SlideShare a Scribd company logo

EMB Briefings_technology_risk management final

M
Mike Wilkinson

The document discusses the limitations of technology in risk management based on past failures, such as the financial crisis. While technology plays an important role in areas like data collection, analysis, and monitoring, it cannot replace human judgment and challenge. Risk models can be wrong or lead to a false sense of security if people rely on them without questioning the assumptions. The key is using technology as a tool alongside qualitative risk assessment to improve decision-making.

1 of 4
Download to read offline
Introduction In risk management terms, few, if any, endeavours eclipse taking humans into space and bringing them back safely. Despite their undoubted technical and personal skills, astronauts put their lives in the hands of advanced technology. Yet, as now immortalised by Hollywood, when things went drastically wrong with the Apollo 13 lunar mission in the early 1970s, a large dose of human intervention and ingenuity came to the rescue of the three astronauts on board. Why do we raise this? For the simple fact that it provides a popular illustration of the fact that while technology, and computing power in particular, has enabled mankind to achieve great things, there are limitations. Human skill and judgement cannot be eradicated from the mix. Lessons learned The world’s financial community is still facing up to not heeding this lesson. Processes may have been followed and the complex financial models on which the businesses relied to assess their risks may have been technically excellent, but two things went wrong: • Assumptions underlying the models were wrong • Model outputs were believed with insufficient challenge Amid the fallout of his stewardship of RBS, Sir Fred Goodwin, observed: “At the heart of this I think there was an issue not about risk recognition but about how the risk was calibrated. They (traders) were holding positions in what we perceived to be triple A securities and they turned out to be worth five or 10 cents in the dollar. The risk was recognised but, in the risk systems it was quantified as being very small: it turned out to be very large and it was wrong.” Avoiding the crutch of technology It’s only fair to say that there have been many failures of technology over the years. But in many cases, these can be put down to unrealistic expectations and a failure to recognise the limits of technology – or indeed the additional risks it may pose. All too often, people have a rather naïve faith in the power of technology. Take the case of the “unsinkable” Titanic which led to the risk of icebergs not being sufficiently recognised. And then fast forward to the highly sophisticated risk models in today’s financial markets that made it both difficult and politically incorrect to challenge the outputs. There are few things that are certain when it comes to risk, but one is that any attempt to quantify it will be wrong. It may be close enough to reality to provide a sound basis for decision- making or it may be a different ball-park altogether. But how do you tell? Risk management is a qualitative exercise which, if supported appropriately by the right data and information, can add real value to businesses and other organisations by improving decision- making. But we believe in the maxim that ‘what you can’t measure, you can’t manage’. For this reason, it makes absolute sense to put in place the best risk management technology you can, but it makes equal sense to recognise its limitations. Technology plays an important part in effective risk management, but it can’t absolve people’s responsibility to use it appropriately and intelligently says Mike Wilkinson. The role of technology in risk management EMB Briefing
Roles for technology So, how can technology help risk management in business? There are four main areas where it has a role to play in our view: 1. Data collection and storage 2. Risk analysis and modelling 3. Risk monitoring and control 4. Risk information and communication The starting point is good data, and lots of it - enough to provide a sound statistical basis for effective decision- making. Collecting data requires good front-end systems, an effective system and data architecture with limited human intervention, and good database and business intelligence technology. But, it also needs people – the right type of people with the right culture, attitude and processes to: (a) capture and log the data accurately, and (b) to analyse the data effectively. Business processes have to balance the ability to capture data effectively with what it is used for. Companies operating call centres, for example, can miss the opportunity to capture useful business intelligence by the pressure they place on operators to handle a certain volume of calls. Data analysis can take many forms but actuarial techniques of stochastic modelling recognise that there is no single quantifiable answer to any risk. It is a combination of the probability of a risk occurring; the potential impact or impacts; and the mitigating effects of controls. At the extremes, any one risk or combination of risks, however seemingly unlikely, can bring a company down. Increases in computer power have meant that this type of modelling – often including hundreds of thousands of scenarios – is much more effective and efficient than it used to be and can be brought to bear more readily to assist business decision making. The EMB Igloo™ modelling suite is designed to do just that. It’s easy to get carried away with technological capabilities but, also remember, the type - and complexity - of modelling should be appropriate, not only to the nature and materiality of the risk, but also to the amount and quality of data available. Otherwise, it risks giving an unrealistic view of the robustness of the model outputs and potentially will lead to a false sense of security. Technology, and the access to information it affords, has made it far easier to