Your SlideShare is downloading. ×
Life 2008 Spring Meeting                 June 16-18, 2008Session 42, Building and Maintaining Effective Risk              ...
Building & Maintaining EffectiveRisk Dashboards                                                   Session 42              ...
Risk Dashboards Tool providing consolidated and timely reporting of risk exposures across an enterprise –   All important ...
Keys To Success ABN Amro/LaSalle Bank –   Comprehensive risk assessment –   Integrated view of risk, reward and strategy –...
Comprehensive View of Risk                  Corporate        SBU     SBU   SBUCreditMarketInterest RateInsuranceOperationa...
Forward Looking   Credit                                 Insurance    –    Credit spread widening            –   Underwrit...
Executive Ownership Each measure must be owned by a senior manager  –   Ongoing monitoring  –   Remedial action Business u...
Risk DashboardsSociety of Actuaries SpringMeetingDate June 17th, 2008What is a Risk Dashboard?  As part of ERM, Decision M...
Audiences: Different Needs Risk has to be communicated to different groups:  – Board level:      • To allow them to satisf...
How a Dashboard Would Have Helped  A Dashboard should have consolidated the credit exposure for a single FI coming from:  ...
Dashboard: In line with Risk Concerns                                                Reputational Risk                    ...
Information on Risk                                                              Info: Assets are                         ...
Information on Risk                                                            Info: Employees                            ...
Information on Risk                                                                     Info: Impact of                   ...
Building and Maintaining Effective    Risk Dashboards    Implementation Issues    Karen DeToro    Deloitte Consulting LLP ...
Data IssuesData issues can be grouped into 3 general areas:                     Different data is required to be aggregate...
Integration into Decision MakingIn order to fully support decision making, the dashboard must be:  Actionable  – Data must...
Ford Motor Company: The Middle Road Done Wrong                        The situation: 1970’s Ford Pinto                    ...
Taking the Middle Road – Other LessonsLessons can be learned from the approaches hospitals have taken indealing with medic...
Lexington VA: The Middle Road Refined The situation: Hospitals use weekly Mortality & Morbidity (“M&M”) conferences and ot...
BibliographyEnd Notes      Mark Dowie. “Pinto Madness.” Mother Jones. Sept / Oct 1977.      Ibid.      Ibid.      Stephani...
Upcoming SlideShare
Loading in...5
×

Risk Dashboard

5,877

Published on

COMPONENTS OF A RISK DASHBOARD
COMPOSANTES D'UN TABLEAU DE BORD

Published in: Economy & Finance, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
5,877
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
90
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Risk Dashboard "

