Real Time Enterprise Risk Management
Finding the right solution is about having the right tools for the job. In a complex and rapidly changing world, managing the risk and performance of an organisation is a vital priority for businesses that demand the most effective set of tools for the task. These tools can vary greatly. An organisation is reliant on the skills of its managers of risk to determine what the correct set of tools would be to achieve true success. Sometimes these decisions are made not for the greatest good for the organisation but for the selling techniques of the pushiest most convincing salesman. Unfortunately, the final decision-maker is bowled over by extravagant promises that turn false in the actual implementation stages or he/she lacks a full grasp of the needs of an enterprise-wide risk management solution.
The biggest problem faced by those managers today is how to accurately identify, measure, manage and control operational risk throughout the group, without having to buy ten different systems to do it.
“Keeping Your Eye on the Ball”
Real Time Enterprise Risk Management (RTERM) has emerged as a new computing paradigm. In the RTERM environment information is monitored, potential risk exposures are detected, and through the use of Key Risk Indicators (KRI) and Exposure Alerts (EA) critical information is rapidly sent throughout the organisation along with suggested recommended action for correction or aversion of the risk exposure. Business Intelligence Risk Detection (BIRD) rules should be set to “listen” for potential risk-exposure loss-producing events and evaluated according to specified threshold or tolerance level criteria. It is also important that responsible managers are immediately notified. This proactive approach using real time SMS or email information delivery and response ensures vastly increased management awareness and the rapid handling of situations.
Event Recording
Management can be kept appraised of risk exposures within an organisation and what’s been done about them by introducing “one version of the truth” with the RTERM methodology. This records, manually and electronically, every event or incident in an organisation that deviates from the way it should have been, however small and insignificant the deviation may seem. It also measures trends and does analysis against risk indicator rules within the (BIRD) rules base.
Operational Risk Loss Events
While losses are usually well documented in the case of credit and market risk, loss data for operational risk is still sparse, because, until recently, operational risk losses have not been documented in a standardised way by most banks and many other organisations all over the world.
Even when documentation of events has occurred, it has tended to be segregated, unintegrated and unshared.
Thus, there is no significant history – both in terms of quality and quantity of operational risk loss and potential loss events. As a result the quantitative value of integrated event data for proactive trend analysis and future risk prediction is entirely lost. Even if one were to begin collecting data for later use, there are still several problems to be solved. Some of these are inherent in the collection process; others are inherent in the data itself.
However, what is most important is that those events are collected in a detailed and intelligent manner, that the data is stored centrally and consistently analysed in association and comparison with all other business and risk information datasets.
Companies using the RTERM and BIRD methodologies are set to become world leaders in the identification, measurement, control and management of operational risk.
The Risk Culture – The Challenge
The biggest challenge in large organisations, with regards to implementation of an operational risk policy and required framework, is getting rid of the effect of a “risk culture”, which for years has favoured hiding errors or misdemeanours instead of getting them reported. There is also a lack of the understanding of the impact that operational risk can have on an organisation. Operational risks, left unmanaged or poorly managed, with little attention and importance given to operational risks by management at all levels, can eventually result in the total demise of that organisation. One only needs to look at the highly publicised recent corporate governance catastrophes to know this to be true. Operational risk losses are usually not public, and as they, historically, have been difficult to monitor automatically or even recognise, they have been collected sparsely at best. Only when the impact to the organisation has been at its worst does it finally get noticed. In any investigation completed with regards to a large loss impacting on the company one always finds that there were telltale early warning signs, but nobody bothered to take notice of these indicators.
Repetitive failures to follow procedure, or the ongoing negligence that may have been reported but was ignored, often causing damage from both a financial and reputational point of view. This also occurs where there has been ongoing disregard of policy or of system weakness, which was just not addressed and handled, finally lead to a major loss. Technology tools, such as RTERM and BIRD, are changing this condition and it is imperative that managers of risk must fully understand the capability of such tools. RTERM methodology is the level of sophistication required for any organisation that intends taking the management of risk and the issues of corporate governance seriously.
The Solution
The implementation of a RTERM solution with BIRD and alerts is the solution to operational risk management.
RTERM and BIRD methodology built into an operational risk system creates a proactive one that automatically identifies, measures and controls risk, through information captured into the system and key indicators sent by the system itself to pre-selected risk owners.
Action can then be originated and accurately monitored and followed up through centralised dashboard report monitoring on the desktop of the organisation’s directors and managers. This solution implemented into any organisation will ensure early warning of potential risk exposure through real-time information delivered into the hands of responsible individuals. A proactive “detect and respond” business environment is created, which truly defines the ideal solution for identification, measurement and containment and management of risk. As a result, the creation of increased efficiency, profitability and overall company viability will occur, which leads to increased shareholder confidence.
Correctly implemented, this type of operational risk management solution would span the entire enterprise. It would correlate the right information, to the right individual, at the right time. It should be an information solution that cross-checks multiple sources of core business and transactional data, as well as risk information data sources. This will enable it to identify inconsistencies and suspect patterns of potential risk exposure behaviour from each of these data sources in order to produce a real time window with “one version of the truth” regarding what’s “really” happening in the organisation now.
In the management of operational risk, success is brought about by understanding the environment one is ultimately managing. This environment is “enterprise wide” and the risk is therefore anything that potentially affects the ability of an enterprise to meet its objectives, (business wise, operationally, financially). It includes everything from major corporate calamities to the uncertainty relating to not meeting expectations regarding those objectives as a result of the failure of internal people, processes, systems or from external events.
What Are the Benefits of Such a System?
Implemented efficiently, such a system would significantly reduce the manual intervention of incident and overall risk management, by ensuring that the balls don’t get dropped. As a result, this automated managed environment would in turn reduce the margin for error and markedly increase speed and efficiency, when managing risks or dealing with loss events that have occurred and need involvement from numerous areas within an organisation.
The risk exposure is often compounded due to the size and complexity of most corporate organisations. This then creates an inability to act quickly and efficiently from an informed platform. A centralised risk database goes a long way to addressing the difficulties faced by such an organisation. Management of all incidents and identified risks would be contained in one environment, providing one electronic case management file for all individuals involved in the enterprise-wide, risk-management workflow process. In this way, risk management can ensure that no vital information about cases of incidents/risks is lost in the paper shuffle. A centralised risk data environment allows risk analysts access to the required risk data for necessary modelling of operational risk.
Centralised information would, furthermore, improve the reporting capabilities of an organisation, because improved reporting leads: to better remedial action, awareness and management; to loss reduction; as well as to enhanced organisational efficiency, profitability, performance and sustainability.
Having truly understood the enormity of the return on investment of such a concept, can any corporate organisation that is serious about ethics, good governance and the safeguarding of the company and the shareholders’ investment afford not to investigate and implement RTERM for their organisation?
The Guideline ¨RUBI Real Time Enterprise Risk Management system provides just such a solution.
Modules used by leading financial and commercial organisations throughout Southern Africa have assisted these organisations significantly in their ability to identify, measure, control and manage operational risk.
NICKY DOWNING
GUIDELINE SOFTWARE & TECHNOLOGIES (PTY) LTD
Entry Filed under: Risk Management