monitor an organisation’s continuing risks. It would be almost inconceivable for risk management to work effectively without the storage and processing capabilities of modern computers and the almost instant ability to communicate data-rich material around the globe. Furthermore, computerised controls play an ever increasing part in reducing risk. Let’s be clear then. It’s no time to throw the baby out with the bath water. The banking industry’s risk models may have gathered a momentum of their own and not predicted the near global financial meltdown, but technology is an essential part of modern financial services risk management. Regulatory recognition Nevertheless, the banking crisis had led some people to ask if the banking regulation (Basel II) and enterprise risk management (ERM) were misconceived. Are the concepts flawed or were the issues that arose to do primarily with implementation? And were the failures those of technology or people? The insurance industry’s version of Basel II – Solvency II – attempts to reconcile and address some of these questions head on. Its provisions encourage the use of internal models to assess risk and to set solvency capital on the basis of that assessment. This is similar to an advanced approach for Basel II. However, there are two points to consider: 1. The ‘internal model’ is much more than a calculation engine. It is the full system of assessing and quantifying risk, including governance, oversight and challenge to the financial model 2. The regulators will insist that, if the internal model is used to set the amount of solvency capital, the model should also be used heavily within the business for strategic decision making. This is known as the ‘use test’. However, at the same time, they are insistent that there must not be over- reliance on the model and that there should be effective challenge to it
Conclusions What we have to recognise, as the insurance industry appears to be doing, is the limitations of technology and its impact on human behaviour. We can all already see this in how automated risk management touches upon our personal lives through technology such as CCTV cameras, speed cameras and speed limiters. Often this means there is less focus on human, ‘intelligent’ risk management. But to what extent does our reliance on technology drive behaviour? The reality is that we often learn to understand how technology works and how to manipulate or avoid disadvantageous outcomes - for instance, slowing down for a speed camera. Therefore, the technology itself can change behaviours and potentially lead to riskier, unexpected outcomes. That certainly seems partially at the root of the current financial crisis. How much did the existence of complex financial models allow bank executives to absolve themselves of risk management responsibilities? The author of The Hitchhikers Guide to the Galaxy, Douglas Adams, had some thoughts on technology and behaviour when he said: “A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.” Harsh perhaps, but a telling insight nonetheless! What we all have to remember is that technology can be very effective in supporting the management risk – as long as it is treated as a tool rather than the panacea. Mike Wilkinson leads EMB’s Risk Management Consulting team. Mike has over 20 years’ experience of working with the insurance industry across a wide range of sectors, assisting clients to develop and implement strategic change initiatives. In recent years, he has focused on assisting clients to assess the impact and implementation of risk based regulatory change, such as ICAS, Basel II and Solvency II as well as dealing with the broader issue of Enterprise Risk Management. Mike works closely with both business and actuarial teams to address the increasingly important issue of integrating qualitative and quantitative risk approaches. mike.wilkinson@emb.com For further information about EMB Igloo, please visit www.emb.com/software For further information about risk management and Solvency II, please visit our Solvency II portal on www.solvency-2.com
The information and opinions contained in this publication are for general information purposes only. They do not constitute definitive professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. EMB does not accept or assume any liability, responsibility or duty of care for any loss which may arise from reliance on information or opinions published in this publication or for any decision based on it. EMB would be pleased to advise on how to apply the principles set out in this publication to your specific circumstances. Copyright © 2009. EMB Consultancy LLP. All rights reserved. EMB refers to the international actuarial, consulting and software practice carried on by EMB Consultancy LLP, EMB Software Management LLP, EMB Software Limited and their directly or indirectly affiliated firms or entities, partnerships or joint ventures, each of which is a separate and distinct legal entity. EMB Worldwide emb.com For more information contact your local EMB office or email us at info-uk@emb.com Africa South Africa, Johannesburg +27 11 728 7651 info-za@emb.com Asia-Pacific Japan, Tokyo +81 3 5942 5901 info-jp@emb.com India, New Delhi +91 124 410 1018 info-in@emb.com Australia, Sydney (The Quantium Group) +61 2 9292 6400 info@quantium.com.au Europe United Kingdom, Epsom Cambridge London +44 (0)1372 751060 info-uk@emb.com Germany, Cologne +49 221 356626-0 info-de@emb.com France, Paris +33 (0)1 42 68 52 23 info-fr@emb.com Norway, Bergen +47 93 00 88 50 info-no@emb.com The Netherlands, Amsterdam +31 (0)20 820 00 60 info-nl@emb.com Spain, Madrid + 34 91 791 29 34 info-es@emb.com North America San Diego, CA +1 858 793 1425 info-us@emb.com San Antonio, TX +1 210 826 2878 info-us@emb.com Chicago, IL +1 312 986 1425 info-us@emb.com Chagrin Falls, OH +1 440 725 6204 info-us@emb.com Hollywood, MD +1 312 261 9631 info-us@emb.com Stamford, CT +1 203 604 2930 info-us@emb.com Latin America Brazil, Sao Paulo +55 11 2711 1500 info-br@emb.com