  1. 1. Life 2008 Spring Meeting June 16-18, 2008Session 42, Building and Maintaining Effective Risk Dashboards Moderator David T. (Todd) Henderson, FSA, MAAA, CERA Authors Karen J. DeToro, FSA,MAAA Michel Rochette, FSA
  2. 2. Building & Maintaining EffectiveRisk Dashboards Session 42 Society of Actuaries Spring Meeting Quebec City Tuesday, June 17, 2008 8:30am – 10:00amBuilding & Maintaining EffectiveRisk Dashboards Todd Henderson The Western & Southern Financial Group Michel Rochette AON Global Risk Consulting Karen DeToro Deloitte Consulting LLP 1
  3. 3. Risk Dashboards Tool providing consolidated and timely reporting of risk exposures across an enterprise – All important exposures, at a glance – Drilled down and sliced as necessary – Early warnings of emerging exposures – Allowing preemptive, remedial actionKeys To Success Algorithmics – Integrate market risk, credit risk and asset liability reports in a single dashboard – Easily created and configured new reports – Rich set of visualization elements – Interactive and responsive Source: www.ermsymposium.org/2007/pdf/handouts/CI/CI5_combo.pdf 2
  4. 4. Keys To Success ABN Amro/LaSalle Bank – Comprehensive risk assessment – Integrated view of risk, reward and strategy – Forward-looking, actionable, risk escalation tool – Executive sponsorship Source: www.ermsymposium.org/2007/pdf/handouts/CI/CI5_combo.pdfKeys To Success COGNOS – Data must be trustworthy – The business must be involved in shaping the requirements – Content first, then aesthetics – Technology and architecture Source: www.ermsymposium.org/2007/pdf/handouts/CI/CI5_combo.pdf 3
  5. 5. Comprehensive View of Risk Corporate SBU SBU SBUCreditMarketInterest RateInsuranceOperationalBusinessDrill Downs & Diagnostics Corporate SBU SBU SBU Value At Risk = $643 MillionCreditMarketInterest RateInsuranceOperationalBusiness 4
  6. 6. Forward Looking Credit Insurance – Credit spread widening – Underwriting errors – Watchlist increases – Pandemic Alerts Market Operational – Value at Risk – Capacity measures – Volatility Interest Rate – VolatilityActionable Corporate SBU SBU SBUCreditMarket Underwriting Limit Breaches = 7Interest RateInsuranceOperationalBusiness Chief Underwriter installs system edit prohibiting limit breaches 5
  7. 7. Executive Ownership Each measure must be owned by a senior manager – Ongoing monitoring – Remedial action Business units should be intricately involved in developing requirements – Special knowledge – Buy-inBuilding & Maintaining EffectiveRisk Dashboards Session 42 Society of Actuaries Spring Meeting Quebec City Tuesday, June 17, 2008 8:30am – 10:00am 6
  8. 8. Risk DashboardsSociety of Actuaries SpringMeetingDate June 17th, 2008What is a Risk Dashboard? As part of ERM, Decision Makers need an integrated view of risk across their enterprise. Provide an approach to see correlation/links within a risk category and between risks. Forces the organization to adopt a structured process to understand risk and opportunities: – Review outstanding risk issues – Prioritize management actions – Be forward looking in risk management. – Monitor compliance to existing risk policies 2 1
  9. 9. Audiences: Different Needs Risk has to be communicated to different groups: – Board level: • To allow them to satisfy their fiduciary duties, making sure that management is actually managing risk. • To assess the level of risk in light of the company’s risk appetite. • To provide with a consolidated view of major threats and opportunities that may affect the value of the company to the different stakeholders. – Management level: • To provide them with a consolidated view of their company’s risks, a horizontal view instead of a silo view. • To allow them to assess the cost/benefit of implementing controls to reduce risk to the company’s desired risk tolerance/appetite. – Business level: • To allow them to assess the effectiveness of “control” the risks under their jurisdiction. 3Case Study: Sub prime Sub prime credits were issued in the mortgage department of the retail bank. Treasury department securitized sub prime credits, created SPVs and sponsored CDOs and the like in line with the new strategic models of banks to issue and sell not hold to maturity as before. Asset management departments/pension plans of the same banks invested in CDOs. Retail banks/mutual funds, some owned by the same banks, created new short-term “guaranteed” investment vehicles for retail customers, investing in asset-back securities. Banks provided liquidity enhancements to SPVs. Pricing/Valuation models were not stressed tested. 4 2
  10. 10. How a Dashboard Would Have Helped A Dashboard should have consolidated the credit exposure for a single FI coming from: – Issuance of the subprime credit – Credit exposure of the SPV. Fis had to consolidate credit exposure back on their balance sheet after August 08 due to Reputational considerations. Ex. Banque Nationale/Desjardins in Quebec, c Citigroup in the US. – Investment by the asset management arm/pension plan. A Dashboard should have identified the inherent risks of the securitization business: – Operational risk exposure of models used should have been identified. – Liquidity reports of the FI should have taken into consideration the liquidity guarantees offered by banks to SPV. – Market risk reports should have taken into consideration the market risk of position held by the asset management arm/pension plan of Fis. – Potential liabilities/regulatory/compliance issues should have been identified. 5Applications of a Dashboard Presents risk information consistently across the enterprise. Consolidate risks across the enterprise including outsourced operations. Allow enterprise to compare/analyze impact of external/emerging events on firm. Allow firm to monitor adherence to risk appetite using appropriate risk metrics: VAR, EAR, CashFlow at Risk. Allow firm to publish consistent information to both internal and external audiences. 6 3
