The document discusses the limitations of technology in risk management based on past failures, such as the financial crisis. While technology plays an important role in areas like data collection, analysis, and monitoring, it cannot replace human judgment and challenge. Risk models can be wrong or lead to a false sense of security if people rely on them without questioning the assumptions. The key is using technology as a tool alongside qualitative risk assessment to improve decision-making.
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec, a sponsor company at the upcoming marcus evans Australian CIO Summit 2013, on how organisations can ensure information security becomes a business enabler.
Xavier Marguinaud, Underwriting Manager - Cyber at Tokio Marine HCC, contributes on Strategies to minimise loss and damage in Corporate Livewire Cyber Security & Data Protection Expert Guide, published in December 2017
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec, a sponsor company at the upcoming marcus evans Australian CIO Summit 2013, on how organisations can ensure information security becomes a business enabler.
Xavier Marguinaud, Underwriting Manager - Cyber at Tokio Marine HCC, contributes on Strategies to minimise loss and damage in Corporate Livewire Cyber Security & Data Protection Expert Guide, published in December 2017
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise
In an era of global connectivity, online information and systems are playing an increasingly central role in business. According to data from Cisco, worldwide internet-connected devices will reach 50 billion by 2020, and with 15 billion devices already in 2015 it is apparent that an increasing numbers of companies, systems and information are working online.
This global study, conducted by the Economist Intelligence Unit (EIU) and sponsored by Palo Alto Networks, sheds light on the ways business leaders are dealing with the increasing volume of threats they face from insecurities that arise because of disruption beyond their corporate borders.
For in-depth interviews from industry leaders on how companies are combating security threats, go to https://goo.gl/fXcnLN
Our technology-oriented civilization tends to solve problems with technology-based solutions. This paper lays out the importance of the human aspects in information security in relation with technology used to mitigate the risk.
Statistics show that as many as 75 percent of the security incidents are caused by human error or ignorance. Whilst technology solutions can never be the panacea in information security one can increase the effectiveness by implementing a well- designed security awareness strategy.
Convince your management and launch your ideas in a comprehensive language for
your target audience!
In an era of global connectivity, online information and systems are playing an increasingly central role in business. According to data from Cisco, worldwide internet-connected devices will reach 50 billion by 2020, and with 15 billion devices already in 2015 it is apparent that an increasing numbers of companies, systems and information are working online.
This global study, conducted by the Economist Intelligence Unit (EIU) and sponsored by Palo Alto Networks, sheds light on the ways business leaders are dealing with the increasing volume of threats they face from insecurities that arise because of disruption beyond their corporate borders.
For in-depth interviews from industry leaders on how companies are combating security threats, go to https://goo.gl/fXcnLN
Our technology-oriented civilization tends to solve problems with technology-based solutions. This paper lays out the importance of the human aspects in information security in relation with technology used to mitigate the risk.
Statistics show that as many as 75 percent of the security incidents are caused by human error or ignorance. Whilst technology solutions can never be the panacea in information security one can increase the effectiveness by implementing a well- designed security awareness strategy.
Convince your management and launch your ideas in a comprehensive language for
your target audience!
How close is your organization to being breached | Safe SecurityRahul Tyagi
Traditional methods are certainly limited in
their capabilities and this is easily proven by
the multitude of breaches businesses were a
victim of, across the globe. The 2020 Q3 Data
Breach QuickView Report revealed that the
number of records exposed in 2020 has
increased to 36 billion globally. The report
stated that there were 2,953 publicly
reported breaches in the first three quarters
of 2020 itself! 2020 is already named the
“worst year on record” by the end of Q2 in
terms of the total number of records
exposed. With the growing sophistication of
cyber-attacks and global damages related
to cybercrime reaching $6 trillion by 2021, we
need a solution that simplifies
cybersecurity.
To know more about breach probability visit : www.safe.security
Corporate treasury is now a top target for cyber-criminals. Treasury’s trove of personal and corporate data, its authority to make payments and move large amounts of cash quickly, and its often complicated structure make it an appealing choice for discerning fraudsters.
ADAM ADLER MIAMI Adam Adler is a serial entrepreneur with over 18 years experience all at top level management and ownership. Primarily investing his own capital and building brands from the ground up.
