The business benefits of modelling risk management data
In our next set of blogs we discuss how to model risk management data using operational risk software. In the first of the series, Tony and John outline why you should model data giving the business benefits, and talk about how modelling can be used.
Taken from: Mastering Risk Management
There are many business benefits to modelling risk management data as well as the obvious one of allocating the economic capital required to support each business line. This benefit is significant and allows senior management and the board to question whether or not underperforming areas of the firm should be resuscitated or sold off. In addition, allocation of capital to business lines also allows incentives to be given to heads of business lines who are performing well.
Further benefits are the challenge of controls in different risk areas of similar business lines and of similar risks and controls in different business lines. This also allows us to explore how good (or poor, as the case may be) our controls are in terms of preventing the risk from happening and of detecting and correcting it when it does happen. All of these are linked to our appetite for risks and our willingness to spend resources in mitigating them.
Analysing the capital requirements of a firm by its business line and event types provides many benefits. As well as the benefits of allocating capital to business lines there are also many challenges to different business lines’ controls. An analysis by type of control (preventative, detective and corrective) can also yield significant business benefit.
How can we use modelling?
Challenging preventative controls
Events only occur when preventative controls fail. Preventative controls are those controls that are intended to stop an event from happening. A count of the number of events will therefore give a good indication of the quality of a firm’s preventative controls. This assumes that all events are reported to a central capture area, commonly the risk management department. In order to ensure that all events are reported, many firms reconcile on a monthly basis the value of events that has been written off in the General Ledger to the value of events that has been reported to risk management.
Challenging corrective controls
Corrective controls are designed to mitigate and, where possible, reduce the impact of an event. Therefore the mean size of events is an indication of the quality of the corrective controls. This should take into account the appetite of each business line for the value of events in its business line. An aggressive, fast expanding business may have a higher appetite for events than a pedestrian, utility type business line. Having investigated the numbers of events, it will tell us about the quality of the corrective controls if we relate the numbers and the economic capital required to the mean of the losses of those events.
Challenging detective controls
Detective controls are designed to mitigate a risk’s impact through the immediate recognition that a risk has happened (and therefore corrective controls can be immediately brought to bear on the event).
The standard deviation of the impact of a set of events shows the amount of variability in the severity of those events. A large standard deviation will indicate that the detective controls are poor as the impact of a risk has a wide number of values, i.e. it has not been recognised that the risk has occurred and therefore the severity of the event has grown unchecked by any corrective controls. In contrast, a small standard deviation indicates that the corrective controls have contained the severity of the event to a relatively small range of values around the mean. An examination of the standard deviations will therefore shed light on the quality of the detective controls.
In our next blog on the topic of modelling risk management data Tony and John explore the requirements for using data sets.
Mastering Risk Management by Tony Blunden and John Thirlwell is published by FT International. Order your copy here: https://www.pearson.com/en-gb/subject-catalog/p/mastering-risk-management/P200000003761/9781292331317
For more information contact us today on email@example.com