Risk Data to Risk Intelligence

The Risk and Insurance Management Society (RIMS) defines enterprise risk management (ERM) as “a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.”

Still, many risk managers agree the cost and unpredictability in results associated with ERM have, thus far, been a “tough sell” in getting the support from the Board of Directors of their respective enterprises. Quantifying results, whether in “dollars and cents” or strategic market value, has thwarted risk manager efforts in implementing ERM programs.

“How do you quantify the cost of taking action to eliminate a potential risk exposure if that exposure had never occurred – either as a result of actions taken or by pure chance,” asks Mohamed Ismail, principle risk advisor for the Toronto Transit Commission (TTC).

That question, Ismail expects, will make new technologies in data mining – and specifically analytic risk modelling tools – a significant means of measuring risk reduction as part of ERM.

In fact, using risk intelligence to drive performance metrics and business critical processes through new data mining and risk modelling tools will ultimately separate the “haves” and “have-nots” in an increasingly competitive global marketplace, says Gaurav Kapoor, chief operating officer of risk technology provider, MetricStream – a provider of enterprise and cloud application for governance, risk management and compliance – as quoted in GARP, a publication of the Global Association of Risk Professionals, based in the United States.

Kapoor is reported as saying harnessing enterprise risk intelligence has been the topic at board levels for several years past – the problem being how to gather data, determine what is relevant in terms of risk and then how to leverage this information as intelligence. Another challenge for enterprises has been how to store the growing mass of operational data as companies adapt to a changing global marketplace.

BIG DATA

In the article, Kapoor notes that new data and analytics technology solutions for what is commonly referred to as “big data”, will change the risk management landscape of the future.

“There is no doubt that the current volume, variety and velocity of big data is unprecedented. Big data remains one of the most elusive, but also one of the most promising avenues for risk management, organizational growth and competitive differentiation in the year ahead,” he added.

The term “big data” is used to describe the handling of massive volumes of structured and unstructured data that is impossible to process using traditional database and software tools. As a result, big data analytics (BDA) – comprising of specialized technology tools and processes that adopt a holistic approach to the handling of information across an enterprise or the chain of an industry/sector – is gathering significant attention in the U.S. and Europe (see chart above).

Christina Kite, a big data expert formerly employed at the Federal Reserve Bank of New York and now corporate senior vice president at Susquehanna Bancshares Inc., points out that the biggest problem with past ERM programs is that enterprises mostly adopted a “silo approach,” where each unit of the organization has been responsible for its risk exposure and data handling. This approach, Kite notes, leaves many cracks within the enterprise where valuable data in terms of risk intelligence is lost or not communicated to a strategic level.

ERM AND BDA

Much of the cost issue associated with BDA relates to how companies can adapt new technology to their legacy-based technology platforms. However, Kite observes: “Organizations are beginning to differentiate themselves in using information and technology [like BDA] to create value across the enterprise – the role of the risk manager is becoming multi-purpose as a result.”

Kite says she expects that the real momentum driving organizations to adopt ERM and BDA-type technology on an enterprise-wide basis will come from increased regulation and disclosure requirements. “The important value for risk managers is to drive this vision.”

Indeed, the “burst housing bubble” in the U.S., followed by the collapse of global financial markets in late 2008, changed the perception of regulators – at national, international and regional levels – resulting in a slew of new reporting requirements specifically related to an enterprise’s overall risk exposure and not just financial.

This regulatory onslaught, as noted in a MetricStream-commissioned global survey report released earlier this year involving more than 100 financial institutions, saw a significant jump in the number of companies adopting ERM programs as a result of regulatory compliance, post-2008.

“There have been tremendous losses in shareholder value over the last decade. Many of those losses occurred due to failures in recognizing and managing risk. Today, ERM is a critical [chief executive officer] and board initiative, as regulatory authorities, government and regulatory agencies, insurers and credit rating agencies view a company’s ERM practice as a leading indicator of management’s ability to execute its business objectives,” says Susan Palm, vice president of industry solutions at MetricStream.

KEY CHALLENGES

However, Palm reports that realization is starting to take hold at the board level with regard to risks interconnected across multiple divisions within an organization. “There are some organizations that are way ahead of the curve, and others who are just starting to think about this,” she points out.

“In my point of view, there are three key challenges here, all are related, but all critical to harnessing risk information and making it actionable. The first challenge lies in being able to quickly and accurately collect the data. The second challenge lies in validating the quality of the data, and then analyzing it to extract meaningful insights. The third challenge lies in actually getting those meaningful insights to the right people, at the right time, in the right format so that the information is able to support decision-making,” Palm concludes.

Notably, the MetricStream financial institutional survey report indicates approximately 29% of polled global entities now have an ERM framework in place, while a further 64% are in the process of building an ERM framework.

Less encouraging is that more than half of companies surveyed have adopted a “silo approach” to their ERM programs.

Betty Clarke, manager of corporate risk and recovery for the City of St. John’s, and a former chair of the RIMS Canada Council, expects that risk management-related software is becoming more cost-effective. One problem with emerging technology like BDA is the cost associated with something that is yet to be proven.

However, Clarke says she does believe that new technology application in ERM will enhance the effectiveness of programs and assist risk managers in quantifying at board level the advantages of ERM, “something that we [risk managers] have been saying all along.”

TOO SOON?

However, not every risk manager is a stout supporter of technology application such as BDA. Rob Quail, former director of risk management at Hydro One, and now vice president of customer care, sees BDA as o
verkill in terms of cost in implementing and training personnel to effectively utilizing the end benefit.

Hydro One focuses on “asset risk analytics,” basically risk modelling seeking a specific purpose. “It worries me when people start talking about quantifying risk based on past data, as we all know risk events seldom occur in an ordered pattern identified by broad data analysis,” Quail notes. The most effective approach to ERM, he argues, is introducing discipline across the business processes.

Craig Rowe, chief executive officer and founder of the Canadian-based risk technology vendor, ClearRisk Inc., says his company is sometimes approached with queries about BDA solutions, but at the moment, costs associated are inhibitive. As such, ClearRisk is currently not involved with BDA because of limited demand. “There is a big [capital] gulf between the very large organizations and the mainstream. In the longer term, when there are more successful cases where value has been achieved through BDA, and when we see a reduction in the cost, then I think there will be more interest from mainstream companies,” Rowe says.

EDUCATION AND TRAINING

Perhaps the greatest challenge for enterprises and risk managers in adopting new technology is to keep up with the training and hiring of staff to ensure that the effectiveness of risk intelligence, suggests Emily Cummins, former chair of RIMS’ technology advisory council and director of tax and risk management at the National Rifle Association in the U.S.

“Technology innovation is both the greatest advantage and the worst exposure. Tech leaps far ahead of training as people race to adopt a new tech. Insider threats, including unintentional errors, continue to be a top source of costly data breaches,” Cummins comments.

Palm concurs, further suggesting that “ERM is as much about people as it is about business processes and the information systems that are needed.”

Developing the right risk management talent remains a critical challenge for every organization, she emphasizes.