ORX Analytics & Scenario Forum 2019 - summaryLuke Carrivick
Discover more about the ORX Analytics and Scenarios forum.
On 3-4 July, more than 50 operational risk and scenario experts from banking and insurance met in London for two days of discussion and networking. The ORX Analytics and Scenario Forum takes place each year, and gives participants the chance to talk about the biggest issues facing the industry today.
In the cyber world, many are attacked but not all are victims. Some organisations emerge stronger. The most cyber-resilient organisations can respond to an incident, fix the vulnerabilities and apply the lessons to strategies for the future. A key element of their resilience is governance, a task that falls to the board of directors.
To learn more about the challenges of governing a cyber-resilient organisation, The Economist Intelligence Unit (EIU) conducted a global survey, sponsored by Willis Towers Watson, of 452 large-company board members, C-suite executives and directors with responsibility for cyber-resilience.
Among the findings:
-In the past year, a third of the companies surveyed experienced a serious cyber-incident — one that disrupted operations, impaired financials and damaged reputations — and most placed high odds on another one in the next 12 months.
-Many companies lack confidence in their ability to source talent and develop a cyber-savvy workforce.
-Executives cite the size of the financial and reputational risk as the most important reason for board oversight.
Every accountant knows that accounting is a business language and that language has undergone many changes over the years. Dissemination in the use of information technology and the production of applications has
contributed to intense shifts in accounting firms’ Procedures as of the 1990s. From the view of accounting experts, the influence of these advances has not been adequately analysed. The general purpose of this study was therefore to determine the effect of technological progress on the accounting sphere in Namibia. A descriptive survey design was used to in this study, to establish whether there exists any relationship between advanced technology and Accounting today. The results indicate that the accelerated speed of technological progress tends to challenge conventional processes in all fields, including the accounting profession. The study also revealed that businesses
have not only embraced the revolution of advanced technology, but have also started to adopt emerging innovations in the form of accounting software, mobility and the creation of social media platforms. With a figure of
less than 50% IT-enabled use, it is obvious that accounting students and accountants do not know how to run accounting information systems, while companies continually rely on technological advancements to conduct their
tasks.
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereBIJFMCF Journal
Every accountant knows that accounting is a business language and that language has undergone many changes over the years. Dissemination in the use of information technology and the production of applications has contributed to intense shifts in accounting firms’ Procedures as of the 1990s. From the view of accounting experts, the influence of these advances has not been adequately analysed. The general purpose of this study was therefore to determine the effect of technological progress on the accounting sphere in Namibia. A descriptive survey design was used to in this study, to establish whether there exists any relationship between advanced technology and Accounting today. The results indicate that the accelerated speed of technological progress tends to challenge conventional processes in all fields, including the accounting profession. The study also revealed that businesses have not only embraced the revolution of advanced technology, but have also started to adopt emerging innovations in the form of accounting software, mobility and the creation of social media platforms. With a figure of less than 50% IT-enabled use, it is obvious that accounting students and accountants do not know how to run accounting information systems, while companies continually rely on technological advancements to conduct their tasks.
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereFinancialMarketCorpo
Every accountant knows that accounting is a business language and that language has undergone many
changes over the years. Dissemination in the use of information technology and the production of applications has
contributed to intense shifts in accounting firms’ Procedures as of the 1990s. From the view of accounting experts,
the influence of these advances has not been adequately analysed. The general purpose of this study was therefore to determine the effect of technological progress on the accounting sphere in Namibia. A descriptive survey
design was used to in this study, to establish whether there exists any relationship between advanced technology
and Accounting today. The results indicate that the accelerated speed of technological progress tends to challenge
conventional processes in all fields, including the accounting profession. The study also revealed that businesses
have not only embraced the revolution of advanced technology, but have also started to adopt emerging innovations in the form of accounting software, mobility and the creation of social media platforms. With a figure of
less than 50% IT-enabled use, it is obvious that accounting students and accountants do not know how to run
accounting information systems, while companies continually rely on technological advancements to conduct their
tasks.
How has the risk manager evolved to meet the needs of the banking industry? This slide deck takes a look at how the position has evolved and what skills should you anticipate needing in the future to compose the skill profile of the next decade’s agile risk manager.
