I am appalled at the selected narrow-mindedness in risk management thinking in this organization. I am of the view that the greatest challenge is therefore to change the mindsets of selected persons that definitely hampers the progress of Enterprise Risk Management in this organization.
What a pity this is.
Tuesday, March 31, 2009
Saturday, March 28, 2009
EIU report : Managing Risk in Perilous Times : Practical Steps to Accelerate Recovery
This report from EIU, published in March 2009, sponsored by ACE, KPMG, SAP and Towers Perrin provides a guide in what it takes in an organization to enable and empower risk managers to perform their roles.
The summary of ten practical lessons that could help in addressing the perceived weaknesses of risk management are :
The summary of ten practical lessons that could help in addressing the perceived weaknesses of risk management are :
- Risk management must be given greater authority
- Senior executives must lead risk management from the top
- Institutions need to review the level orisk expertise in their organization, particularly at the highest levels
- Institution should pay more attention to the data that populates risk models, and must combine this output with human judgment
- Stress testing and scenario planning can arm executives with an appropriate response to events
- Incentive systems mustbe constructed so that they reward long-term stability, not short-term profit
- Risk factors should be consolidated across all the institution's operations
- Institutions should ensure that they do not rely too heavily on data from external providers.
- A careful balance must be struck between the centralization and decentralization of risk
- Risk management systems should be adaptive rather than static
There you go. I seriously think that in the context of this organization that the priority ishould be no 1,2 3, 7 and 9.
I recommend reading this report in detail. Click at the link here.
Friday, March 27, 2009
Survey Reveals Financial Services Firms Focused on Enhancing Risk Management Practices in Advance of New Legislation
Navigant Consulting yesterday announced the results of a new survey conducted by the Economist Intelligence Unit (EIU). Nearly 200 financial services professionals were surveyed to evaluate the evolving role of risk management in financial services organizations. The survey indicates that financial institutions around the world are focused on the impact of risk on enterprise business value and profitability, rather than merely complying with arbitrary levels of risk exposure and performance.
The survey results suggest there is significant room to improve risk intelligence – making it more current, comprehensive and consistent – an observation that is especially important as more than 70 percent of respondents cite risk disclosure as a likely element of expected regulatory reform.
“It is evident that the financial crisis has led to a 'crisis of confidence',” said John Schneider, Managing Director and head of Navigant’s Capital Markets Regulatory Advisory team. “We’re seeing a call to action by regulators across the globe to create additional transparency and risk monitoring capabilities to reduce the likelihood of another similar financial crisis.”
According to the survey, most respondents stand by their risk-monitoring capabilities, but concede they are most confident about their ability to monitor mainstream risks (e.g., credit, accounting, liquidity risk), and least confident in the areas revealed as problematic by the recent credit crisis.
For example, 87 percent say they are “Excellently” or “Well Positioned” to identify and monitor credit risk, but fewer (67 percent) are equally confident of their capabilities on enterprise risk, and 47 percent describe themselves as “Weak” on new and emerging risks.
“Effective risk management hinges not only on an organization’s ability to capture data on risk, but the ability to interpret, escalate, and make decisions based on the information. The survey data shows that financial professionals recognize this need but struggle with implementing meaningful solutions to enhance risk management. We work alongside clients to design, enhance, and implement robust risk and compliance programs to shore up investor confidence,” said Sharon Siegel Voelzke, Navigant’s Vice President of Business Consulting Services.
The survey respondents comprise nearly 200 executives from a broad range of financial services firms around the globe. Of the executives surveyed, 37 percent are based in North America, and 33 percent in Europe; 30 percent are from firms with global assets of more than $250 billion, and 41 percent are senior corporate executives (including chief executive, financial and risk officers, as well as board members).
News link to this story, click here
Link to survey results, click here
The survey results suggest there is significant room to improve risk intelligence – making it more current, comprehensive and consistent – an observation that is especially important as more than 70 percent of respondents cite risk disclosure as a likely element of expected regulatory reform.
“It is evident that the financial crisis has led to a 'crisis of confidence',” said John Schneider, Managing Director and head of Navigant’s Capital Markets Regulatory Advisory team. “We’re seeing a call to action by regulators across the globe to create additional transparency and risk monitoring capabilities to reduce the likelihood of another similar financial crisis.”
According to the survey, most respondents stand by their risk-monitoring capabilities, but concede they are most confident about their ability to monitor mainstream risks (e.g., credit, accounting, liquidity risk), and least confident in the areas revealed as problematic by the recent credit crisis.
For example, 87 percent say they are “Excellently” or “Well Positioned” to identify and monitor credit risk, but fewer (67 percent) are equally confident of their capabilities on enterprise risk, and 47 percent describe themselves as “Weak” on new and emerging risks.
“Effective risk management hinges not only on an organization’s ability to capture data on risk, but the ability to interpret, escalate, and make decisions based on the information. The survey data shows that financial professionals recognize this need but struggle with implementing meaningful solutions to enhance risk management. We work alongside clients to design, enhance, and implement robust risk and compliance programs to shore up investor confidence,” said Sharon Siegel Voelzke, Navigant’s Vice President of Business Consulting Services.
The survey respondents comprise nearly 200 executives from a broad range of financial services firms around the globe. Of the executives surveyed, 37 percent are based in North America, and 33 percent in Europe; 30 percent are from firms with global assets of more than $250 billion, and 41 percent are senior corporate executives (including chief executive, financial and risk officers, as well as board members).