Recommended

200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
Security risk
Security riskSecurity risk
Security riskRandy Tamoria
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
IT Network marcus evans
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
Bala Guntipalli ♦ MBA
 
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Laura Tibbo
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
balejandre
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-MaligecChristine Maligec, CRM-E, CRIS
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 

Recommended

200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
Security risk
Security riskSecurity risk
Security riskRandy Tamoria
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
IT Network marcus evans
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
Bala Guntipalli ♦ MBA
 
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Laura Tibbo
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
balejandre
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-MaligecChristine Maligec, CRM-E, CRIS
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsChristine Maligec, CRM-E, CRIS
 
Behavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas Final
Behavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas FinalBehavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas Final
Behavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas Final
ksteadman
 
Ponemon 2015 EMEA Cyber Impact Report
Ponemon 2015 EMEA Cyber Impact Report Ponemon 2015 EMEA Cyber Impact Report
Ponemon 2015 EMEA Cyber Impact Report
Graeme Cross
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Ernst & Young
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover StoryTorrid Networks Private Limited
 
#Kdk At εεχμτ 2010 12 03 V10
#Kdk At εεχμτ 2010 12 03 V10#Kdk At εεχμτ 2010 12 03 V10
#Kdk At εεχμτ 2010 12 03 V10
Konstantinos Karydias
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
Devendra kashyap
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
The Economist Media Businesses
 
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaperRiskpro SCRAY whitepaper
Riskpro SCRAY whitepaper
Edgevalue
 
The human factor
The human factorThe human factor
The human factor
Koen Maris
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
Andréanne Clarke
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
Priyanka Aash
 
Outsourcing
OutsourcingOutsourcing
Outsourcingkarlhennessy
 
Best Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityBest Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityReadWrite
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-Profits
David X Martin
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of SecurityKarina Elise
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martin
David X Martin
 
PWC Survey 2010 Report
PWC Survey 2010 ReportPWC Survey 2010 Report
PWC Survey 2010 Report
Kim Jensen
 