In all of its forms, risk management is rapidly growing in importance within the commodity asset class. It will only become even more critical and complex in the future. Driven by unprecedented levels of change in the industry ranging from geopolitics to carbon, effective risk management is shifting for many commodity firms from just another activity to be managed to a critical component of business strategy that helps drive and inform brand, gain financing and trust, and demonstrates proper controls.
With a growth in interest in ‘big data’ as electric grids evolve and data sources become more common and more productive, there needs to be a discussion of the management of data in a secure manner, and the role of analytics to provide information and have ‘meaning’. This paper looks at a number of challenges that are beginning to be faced, and opportunities to ensure that the Future Grid is secure. Challenge 1 is the management of ‘big data’, which may provide value if appropriately viewed and analyzed; Challenge 2 is the management of security, for both data and systems which use the data; Challenge 3 is the need for appropriate urgency in analysis and action; Challenge 4 is to understand the meaning of the data and associated analyses, but also to understand the limits of our understanding.
_EY_smartKYC-Technological Innovations in KYC_3-16
EMB Briefings_technology_risk management final
1. Introduction
In risk management terms, few, if any, endeavours
eclipse taking humans into space and bringing
them back safely. Despite their undoubted
technical and personal skills, astronauts put their
lives in the hands of advanced technology. Yet, as
now immortalised by Hollywood, when things
went drastically wrong with the Apollo 13 lunar
mission in the early 1970s, a large dose of human
intervention and ingenuity came to the rescue of
the three astronauts on board.
Why do we raise this? For the simple fact that it
provides a popular illustration of the fact that
while technology, and computing power in
particular, has enabled mankind to achieve great
things, there are limitations. Human skill and
judgement cannot be eradicated from the mix.
Lessons learned
The world’s financial community is still facing up
to not heeding this lesson. Processes may have
been followed and the complex financial models
on which the businesses relied to assess their
risks may have been technically excellent, but two
things went wrong:
• Assumptions underlying the models were
wrong
• Model outputs were believed with insufficient
challenge
Amid the fallout of his stewardship of RBS, Sir
Fred Goodwin, observed: “At the heart of this I
think there was an issue not about risk
recognition but about how the risk was calibrated.
They (traders) were holding positions in what we
perceived to be triple A securities and they turned
out to be worth five or 10 cents in the dollar.
The risk was recognised but, in the risk systems it
was quantified as being very small: it turned out
to be very large and it was wrong.”
Avoiding the crutch of technology
It’s only fair to say that there have been many
failures of technology over the years. But in many
cases, these can be put down to unrealistic
expectations and a failure to recognise the limits
of technology – or indeed the additional risks it
may pose.
All too often, people have a rather naïve faith in
the power of technology. Take the case of the
“unsinkable” Titanic which led to the risk of
icebergs not being sufficiently recognised. And
then fast forward to the highly sophisticated risk
models in today’s financial markets that made it
both difficult and politically incorrect to challenge
the outputs.
There are few things that are certain when it
comes to risk, but one is that any attempt to
quantify it will be wrong. It may be close enough
to reality to provide a sound basis for decision-
making or it may be a different ball-park
altogether. But how do you tell? Risk
management is a qualitative exercise which, if
supported appropriately by the right data and
information, can add real value to businesses and
other organisations by improving decision-
making. But we believe in the maxim that ‘what
you can’t measure, you can’t manage’. For this
reason, it makes absolute sense to put in place
the best risk management technology you can,
but it makes equal sense to recognise its
limitations.
Technology plays an important part in effective risk management,
but it can’t absolve people’s responsibility to use it appropriately
and intelligently says Mike Wilkinson.
The role of technology in risk
management
EMB Briefing
2. Roles for technology
So, how can technology help risk management in
business? There are four main areas where it has a role to
play in our view:
1. Data collection and storage
2. Risk analysis and modelling
3. Risk monitoring and control
4. Risk information and communication
The starting point is good data, and lots of it - enough to
provide a sound statistical basis for effective decision-
making. Collecting data requires good front-end systems,
an effective system and data architecture with limited
human intervention, and good database and business
intelligence technology.
But, it also needs people – the right type of people with
the right culture, attitude and processes to: (a) capture
and log the data accurately, and (b) to analyse the data
effectively.
Business processes have to balance the ability to capture
data effectively with what it is used for. Companies
operating call centres, for example, can miss the
opportunity to capture useful business intelligence by
the pressure they place on operators to handle a certain
volume of calls.