News link to this story, click here
Link to survey results, click here
Thursday, March 26, 2009
Over reliance on risk management models
I have posted previously on the dangers of relying too much on the preciseness that risk management numbers purportedly gives you. We seem to be assured that by having risk models that we are getting somewhere in progressing risk management without thinking about the quality of information that comes from our risk models, the application of the results of such models in risk decision-making, the assumptions behind such models and more importantly, the risks that are not captured in risk models.
While I am a strong believer in number crunching by way of statistical analysis, spreadsheets and presenting these numbers in a meaningful manner to facilitate decision-making as well as providing an indication of how much risks we are taking, we should not be lulled into being too "confident" with numbers that we think we have all our risks in our radar.
I propagate the following as a guide for all levels of management in this organization, with particular emphasis to risk managers whom I believe play an important role in communicating this message:
While I am a strong believer in number crunching by way of statistical analysis, spreadsheets and presenting these numbers in a meaningful manner to facilitate decision-making as well as providing an indication of how much risks we are taking, we should not be lulled into being too "confident" with numbers that we think we have all our risks in our radar.
I propagate the following as a guide for all levels of management in this organization, with particular emphasis to risk managers whom I believe play an important role in communicating this message:
- Risk models supported with established methodology should not replace sound business judgment. In the context of this organization, sound business judgment comes from business lines and it is our role as risk managers to understand the business, its decision-making process, and the risks that businesses take in that process.
- Numbers can never capture market preception of the company, loss of confidence, reputational risks and in this crisis, I would question whether even liquidity risk can be captured accurately in risk models. In our context, our risk analysis assumes that the risks can be hedged or positions can be liquidated assuming there is liquidity. Therefore risk managers need to communicate to management what risks are represented in risk models and what risks are not.
- In relation to no 2, for those risks represented in risk models, we must communicate that these risk models attempts to model the reality of risk out there using assumptions that more often than not does not represent the reality of risk out there. Questioning assumptions, I believe, first will make us understand better what these risk models represent and forces us to think what other risks lurks out there that we have not captured. In the recent article in FT "Maths and Mayhem", Lord Turner, chairman of the Financial Services Authority, blamed "misplaced reliance on sophisticated maths" for lulling banks' top managers into a false sense of security about the risks they were taking. This article asserts that contrary to Lord Turner's assertion, the banks' sums were not sophisticated enough. They over-simplified, and assumed away the limitations and caveats of their models. They did this to convey an illusion of accuracy and precision, and so convince the market that they had everything under control.
- Making decisions in accepting risks based on the results of these risk models and not considering tail-risk may lead to accepting risks that can be beyond what an organization could sustain in a worst case scenario (and when all assumptions in risk models break down). According to a Wall Street Journal article, AIG said in a 2006 SEC filing that its credit default swaps had never experienced high enough defaults to consider the
likelihood of making a payout on its credit-default-swap protection products more than “remote, even in severe recessionary market scenarios” (Refer to “Behind AIG’s Fall, Risk Models Failed to Pass Real-World Test,” Wall Street Journal, WSJ.com, October 31, 2008 - Worst case scenarios have to complement the results of risk models and we should question the company's ability to weather these worst case scenarios and assess its impact on P&L and capital.
I hope this and references to previous postings would serve as a guide to
- senior management in understanding and questioning the analysis that are presented to them and the models used to support such analysis.
- risk managers in communicating to management on the level of risks that an organization has and in facilitating discussion about risks in business decision-making.
Monday, March 02, 2009
We should be asking ourselves these questions
From S&P ERM Review Discussion Questions :
a. What are the company's top risks, how big are they, and how often are they likely to
occur? How often is the list of top risks updated? Do we know what are the company top risks?
b. What is management doing about top risks? At the enterprise wide level? Business level? Entity specific?
c. What size quarterly operating or cash loss has management and the board agreed is
tolerable? Do we have an approach determining the risk appetite taking into consideration all risks faced by the organization?
d. Describe the staff responsible for risk management programs and their place in the
organization chart. How do you measure success of risk management activities? Is risk management a success by having a framework but lacks implementation?
e. How would a loss from a key risk impact incentive compensation of top management
and on planning/budgeting?
f. Tell us about discussions about risk management that have taken place at the board
level or among top management when making strategic decisions. How do we frame risks in these strategic decisions?
g. Give an example of how your company responded to a recent “surprise” in your
industry and describe whether the surprise affected your company and others
differently. How did we respond to the Financial Crisis and what came out of that?
.
a. What are the company's top risks, how big are they, and how often are they likely to
occur? How often is the list of top risks updated? Do we know what are the company top risks?
b. What is management doing about top risks? At the enterprise wide level? Business level? Entity specific?
c. What size quarterly operating or cash loss has management and the board agreed is
tolerable? Do we have an approach determining the risk appetite taking into consideration all risks faced by the organization?
d. Describe the staff responsible for risk management programs and their place in the
organization chart. How do you measure success of risk management activities? Is risk management a success by having a framework but lacks implementation?
e. How would a loss from a key risk impact incentive compensation of top management
and on planning/budgeting?
f. Tell us about discussions about risk management that have taken place at the board
level or among top management when making strategic decisions. How do we frame risks in these strategic decisions?
g. Give an example of how your company responded to a recent “surprise” in your
industry and describe whether the surprise affected your company and others
differently. How did we respond to the Financial Crisis and what came out of that?
.
Subscribe to:
Posts (Atom)