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
United Interactive™
 
Franz liszt parte de carlos
Franz liszt parte de carlosFranz liszt parte de carlos
Franz liszt parte de carlos
aulacervantes
 
What About Love? Statistical Analysis And Marital Stability
What About Love? Statistical Analysis And Marital StabilityWhat About Love? Statistical Analysis And Marital Stability
What About Love? Statistical Analysis And Marital Stability
Goldberg Jones
 

More Related Content

What's hot

Behavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas Final
Behavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas FinalBehavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas Final
Behavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas Final
ksteadman
 
Ponemon 2015 EMEA Cyber Impact Report
Ponemon 2015 EMEA Cyber Impact Report Ponemon 2015 EMEA Cyber Impact Report
Ponemon 2015 EMEA Cyber Impact Report
Graeme Cross
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Ernst & Young
 
#Kdk At εεχμτ 2010 12 03 V10
#Kdk At εεχμτ 2010 12 03 V10#Kdk At εεχμτ 2010 12 03 V10
#Kdk At εεχμτ 2010 12 03 V10
Konstantinos Karydias
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
Devendra kashyap
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
The Economist Media Businesses
 
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaperRiskpro SCRAY whitepaper
Riskpro SCRAY whitepaper
Edgevalue
 
The human factor
The human factorThe human factor
The human factor
Koen Maris
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
Andréanne Clarke
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
Priyanka Aash
 
Best Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityBest Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityReadWrite
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-Profits
David X Martin
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of SecurityKarina Elise
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martin
David X Martin
 
PWC Survey 2010 Report
PWC Survey 2010 ReportPWC Survey 2010 Report
PWC Survey 2010 Report
Kim Jensen
 
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
United Interactive™
 

What's hot (20)

Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and Eskins
 
Behavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas Final
Behavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas FinalBehavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas Final
Behavioral Economics At Work Nunnally, Steadman, Baxter Las Vegas Final
 
Ponemon 2015 EMEA Cyber Impact Report
Ponemon 2015 EMEA Cyber Impact Report Ponemon 2015 EMEA Cyber Impact Report
Ponemon 2015 EMEA Cyber Impact Report
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
#Kdk At εεχμτ 2010 12 03 V10
#Kdk At εεχμτ 2010 12 03 V10#Kdk At εεχμτ 2010 12 03 V10
#Kdk At εεχμτ 2010 12 03 V10
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
 
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaperRiskpro SCRAY whitepaper
Riskpro SCRAY whitepaper
 
The human factor
The human factorThe human factor
The human factor
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Best Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityBest Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business Continuity
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-Profits
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of Security
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martin
 
PWC Survey 2010 Report
PWC Survey 2010 ReportPWC Survey 2010 Report
PWC Survey 2010 Report
 
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
 

Viewers also liked

Franz liszt parte de carlos
Franz liszt parte de carlosFranz liszt parte de carlos
Franz liszt parte de carlos
aulacervantes
 
What About Love? Statistical Analysis And Marital Stability
What About Love? Statistical Analysis And Marital StabilityWhat About Love? Statistical Analysis And Marital Stability
What About Love? Statistical Analysis And Marital Stability
Goldberg Jones
 
ASU Startup School Session 6
ASU Startup School Session 6ASU Startup School Session 6
ASU Startup School Session 6Innovative Circus
 
Animales en peligro de extincion
Animales en peligro de extincionAnimales en peligro de extincion
Animales en peligro de extincionlosdonkey
 
Presentacion nivel 1 AT
Presentacion nivel 1 ATPresentacion nivel 1 AT
Presentacion nivel 1 AT
dulcelorenagn
 
Noa z federicochopin
Noa z federicochopinNoa z federicochopin
Noa z federicochopin
aulacervantes
 

Viewers also liked (6)

Franz liszt parte de carlos
Franz liszt parte de carlosFranz liszt parte de carlos
Franz liszt parte de carlos
 