  11. 11. Dashboard: In line with Risk Concerns Reputational Risk (52) Regulatory Risk (40) Human Capital Risk (40) IT RISK (35) Financial, Market, Credit and Insurance Risk (30) Crime, security, political, natural hazard, FX, Terrorism, Country Risk (20) Source: Economist Intelligence Unit, 2005 Max Scale: 100 7Information on Risk Info: Vulnerability to critical processes Measures: Reputational Risk (52) Physical security Regulatory Risk breaches (40) Loss events Human Capital Risk (40) Fraud incidents IT RISK (35) Environmental risk Financial, Market, Credit, FX and Insurance Risk (30) Operational Risk: Crime, security, political, natural hazard, Terrorism, Country Risk (20) Source: Economist Intelligence Unit, 2005 Max Scale: 100 8 4
  12. 12. Information on Risk Info: Assets are impaired/capital at risk Measures: Reputational Risk (52) Default rates Regulatory Risk (40) Liquidity measures Human Capital Risk Price risk (40) ALM risk IT RISK (35) Financial, Market, Credit, FX and Insurance Risk (30) Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk (20) Source: Economist Intelligence Unit, 2005 Max Scale: 100 9Information on Risk Info: Malfunction in systems which impede business Reputational Risk (52) Measures: Regulatory Risk System Downtime (40) Information security Human Capital Risk (40) breaches IT RISK Business continuity (35) readiness Financial, Market, Credit, FX and Insurance Risk (30) Disaster recovery Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk (20) Source: Economist Intelligence Unit, 2005 Max Scale: 100 10 5
  13. 13. Information on Risk Info: Employees unavailable/unwilling to perform functions. Reputational Risk (52) Measures: Regulatory Risk Staff Turnover (40) Key personnel attrition Human Capital Risk (40) Compensation IT RISK (35) Competiveness Financial, Market, Credit, FX and Insurance Risk Accident rates (30) Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk (20) Source: Economist Intelligence Unit, 2005 Max Scale: 100 11Information on Risk Info: Compliance with external/internal regulations Reputational Risk (52) Measures: Regulatory Risk Fines imposed (40) # of investigations Human Capital Risk (40) Status of IT RISK (35) implementation of internal policies Financial, Market, Credit, FX and Insurance Risk (30) New regulations discussions Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk (20) Source: Economist Intelligence Unit, 2005 Max Scale: 100 12 6
  14. 14. Information on Risk Info: Impact of previous risks on value of the firm including external factors. Reputational Risk (52) Measures: Regulatory Risk (40) Chain of events Human Capital Risk impacts (40) Impact of new strategic IT RISK (35) initiatives Financial, Market, Credit, FX and Insurance Risk (30) Business risks: Price/volume Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk (20) competition Source: Economist Intelligence Unit, 2005 Max Scale: 100 13 External Requirements: Consistency Regulatory Standards: – Basel II/Solvency II Pillar III: Info on risk exposure and governance – SEC: information on risks in 10-K Accounting Standards: – IFRS: Provisions as related to risk events – Brief description of the obligation, timing and uncertainty of outflows and expected reimbursements; Risk Standards: – COSO ERM II – Standards: ISO 31000/ANZ Australian Standards 14 7
  15. 15. Building and Maintaining Effective Risk Dashboards Implementation Issues Karen DeToro Deloitte Consulting LLP June 17, 2008Key Challenges in ImplementationThe most common challenges in implementing effective risk dashboardsoccur in the following key areas: Data Issues Integration into Decision Making Legal Issues 042DeToro.ppt -2- 1
  16. 16. Data IssuesData issues can be grouped into 3 general areas: Different data is required to be aggregated in a Data different way than for other reporting Availability Timeliness of data is critical for supporting key management decisions Non-financial data may not be well controlled The processes for gathering data (financial and Controls non-financial) may not be well controlled Variety of data sources may create challenges in Reconciliation reconciling data to published internal and external to Other sources Reports 042DeToro.ppt -3-Approaches for Addressing Data Issues Think broadly about universe of needed data at dashboard initiation Create centralized database to hold all key data to facilitate controls and timely automated reporting Build in sufficient flexibility to dashboard processes to be responsive as key risks change over time Implement controls similar to those used for SOX 404; leverage existing controls over data where possible Leverage commonalities with other data flows in organization Develop a strong relationship with IT and business units supplying data to better understand the data and build a reliable pipeline for data 042DeToro.ppt -4- 2