Data analysis can take many forms but actuarial
techniques of stochastic modelling recognise that there
is no single quantifiable answer to any risk. It is a
combination of the probability of a risk occurring; the
potential impact or impacts; and the mitigating effects of
controls. At the extremes, any one risk or combination of
risks, however seemingly unlikely, can bring a company
down. Increases in computer power have meant that this
type of modelling – often including hundreds of
thousands of scenarios – is much more effective and
efficient than it used to be and can be brought to bear
more readily to assist business decision making. The
EMB Igloo™ modelling suite is designed to do just that.
It’s easy to get carried away with technological
capabilities but, also remember, the type - and
complexity - of modelling should be appropriate, not only
to the nature and materiality of the risk, but also to the
amount and quality of data available. Otherwise, it risks
giving an unrealistic view of the robustness of the model
outputs and potentially will lead to a false sense of
security.
Technology, and the access to information it affords, has
made it far easier to monitor an organisation’s continuing
risks. It would be almost inconceivable for risk
management to work effectively without the storage and
processing capabilities of modern computers and the
almost instant ability to communicate data-rich material
around the globe. Furthermore, computerised controls
play an ever increasing part in reducing risk.
Let’s be clear then. It’s no time to throw the baby out with
the bath water. The banking industry’s risk models may
have gathered a momentum of their own and not
predicted the near global financial meltdown, but
technology is an essential part of modern financial
services risk management.
Regulatory recognition
Nevertheless, the banking crisis had led some people to
ask if the banking regulation (Basel II) and enterprise risk
management (ERM) were misconceived. Are the
concepts flawed or were the issues that arose to do
primarily with implementation? And were the failures
those of technology or people?
The insurance industry’s version of Basel II – Solvency II
– attempts to reconcile and address some of these
questions head on. Its provisions encourage the use of
internal models to assess risk and to set solvency capital
on the basis of that assessment. This is similar to an
advanced approach for Basel II. However, there are two
points to consider:
1. The ‘internal model’ is much more than a calculation
engine. It is the full system of assessing and
quantifying risk, including governance, oversight
and challenge to the financial model
2. The regulators will insist that, if the internal model is
used to set the amount of solvency capital, the
model should also be used heavily within the
business for strategic decision making. This is
known as the ‘use test’. However, at the same time,
they are insistent that there must not be over-
reliance on the model and that there should be
effective challenge to it
3. Conclusions
What we have to recognise, as the insurance industry
appears to be doing, is the limitations of technology and
its impact on human behaviour.
We can all already see this in how automated risk
management touches upon our personal lives through
technology such as CCTV cameras, speed cameras and
speed limiters. Often this means there is less focus on
human, ‘intelligent’ risk management. But to what extent
does our reliance on technology drive behaviour?
The reality is that we often learn to understand how
technology works and how to manipulate or avoid
disadvantageous outcomes - for instance, slowing down
for a speed camera. Therefore, the technology itself can
change behaviours and potentially lead to riskier,
unexpected outcomes. That certainly seems partially at
the root of the current financial crisis. How much did the
existence of complex financial models allow bank
executives to absolve themselves of risk management
responsibilities?
The author of The Hitchhikers Guide to the Galaxy,
Douglas Adams, had some thoughts on technology and
behaviour when he said: “A common mistake that people
make when trying to design something completely
foolproof is to underestimate the ingenuity of complete
fools.”
Harsh perhaps, but a telling insight nonetheless! What we
all have to remember is that technology can be very
effective in supporting the management risk – as long as
it is treated as a tool rather than the panacea.
Mike Wilkinson leads EMB’s Risk Management Consulting team.
Mike has over 20 years’ experience of working with the insurance industry across a
wide range of sectors, assisting clients to develop and implement strategic change
initiatives. In recent years, he has focused on assisting clients to assess the impact
and implementation of risk based regulatory change, such as ICAS, Basel II and
Solvency II as well as dealing with the broader issue of Enterprise Risk
Management. Mike works closely with both business and actuarial teams to
address the increasingly important issue of integrating qualitative and quantitative
risk approaches.
mike.wilkinson@emb.com
For further information about EMB Igloo, please visit www.emb.com/software
For further information about risk management and Solvency II, please visit our Solvency II portal on
www.solvency-2.com