What About Love? Statistical Analysis And Marital Stability
What About Love? Statistical Analysis And Marital StabilityWhat About Love? Statistical Analysis And Marital Stability
What About Love? Statistical Analysis And Marital Stability
 
ASU Startup School Session 6
ASU Startup School Session 6ASU Startup School Session 6
ASU Startup School Session 6
 
Animales en peligro de extincion
Animales en peligro de extincionAnimales en peligro de extincion
Animales en peligro de extincion
 
Presentacion nivel 1 AT
Presentacion nivel 1 ATPresentacion nivel 1 AT
Presentacion nivel 1 AT
 
Noa z federicochopin
Noa z federicochopinNoa z federicochopin
Noa z federicochopin
 

Similar to EMB Briefings_technology_risk management final

How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
Rahul Tyagi
 
Masters thesis - Fraud & Big Data
Masters thesis - Fraud & Big DataMasters thesis - Fraud & Big Data
Masters thesis - Fraud & Big Data
Stephanie Canovas
 
AR - Applying Big Data to Risk Management
AR - Applying Big Data to Risk ManagementAR - Applying Big Data to Risk Management
AR - Applying Big Data to Risk ManagementValentine Seivert
 
Managing Uncertainty - 2011
Managing Uncertainty - 2011Managing Uncertainty - 2011
Managing Uncertainty - 2011
RiskShare
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimension
The Economist Media Businesses
 
ADAM ADLER MIAMI
ADAM ADLER MIAMI ADAM ADLER MIAMI
ADAM ADLER MIAMI
AdamAdler10
 
Risk neversleeps wps-016
Risk neversleeps wps-016Risk neversleeps wps-016
Risk neversleeps wps-016Jake Lepine
 
Mind the Gaps: AML and Fraud Global Benchmark Survey
Mind the Gaps: AML and Fraud Global Benchmark Survey Mind the Gaps: AML and Fraud Global Benchmark Survey
Mind the Gaps: AML and Fraud Global Benchmark Survey
Paul Hamilton
 
Risk Management for New Era - Risk Magazine Spring 2023
Risk Management for New Era - Risk Magazine Spring 2023Risk Management for New Era - Risk Magazine Spring 2023
Risk Management for New Era - Risk Magazine Spring 2023
The IRM India
 
ORX Analytics & Scenario Forum 2019 - summary
ORX Analytics & Scenario Forum 2019 - summaryORX Analytics & Scenario Forum 2019 - summary
ORX Analytics & Scenario Forum 2019 - summary
Luke Carrivick
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
David Sweigert
 
How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation
The Economist Media Businesses
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
BOHR International Journal of Financial market and Corporate Finance
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
BIJFMCF Journal
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
FinancialMarketCorpo
 
What Skills Will Risk Managers Need in 2028
What Skills Will Risk Managers Need in 2028What Skills Will Risk Managers Need in 2028
What Skills Will Risk Managers Need in 2028
Colleen Beck-Domanico
 
What is Modern Risk Management?
What is Modern Risk Management?What is Modern Risk Management?
What is Modern Risk Management?
CTRM Center
 
Challenges of Data Management & Analytics in the Future Grid
Challenges of Data Management & Analytics in the Future GridChallenges of Data Management & Analytics in the Future Grid
Challenges of Data Management & Analytics in the Future Grid
Power System Operation
 
smartKYC&EYReportFeb2016wb
smartKYC&EYReportFeb2016wbsmartKYC&EYReportFeb2016wb
smartKYC&EYReportFeb2016wbHugo Chamberlain
 
_EY_smartKYC-Technological Innovations in KYC_3-16
_EY_smartKYC-Technological Innovations in KYC_3-16_EY_smartKYC-Technological Innovations in KYC_3-16
_EY_smartKYC-Technological Innovations in KYC_3-16Alessandro Tonchia
 

Similar to EMB Briefings_technology_risk management final (20)

