Redesign of an Enterprise Risk Management Board Reporting System


Major Canadian Bank

Date Completed

March 2019

Design Team

Christopher Moorehead   Design Director & Information Architect
Robert Tu   Design Lead
Simon Aharonian   Information & UX Designer
Bruce Choy   Engagement Partner & Banking SME
Karen Geng   Financial Services Specialist



Each quarter, the bank’s Chief Risk Officer (CRO) is required to prepare an Enterprise Risk Management (ERM) report for review by the Risk Committee of the bank’s Board of Directors. Traditionally, this report has been well in excess of 100 pages, primarily text based with very few visuals, and extremely difficult to read and absorb. While the Board receives the report in advance, at their quarterly meeting they only spend about 30 minutes reviewing and discussing it. The CRO retained PwC’s Design team to redesign this reporting system so that it provided more useful insights to the Board.

Design Issues

Current Board Reports were not meeting the future needs of the Board to help them make the best governance decisions effectively and efficiently. In many cases, Board Reports were too detailed for Board members. They took considerable time and effort to read due to excessive text and lack of insightful visualizations.

Each section of the existing report was written by a separate risk department, and much of the content consisted of a “show and tell” of all the work each department had performed that particular quarter. Most of the preparation time was used to write free-form content explaining the context of each Key Performance Indicator (KPI). This content was rewritten repeatedly, slowing down the generation of each report.

Design Process

The process involved the complete redesign of the bank’s Board Risk reports through the application of financial risk management, advanced reporting, and information design best practices. The report information architecture and user interface were designed using persona development, user experience co-creation workshops with report users and stakeholders, rapid prototyping, and iterative design.

User-Centred Design

Our design team employed a user-centred design methodology that effectively captured the needs of Board members and reduced delivery time compared to traditional report redesign projects.

By applying Information Design best practices, we produced informative reports that were easy to read and allowed Board members to make governance decisions more efficiently.

Design Factory

The core of our user-centred design process was the Design Factory — an intense, half-day design and rapid prototyping workshop in which we worked with the client to articulate business problems and co-create prototypes. Conceptual sketches created by report users and stakeholders were rapidly developed into high-fidelity renderings in real time, greatly reducing design time and adding value to reports.

Who Are We Designing For?

User interviews with Board members indicated that there were two major roles played by the members of the Board Risk Committee.

The Protector

The function of the Protector is to protect the bank from risk, and ensure that all regulatory requirements are met. We identified that Risk Committee members played the role of the Protector 80% of the time when viewing the bank’s risk.

The Prospector

The function of the Prospector is to ensure that the bank is taking sufficient risk to maintain the desired state of profitability. We identified that Risk Committee members will play the role of the Prospector only 20% of the time. However they will adopt this persona to a greater extent outside of the Risk Committee.

Risk Reporting Hierarchy

The Design team, working with PwC’s Financial Risk subject-matter experts, developed a hierarchy of risk reporting designed to apply across all levels of the bank, extending from the Board down to the individual lines of business. The Risk Appetite is set by the Board on an annual basis, and governs the level of risk deemed acceptable for that fiscal year. It may be adjusted if required by external circumstances, such as the 2008 Global Financial Crisis.

Scalable Information Architecture

By designing a robust and flexible information architecture, a complete reporting system can be scaled up from a single report redesign. Each level of the bank will use this common information architecture, varying only by level of detail and granularity depending on its specific reporting requirements.

Redesigned Report

Wholesale Credit Risk Section

The Wholesale Credit Risk Overview provides a top-level overview of all important information by country. Details can be obtained by drilling down into subsequent pages.

Further details can be found by “drilling down” into the Portfolio Credit Quality page. Each Line of Business is assigned a unique colour, and this colour is used for all visuals relating to this Line of Business throughout the report.

Operational Risk Section

The Operation Risk Highlights page provides a top-level overview of all important information at both the Enterprise and Line of Business level. Details can be obtained by drilling down into subsequent pages.

More granular details can be found on the Operational Loss Events page, which breaks down operational losses into the event types specified under the guidelines set out by the Basel Committee on Bank Supervision (BCBS). Narrative is used to provide context only. No quantitative information is repeated from the visuals.

Information Technology Risk Section

The Information & Cyber Security Risk page provides top-level overview of all Key Risk Indicators (KRIs) by security program, as well as a comparison between quarters and an indication of major trends. Details can be obtained by drilling down into subsequent pages. The Weighted Incident Hours & Significant Events page describes events throughout the bank which led to lost hours, as well as remediation efforts and areas for improvement.


The ERM Report was transformed to provide a clearer and more insightful story of risk.

Using Format