Enterprise Compliance Today

Are You a Risk-Averse Risk Manager? (2 of 4)

Posted by Greg Carroll on Fri, Sep 13, 2013 @ 05:01 AM

What worked well 20 years ago in ERM is no longer good enough to keep you on top. (Second in a series of 4 articles)

 

risk manager

We find most ERM vendors promoting out-of-date software techniques from the 1990s, supported by that subject matter expert, the IT consultant. Risk managers must lift their game or risk seeing ERM consigned to the trash heap of management fads.

Join me Thurs 19-Sept for the third of three short talks on effective ERM approaches that are backed by real-world examples. More »

Enterprise risk management is probably a company's best tool for innovation, agility and growth. But few people know that, unless they are directly involved in risk management and compliance.

Managing vs avoiding risk

This is because risk managers too often are risk avoiders. Managing and avoiding are not the same thing, and there's a propensity for risk-adverse people to rise to management positions in risk management. And just as an over-protective parent can inhibit a child’s potential, risk managers with a low appetite for risk are failing the whole field of risk management. (It has become so bad that I was asked recently how risk management could be proactive, as if there were an incongruity in the statement!)

Weak ERM actually constricts organisations

Because of this timidity, we find most ERM vendors promoting out-of-date software techniques from the 1990s, supported by that subject matter expert, the IT consultant. Line risk managers are being provided with the appearance of doing something, which is unfortunately constricting their organisations and therefore dooming their own futures to career obscurity. 

So risk managers must lift their game or risk seeing ERM consigned to the trash heap of management fads.

Welcome to the 21st century

So let’s examine what 21st century enterprise risk management should look like. We start with three key findings in the insightful 2013 research report “Operational Risk Modelling Frameworks” from actuarial and consulting firm Milliman:

  1. Operational risk is one of the major causes of organisational failure and destruction of shareholder value
  2. Basic indicators and standard formula are ultimately a very blunt model
  3. Structural or causal-based models are the leading emerging best practice in the field

The first point is a given, but the second echoes the sentiments of the 15th annual OpRisk Europe conference held in London this year, that the risk management landscape has vastly changed over the last 10 years, and Op Risk models need to keep pace.  Although Milliman politely refers to those 1990s techniques promoted by our competitors as a "very blunt" model, in 2013 it is the equivalent of using a 1990s mobile phone. As stated at OpRisk Europe, hanging onto the old models creates a false sense of security among senior management and increases the risk of not managing risk.

Structural or causal-based modelling

So what is that third point all about, the “structural or causal-based modelling” in quantifying risk? It’s basically linking operational outcomes to causal drivers that account for their complex interrelationships. This is much along the lines of Fast Track’s neural data model architecture, which allows information to flow in both directions, enabling the “robust determination of operational risk limits” that also is required in Milliman’s strategy.

The extensive Milliman report (100 pages) also covers a number of other recommendations including loss data collection, with which Fast Track can assist. But the primary take-away of both the conference and the report is the need for risk managers to move from what they were taught years ago at university to the 21st century application of risk management techniques.

Resources

business risk manager

Additional Resources

reduce compliance costs  reduce non-compliance  reduce compliance costs
10 Essentials Decision Guide
Helps you compare software suppliers.
Product Demo
See recorded demo or request a live one.
Product Guide
Technical specifications, pricing, and more.

Tags: Best practices, risk management, risk culture