How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Masters thesis - Fraud & Big Data
Masters thesis - Fraud & Big DataMasters thesis - Fraud & Big Data
Masters thesis - Fraud & Big Data
 
AR - Applying Big Data to Risk Management
AR - Applying Big Data to Risk ManagementAR - Applying Big Data to Risk Management
AR - Applying Big Data to Risk Management
 
Managing Uncertainty - 2011
Managing Uncertainty - 2011Managing Uncertainty - 2011
Managing Uncertainty - 2011
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimension
 
ADAM ADLER MIAMI
ADAM ADLER MIAMI ADAM ADLER MIAMI
ADAM ADLER MIAMI
 
Risk neversleeps wps-016
Risk neversleeps wps-016Risk neversleeps wps-016
Risk neversleeps wps-016
 
Mind the Gaps: AML and Fraud Global Benchmark Survey
Mind the Gaps: AML and Fraud Global Benchmark Survey Mind the Gaps: AML and Fraud Global Benchmark Survey
Mind the Gaps: AML and Fraud Global Benchmark Survey
 
Risk Management for New Era - Risk Magazine Spring 2023
Risk Management for New Era - Risk Magazine Spring 2023Risk Management for New Era - Risk Magazine Spring 2023
Risk Management for New Era - Risk Magazine Spring 2023
 
ORX Analytics & Scenario Forum 2019 - summary
ORX Analytics & Scenario Forum 2019 - summaryORX Analytics & Scenario Forum 2019 - summary
ORX Analytics & Scenario Forum 2019 - summary
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
 
What Skills Will Risk Managers Need in 2028
What Skills Will Risk Managers Need in 2028What Skills Will Risk Managers Need in 2028
What Skills Will Risk Managers Need in 2028
 
What is Modern Risk Management?
What is Modern Risk Management?What is Modern Risk Management?
What is Modern Risk Management?
 
Challenges of Data Management & Analytics in the Future Grid
Challenges of Data Management & Analytics in the Future GridChallenges of Data Management & Analytics in the Future Grid
Challenges of Data Management & Analytics in the Future Grid
 
smartKYC&EYReportFeb2016wb
smartKYC&EYReportFeb2016wbsmartKYC&EYReportFeb2016wb
smartKYC&EYReportFeb2016wb
 
_EY_smartKYC-Technological Innovations in KYC_3-16
_EY_smartKYC-Technological Innovations in KYC_3-16_EY_smartKYC-Technological Innovations in KYC_3-16
_EY_smartKYC-Technological Innovations in KYC_3-16
 

