard + 2-3 deep dives |
| Annually | Annual risk review | Year in review + forward look |
| Ad hoc | Material risk event | Immediate notification |
| Between meetings | Updates as needed | Significant changes |

PREPARATION TIMELINE:
Week -3: Risk data collection
Week -2: Analysis and drafting
Week -1: CEO review and finalization
Meeting: Presentation and discussion

NO SURPRISES RULE:
If a material risk emerges:
☐ Board chair notified immediately
☐ Full board notified within 24-48 hours
☐ Formal update at next meeting

FEEDBACK LOOP:
After each board meeting:
☐ Capture board input
☐ Assign follow-up items
☐ Track to completion
☐ Report back next meeting

CEO BOARD RISK QUESTIONS:

1. Is the board getting what they need?
2. Are they surprised by anything (bad sign)?
3. Are they engaged in discussion (good sign)?
4. Do they trust the reporting?
5. Are they helping us get better?

REPORTING QUALITY CHECKLIST:
☐ Material risks highlighted
☐ Trends and context provided
☐ Actions and accountability clear
☐ Decisions explicitly requested
☐ No surprises
☐ Presentation under 20 minutes

Quick Reference: Which Resource for Which Challenge

Challenge Recommended Resources
"Need risk framework" #503
"Business continuity" #504
"Cybersecurity risk" #505
"Insurance review" #506
"Key person dependency" #507
"Vendor risk" #508
"Crisis preparedness" #512

Every resource built to the Human Standard. Every resource designed to protect what you've built.

Frequently asked questions

What is the Board Risk Reporting?

Templates for board risk reporting.

Who is the Board Risk Reporting for?

It is built for CEOs and their teams working on Risk Management. The AI coach adapts it to your company, stage, and goals.

How long does the Board Risk Reporting take to use?

It saves roughly 20+ hours versus building from scratch. Our AI coach can tailor the template to your situation in minutes, then hand you a step-by-step plan.

Is the Board Risk Reporting free?

Yes. You can read the full template and start getting coached through it for free. Sign in to save your tailored version and track your next steps.

How does the AI coach help with the Board Risk Reporting?

The coach teaches you the framework, asks a few questions about your business, tailors the template to you, and gives you measurable next steps to execute.