enterprise risk management - fis...
TRANSCRIPT
Enterprise Risk ManagementEffective Risk Monitoring and Reporting
May 2017
Eric Holmquist
Managing Director, Enterprise Risk Management National Practice
FIS™ RISC Solutions
What are We Going to Discuss?
2
CHALLENGES1
RISK MONITORING 2
KRI DESIGN3
RISK REPORTING4
REPORT DESIGN CONSIDERATIONS5
FINAL THOUGHTS6
QUESTIONS AND ANSWERS7
Common Challenges
3
So many moving parts
Risk often defy quantification
Hard to establish what “matters”
Presenting information
Availability of good data (quality & quantity)
Assessed globally but managed locally
Danger of “artificial precision”
Getting the right people on board
4
5
Risk Monitoring
and Measuring
6
“KRI’s are the most
important tool in the
Risk Manager’s bag
because…"
7
Key Risk Indicators (KRIs)
8
Key Risk Indicators (KRIs) continued…
What KRIs Are Not
9
A CRYSTAL BALL DESIGNED TO PREDICT THE FUTURE
1AN INDICATION OF THE PRESENCE OF A RISK
2A FORM OF AUTOPILOT
3INHERENTLY FORWARD LOOKING
5ONE SIZE FITS ALL
4
What KRIs “Are”
10
PROCESS EQUIVALENT OF A SMOKE DETECTOR
1A MEANS OF TRACKING THE “SUBTLE”
2AN INDICATION THAT SOMETHING “MAY” NOT BE RIGHT
3CRITICAL TO EFFECTIVE RISK MANAGEMENT
5USEFUL ONLY WHEN INTERPRETED
4
Ten Effective KRI Attributes
11
Should be agreed upon
Are measurable
Correlated to a tangible risk
Documented exceedingly well
Give insight into the subtle
Clearly defined tolerance levels
Points of accountability
Integrated with assessments
Focused
Dynamic
How to define KRIs
12
• Build into documenting processes
• Clearly define green, yellow and red (risk limits)
• Never expect the KRI to interpret risk
• Goal is a leading indicator, not root cause
• Don’t start enterprise-wide
• Build validation into audit program
• Incorporate selectively into dashboards
• One good one is better than 1,000 ignored
• USE COMMON SENSE!!!
13
Risk Reporting
14
Twelve Design Considerations
15
1. Set expectations early and often
Twelve Design Considerations
16
1. Set expectations early and often
2. Results must be culturally acceptable
Twelve Design Considerations
17
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
Twelve Design Considerations
18
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
4. Data should inform not confuse
Twelve Design Considerations
19
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
4. Data should inform not confuse
5. Know your audience
Twelve Design Considerations
20
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
4. Data should inform not confuse
5. Know your audience
6. Accuracy goes straight to credibility
Twelve Design Considerations
21
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
4. Data should inform not confuse
5. Know your audience
6. Accuracy goes straight to credibility
7. Don’t assume a certain response
Twelve Design Considerations
22
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
4. Data should inform not confuse
5. Know your audience
6. Accuracy goes straight to credibility
7. Don’t assume a certain response
8. Focus on what’s important
Twelve Design Considerations
23
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
4. Data should inform not confuse
5. Know your audience
6. Accuracy goes straight to credibility
7. Don’t assume a certain response
8. Focus on what’s important
9. Simple or complex, neither are good or bad
Twelve Design Considerations
24
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
4. Data should inform not confuse
5. Know your audience
6. Accuracy goes straight to credibility
7. Don’t assume a certain response
8. Focus on what’s important
9. Simple or complex, neither are good or bad
10. Find ways to translate data into risk
Twelve Design Considerations
25
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
4. Data should inform not confuse
5. Know your audience
6. Accuracy goes straight to credibility
7. Don’t assume a certain response
8. Focus on what’s important
9. Simple or complex, neither are good or bad
10. Find ways to translate data into risk
11. All data has context
Twelve Design Considerations
26
1. Set expectations early and often
2. Results must be culturally acceptable
3. Reports should create dialog
4. Data should inform not confuse
5. Know your audience
6. Accuracy goes straight to credibility
7. Don’t assume a certain response
8. Focus on what’s important
9. Simple or complex, neither are good or bad
10. Find ways to translate data into risk
11. All data has context
12. The 3 most important things to communicate:1. What is our risk level?
2. Why do we believe that?
3. Where are we headed?
27
Risk Reporting
Inherent RiskMitigating
ControlsResidual Risk Direction of the Risk
Credit High Satisfactory Moderate Stable
Interest Rate High Satisfactory Low Stable
Liquidity High Satisfactory Low Stable
Operational High Satisfactory Moderate Stable
Compliance High Satisfactory Moderate Stable
Financial High Satisfactory ModerateStable
IT High Satisfactory Moderate Stable
Strategic High Satisfactory Moderate Increasing
Mortgage (Georgia) High Satisfactory Moderate Stable
Risk Summary High Satisfactory Moderate Stable
Risk Reporting Final Thoughts
28
Something is
better than
nothing01
03
02
04
Differentiate
between smoke
and rubble
Something +1
isn’t always
better
Numbers tell a
story, pictures
leave an
impression
05Crunched
numbers are
still just
numbers06
In the end,
creativity
wins
Eric [email protected]
215.208.8775