John Kelly 270004J7VQ firstname.lastname@example.org | | Tags:  grc enterprise operational risk | 0 Comments | 2,910 Visits
This week I had the pleasure (aside from the Sunday morning flight) of attending the RMA Annual Risk Management Conference in Washington, DC. Based on the standing room only crowd (even in the second repeat session), I’d have to say one of the most popular topics was “Developing a Risk Appetite” delivered by Bill Perotti of Frost Bank and Bob Rose of Brookline Bank. The duo defined Risk Appetite as “the amount of risk you will take in pursuit of a desired financial return”, which makes sense, but an effective risk appetite exercise, the presenters emphasized, really needs to be taken to the next level to reflect risk tolerance in all key areas of enterprise risk management (operational risk, credit risk, reputation risk, compliance risk, liquidity risk, sustainability, etc.).
Several examples were provided for how to develop a risk appetite statement for each of these key areas. One example included Operational risk and provided an example of how to create a risk appetite statement:
Operational Risk Appetite example:
We are committed to implementing practices and controls that will minimize financial losses from failures of systems, people and processes.
Quantitative measure examples:
Most importantly, risk appetite statements should reflect your company’s mission statement and values. Benefits outlined in the session included:
Of course the direction and communication on risk appetite needs to start at the top with the board of directors and CEO and be communicated and demonstrated throughout the organization. Looking forward to more informative sessions.
Erwin Boeren 270002C43V ERWIN.BOEREN@NL.IBM.COM | | Tags:  analytics grc busness management openpages ibm erwin boeren performance risk | 0 Comments | 1,773 Visits
Last year IBM acquired OpenPages as a strategic move into the area of Governance, Risk and Compliance. The lasest announcement to acquire Algorithmics (quantitative risk management) shows the continuous commitment of IBM in the GRC market. GRC software will integrate into the Business Analytics Software group, the area where the former acquisitions like Cognos, SPSS and Clarity systems already resides.
Now that Risk Management is evolving, more and more organizations are starting an enterprise approach to risk management. And this is where I see the need for Risk and Performance Management convergence.
In past Risk Management implementations I see that a major portion of time and budget was spent on Risk Reporting and Dashboarding. Especially the need for self service reporting, where users can ad hoc create their own risk reports, is growing. We do not want to wait in the queue waiting for our report to be created. 2 days later you missed the opportunity to respond and the loss is there.
With this self service capability the question automatically pops up 'can I trust my data'. And now we are back in the area of data governance. This is exactly where the area of Performance Management is today.
Apart from these reporting and dashboarding capabilities Enterprise Risk Management means alignment of risks and controls to the strategic initiatives of the organization. What will prevent me from reaching my business goals? Isn't this defined as a risk? And how will we prevent this from happening? Wasn't that defined as a control?
Even more interesting are questions like, 'What if I was able to perform risk scenario planning?', 'What if I could predict risks from happening?' or 'What is the correlation between the risks that have materialized?'.
And there is the proof that Risk Management and Performance Management have lots in common and should be integrated. Lets call it Business Analytics.
Governance, Risk & Compliance Leader
IBM IOT Southwest Europe