Home
Consulting Services
Vectors
Research & Reports
Vectors Client Support
DEMOS
Announcements
About us

 

 

Consulting Corner

Risk Management Challenged

by Mickey Storms

Recent legislation and the increased scrutiny resulting from the spate of accounting scandals over the last few years have created significant challenges for management responsible for risk and control at financial institutions. A management title or a board of directors designation now carries with it unambiguous responsibilities for results, risk and reporting of performance "on the spot" where the rubber meets the road.

Diffuse, vertical organizations, loosely connected by myriad layers of communication, assumptions, risk and valuation processes now pose significant problems in a paradigm that requires managers on the 50th floor to have the best information about events, individuals and departments located on the 1st. In many cases, existing data and risk reporting schema must be reshaped to provide the consistent and accurate types of information required to execute the enhanced oversight responsibilities.

The process of evaluating the effectiveness of various risk, valuation and analytics should begin with a review of current practices to understand present risk management methods and to mitigate the chances that existing risks lead to adverse results. Risk policies can then be remade to ensure best practices are incorporated therein. A system whereby current practices are continuously replaced by best practices can then be laid out and executed. Failing to establish a recurring process that identifies best practices, updates policies, and morphs them into current procedures ensures a widening, increasingly detrimental gap between current information and that which is required to execute oversight effectively.

With respect to risk management policies, best practices should consider each material risk the company faces. Metrics for measuring each risk should be determined and included in policies along with the definition of what constitutes a risk event. Defining a one-standard deviation risk event allows an objective probability to be assigned to each risk event and an expected value to be assigned to shocks. The extent to which defined risks exist in each of the company's businesses and the financial consequences of risk events in terms of earnings, valuation or other key performance measures can then be assessed by the risk management group. Such a group may also be responsible for ensuring the consistency of analytics and assumptions across the firm to ensure the quality of reporting.