EMB Briefings_technology_risk management final

  • 1. Introduction In risk management terms, few, if any, endeavours eclipse taking humans into space and bringing them back safely. Despite their undoubted technical and personal skills, astronauts put their lives in the hands of advanced technology. Yet, as now immortalised by Hollywood, when things went drastically wrong with the Apollo 13 lunar mission in the early 1970s, a large dose of human intervention and ingenuity came to the rescue of the three astronauts on board. Why do we raise this? For the simple fact that it provides a popular illustration of the fact that while technology, and computing power in particular, has enabled mankind to achieve great things, there are limitations. Human skill and judgement cannot be eradicated from the mix. Lessons learned The world’s financial community is still facing up to not heeding this lesson. Processes may have been followed and the complex financial models on which the businesses relied to assess their risks may have been technically excellent, but two things went wrong: • Assumptions underlying the models were wrong • Model outputs were believed with insufficient challenge Amid the fallout of his stewardship of RBS, Sir Fred Goodwin, observed: “At the heart of this I think there was an issue not about risk recognition but about how the risk was calibrated. They (traders) were holding positions in what we perceived to be triple A securities and they turned out to be worth five or 10 cents in the dollar. The risk was recognised but, in the risk systems it was quantified as being very small: it turned out to be very large and it was wrong.” Avoiding the crutch of technology It’s only fair to say that there have been many failures of technology over the years. But in many cases, these can be put down to unrealistic expectations and a failure to recognise the limits of technology – or indeed the additional risks it may pose. All too often, people have a rather naïve faith in the power of technology. Take the case of the “unsinkable” Titanic which led to the risk of icebergs not being sufficiently recognised. And then fast forward to the highly sophisticated risk models in today’s financial markets that made it both difficult and politically incorrect to challenge the outputs. There are few things that are certain when it comes to risk, but one is that any attempt to quantify it will be wrong. It may be close enough to reality to provide a sound basis for decision- making or it may be a different ball-park altogether. But how do you tell? Risk management is a qualitative exercise which, if supported appropriately by the right data and information, can add real value to businesses and other organisations by improving decision- making. But we believe in the maxim that ‘what you can’t measure, you can’t manage’. For this reason, it makes absolute sense to put in place the best risk management technology you can, but it makes equal sense to recognise its limitations. Technology plays an important part in effective risk management, but it can’t absolve people’s responsibility to use it appropriately and intelligently says Mike Wilkinson. The role of technology in risk management EMB Briefing
  • 2. Roles for technology So, how can technology help risk management in business? There are four main areas where it has a role to play in our view: 1. Data collection and storage 2. Risk analysis and modelling 3. Risk monitoring and control 4. Risk information and communication The starting point is good data, and lots of it - enough to provide a sound statistical basis for effective decision- making. Collecting data requires good front-end systems, an effective system and data architecture with limited human intervention, and good database and business intelligence technology. But, it also needs people – the right type of people with the right culture, attitude and processes to: (a) capture and log the data accurately, and (b) to analyse the data effectively. Business processes have to balance the ability to capture data effectively with what it is used for. Companies operating call centres, for example, can miss the opportunity to capture useful business intelligence by the pressure they place on operators to handle a certain volume of calls. Data analysis can take many forms but actuarial techniques of stochastic modelling recognise that there is no single quantifiable answer to any risk. It is a combination of the probability of a risk occurring; the potential impact or impacts; and the mitigating effects of controls. At the extremes, any one risk or combination of risks, however seemingly unlikely, can bring a company down. Increases in computer power have meant that this type of modelling – often including hundreds of thousands of scenarios – is much more effective and efficient than it used to be and can be brought to bear more readily to assist business decision making. The EMB Igloo™ modelling suite is designed to do just that. It’s easy to get carried away with technological capabilities but, also remember, the type - and complexity - of modelling should be appropriate, not only to the nature and materiality of the risk, but also to the amount and quality of data available. Otherwise, it risks giving an unrealistic view of the robustness of the model outputs and potentially will lead to a false sense of security. Technology, and the access to information it affords, has made it far easier to monitor an organisation’s continuing risks. It would be almost inconceivable for risk management to work effectively without the storage and processing capabilities of modern computers and the almost instant ability to communicate data-rich material around the globe. Furthermore, computerised