  17. 17. Integration into Decision MakingIn order to fully support decision making, the dashboard must be: Actionable – Data must be relevant to management – There must be the right level and amount of information targeted to the right audiences Integrated into a process that drives action – Push v. pull strategies for distributing data Tied in to incentives – Variable compensation must be partially based on performance against risk objectives 042DeToro.ppt -5-Legal Implications Companies are concerned about disclosing too much risk information that may be subject to legal discovery Companies’ responses to this issue fall somewhere on a spectrum: Ideal State Middle Road Head in the Sand Acknowledge the risk Acknowledge the risk Do not acknowledge Collect data Collect data the risk Do the right thing Do the “wrong” thing Do not collect data Many companies (and their general counsel) presume that the middle road is more dangerous than burying one’s head in the sand 042DeToro.ppt -6- 3
  18. 18. Ford Motor Company: The Middle Road Done Wrong The situation: 1970’s Ford Pinto The risk: Gas tanks would rupture easily in the event of a rear-end collision The data: The risk became apparent during the design and crash studies of the Ford Pinto Cost of repairing the flaw: $11 per car ($137 million cost)1 Value of the benefit: $200,000 saved per life lost ($49.5 million benefit)2 Internal documents indicated that a cost-benefit analysis did not support fixing the flaw Outcome: Estimates put the impact at over 500 deaths3, and significant financial and reputational damage to Ford 042DeToro.ppt -7-Major Conglomerate: The Middle Road Done Right The situation: Income tax return for a major US conglomerate The risk: The company pursued a tax accounting policy, despite some concern that it might not be deemed acceptable by the IRS The data: The company documented their rationale for interpreting the tax law as they did, and quantified the impact of their interpretation versus another interpretation commonly in use. This information was clearly documented Outcome: The company was taken to court by the IRS. Although the company’s interpretation was ruled to be invalid, fines and penalties were substantially reduced because of the company’s ability to document its rationale 042DeToro.ppt -8- 4
  19. 19. Taking the Middle Road – Other LessonsLessons can be learned from the approaches hospitals have taken indealing with medical errors 1999 Institute of Medicine report: medical errors cost $17B to $29B per year and are the 8th leading cause of death in the US4 Pressure on hospitals to disclose errors so patients can make informed choices about where to obtain care Hospitals have mechanisms in place to disclose adverse medical events as learning opportunities for doctors – Weekly Mortality & Morbidity (“M&M”) conferences – Hospital risk managers 042DeToro.ppt -9-Taking the Middle Road – Hospitals’ ResponsesHospitals have responded to pressures for full disclosure in several ways: Traditional approach was “defend and deny” – No admission of wrong- doing – Cases cited of risk managers and doctors denying knowledge of medical errors to protect colleagues Proposed legislation – IOM proposed mandatory reporting of errors to make health care safer; simultaneously proposed legislation to extend peer-review protections to reports of errors (currently extend to M&M) Improve processes to reduce errors – Medical community adopting similar checks and protocols to the airline industry Apologize and disclose – Discussed in next case study “With malpractice premiums soaring and a national patients’ rights movement pushing for full disclosure of medical errors, the industry is rethinking the traditional approach known as ‘defend and deny’.”5 042DeToro.ppt - 10 - 5
  20. 20. Lexington VA: The Middle Road Refined The situation: Hospitals use weekly Mortality & Morbidity (“M&M”) conferences and other disclosures of adverse events as learning opportunities to teach doctors how to address complications The risk: Admissions of mistakes may be used against doctors in malpractice suits. The data: Lexington VA implemented a mandatory disclosure policy, requiring all doctors to report errors to a committee which then informed the family and offered compensation. Outcome: Instead, after implementation, the average cost of error- related payouts was only $15,632, which was in the lowest quarter of the 35 VA hospitals in the country, and Lexington VA is deemed one of the safest VA hospitals in the country.6 “”Being honest defused situations that would otherwise lead to litigation.”7 042DeToro.ppt - 11 -Legal Issues - SummaryCompanies can live more comfortably with the middle road by: Acting responsibly, prudently and reasonably with the data they gather Disclosing and apologizing when things go wrong Utilizing lessons learned from risk events to move closer to the ideal state by improving processes to limit future adverse events Ideal State Middle Road Head in the Sand Acknowledge the risk Acknowledge the risk Do not acknowledge Collect data Collect data the risk Do the right thing Do the “wrong” thing Do not collect data 042DeToro.ppt - 12 - 6
  21. 21. BibliographyEnd Notes Mark Dowie. “Pinto Madness.” Mother Jones. Sept / Oct 1977. Ibid. Ibid. Stephanie Mencimer, “Casualties of Medicine.” Legal Affairs. May / June 2003. Rachel Zimmerman. “Doctors’ New Tool to Fight Lawsuits: Saying I’m Sorry.” Wall Street Journal. May 18, 2004, page A1. Ibid. Stephanie Mencimer, “Casualties of Medicine.” Legal Affairs. May / June 2003.Other Sources Sara Nathan and Guillermo X. Garcia. “Ford visit led to settlement.” USA Today. Jan. 9, 2000. Jane Garbutt et al. “Lost Opportunities: How Physicians Communicate About Medical Errors.” Health Affairs. Vol. 27, No. 1, 2008. Karen Lundegaard. “Study Raises Roof-Safety Questions.” Safety Issues. Vol. 4, Issue 41, April 2005. 042DeToro.ppt - 13 - Copyright © 2008 Deloitte Development LLC. All rights reserved. 7

×