controls play an ever increasing part in reducing risk. Let’s be clear then. It’s no time to throw the baby out with the bath water. The banking industry’s risk models may have gathered a momentum of their own and not predicted the near global financial meltdown, but technology is an essential part of modern financial services risk management. Regulatory recognition Nevertheless, the banking crisis had led some people to ask if the banking regulation (Basel II) and enterprise risk management (ERM) were misconceived. Are the concepts flawed or were the issues that arose to do primarily with implementation? And were the failures those of technology or people? The insurance industry’s version of Basel II – Solvency II – attempts to reconcile and address some of these questions head on. Its provisions encourage the use of internal models to assess risk and to set solvency capital on the basis of that assessment. This is similar to an advanced approach for Basel II. However, there are two points to consider: 1. The ‘internal model’ is much more than a calculation engine. It is the full system of assessing and quantifying risk, including governance, oversight and challenge to the financial model 2. The regulators will insist that, if the internal model is used to set the amount of solvency capital, the model should also be used heavily within the business for strategic decision making. This is known as the ‘use test’. However, at the same time, they are insistent that there must not be over- reliance on the model and that there should be effective challenge to it
  • 3. Conclusions What we have to recognise, as the insurance industry appears to be doing, is the limitations of technology and its impact on human behaviour. We can all already see this in how automated risk management touches upon our personal lives through technology such as CCTV cameras, speed cameras and speed limiters. Often this means there is less focus on human, ‘intelligent’ risk management. But to what extent does our reliance on technology drive behaviour? The reality is that we often learn to understand how technology works and how to manipulate or avoid disadvantageous outcomes - for instance, slowing down for a speed camera. Therefore, the technology itself can change behaviours and potentially lead to riskier, unexpected outcomes. That certainly seems partially at the root of the current financial crisis. How much did the existence of complex financial models allow bank executives to absolve themselves of risk management responsibilities? The author of The Hitchhikers Guide to the Galaxy, Douglas Adams, had some thoughts on technology and behaviour when he said: “A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.” Harsh perhaps, but a telling insight nonetheless! What we all have to remember is that technology can be very effective in supporting the management risk – as long as it is treated as a tool rather than the panacea. Mike Wilkinson leads EMB’s Risk Management Consulting team. Mike has over 20 years’ experience of working with the insurance industry across a wide range of sectors, assisting clients to develop and implement strategic change initiatives. In recent years, he has focused on assisting clients to assess the impact and implementation of risk based regulatory change, such as ICAS, Basel II and Solvency II as well as dealing with the broader issue of Enterprise Risk Management. Mike works closely with both business and actuarial teams to address the increasingly important issue of integrating qualitative and quantitative risk approaches. mike.wilkinson@emb.com For further information about EMB Igloo, please visit www.emb.com/software For further information about risk management and Solvency II, please visit our Solvency II portal on www.solvency-2.com
  • 4. The information and opinions contained in this publication are for general information purposes only. They do not constitute definitive professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. EMB does not accept or assume any liability, responsibility or duty of care for any loss which may arise from reliance on information or opinions published in this publication or for any decision based on it. EMB would be pleased to advise on how to apply the principles set out in this publication to your specific circumstances. Copyright © 2009. EMB Consultancy LLP. All rights reserved. EMB refers to the international actuarial, consulting and software practice carried on by EMB Consultancy LLP, EMB Software Management LLP, EMB Software Limited and their directly or indirectly affiliated firms or entities, partnerships or joint ventures, each of which is a separate and distinct legal entity. EMB Worldwide emb.com For more information contact your local EMB office or email us at info-uk@emb.com Africa South Africa, Johannesburg +27 11 728 7651 info-za@emb.com Asia-Pacific Japan, Tokyo +81 3 5942 5901 info-jp@emb.com India, New Delhi +91 124 410 1018 info-in@emb.com Australia, Sydney (The Quantium Group) +61 2 9292 6400 info@quantium.com.au Europe United Kingdom, Epsom Cambridge London +44 (0)1372 751060 info-uk@emb.com Germany, Cologne +49 221 356626-0 info-de@emb.com France, Paris +33 (0)1 42 68 52 23 info-fr@emb.com Norway, Bergen +47 93 00 88 50 info-no@emb.com The Netherlands, Amsterdam +31 (0)20 820 00 60 info-nl@emb.com Spain, Madrid + 34 91 791 29 34 info-es@emb.com North America San Diego, CA +1 858 793 1425 info-us@emb.com San Antonio, TX +1 210 826 2878 info-us@emb.com Chicago, IL +1 312 986 1425 info-us@emb.com Chagrin Falls, OH +1 440 725 6204 info-us@emb.com Hollywood, MD +1 312 261 9631 info-us@emb.com Stamford, CT +1 203 604 2930 info-us@emb.com Latin America Brazil, Sao Paulo +55 11 2711 1500 info-br@emb.com