The document discusses the limitations of technology in risk management based on past failures, such as the financial crisis. While technology plays an important role in areas like data collection, analysis, and monitoring, it cannot replace human judgment and challenge. Risk models can be wrong or lead to a false sense of security if people rely on them without questioning the assumptions. The key is using technology as a tool alongside qualitative risk assessment to improve decision-making.

1. Introduction
In risk management terms, few, if any, endeavours
eclipse taking humans into space and bringing
them back safely. Despite their undoubted
technical and personal skills, astronauts put their
lives in the hands of advanced technology. Yet, as
now immortalised by Hollywood, when things
went drastically wrong with the Apollo 13 lunar
mission in the early 1970s, a large dose of human
intervention and ingenuity came to the rescue of
the three astronauts on board.
Why do we raise this? For the simple fact that it
provides a popular illustration of the fact that
while technology, and computing power in
particular, has enabled mankind to achieve great
things, there are limitations. Human skill and
judgement cannot be eradicated from the mix.
Lessons learned
The world’s financial community is still facing up
to not heeding this lesson. Processes may have
been followed and the complex financial models
on which the businesses relied to assess their
risks may have been technically excellent, but two
things went wrong:
• Assumptions underlying the models were
wrong
• Model outputs were believed with insufficient
challenge
Amid the fallout of his stewardship of RBS, Sir
Fred Goodwin, observed: “At the heart of this I
think there was an issue not about risk
recognition but about how the risk was calibrated.
They (traders) were holding positions in what we
perceived to be triple A securities and they turned
out to be worth five or 10 cents in the dollar.
The risk was recognised but, in the risk systems it
was quantified as being very small: it turned out
to be very large and it was wrong.”
Avoiding the crutch of technology
It’s only fair to say that there have been many
failures of technology over the years. But in many
cases, these can be put down to unrealistic
expectations and a failure to recognise the limits
of technology – or indeed the additional risks it
may pose.
All too often, people have a rather naïve faith in
the power of technology. Take the case of the
“unsinkable” Titanic which led to the risk of
icebergs not being sufficiently recognised. And
then fast forward to the highly sophisticated risk
models in today’s financial markets that made it
both difficult and politically incorrect to challenge
the outputs.
There are few things that are certain when it
comes to risk, but one is that any attempt to
quantify it will be wrong. It may be close enough
to reality to provide a sound basis for decision-
making or it may be a different ball-park
altogether. But how do you tell? Risk
management is a qualitative exercise which, if
supported appropriately by the right data and
information, can add real value to businesses and
other organisations by improving decision-
making. But we believe in the maxim that ‘what
you can’t measure, you can’t manage’. For this
reason, it makes absolute sense to put in place
the best risk management technology you can,
but it makes equal sense to recognise its
limitations.
Technology plays an important part in effective risk management,
but it can’t absolve people’s responsibility to use it appropriately
and intelligently says Mike Wilkinson.
The role of technology in risk
management
EMB Briefing

2. Roles for technology
So, how can technology help risk management in
business? There are four main areas where it has a role to
play in our view:
1. Data collection and storage
2. Risk analysis and modelling
3. Risk monitoring and control
4. Risk information and communication
The starting point is good data, and lots of it - enough to
provide a sound statistical basis for effective decision-
making. Collecting data requires good front-end systems,
an effective system and data architecture with limited
human intervention, and good database and business
intelligence technology.
But, it also needs people – the right type of people with
the right culture, attitude and processes to: (a) capture
and log the data accurately, and (b) to analyse the data
effectively.
Business processes have to balance the ability to capture
data effectively with what it is used for. Companies
operating call centres, for example, can miss the
opportunity to capture useful business intelligence by
the pressure they place on operators to handle a certain
volume of calls.
Data analysis can take many forms but actuarial
techniques of stochastic modelling recognise that there
is no single quantifiable answer to any risk. It is a
combination of the probability of a risk occurring; the
potential impact or impacts; and the mitigating effects of
controls. At the extremes, any one risk or combination of
risks, however seemingly unlikely, can bring a company
down. Increases in computer power have meant that this
type of modelling – often including hundreds of
thousands of scenarios – is much more effective and
efficient than it used to be and can be brought to bear
more readily to assist business decision making. The
EMB Igloo™ modelling suite is designed to do just that.
It’s easy to get carried away with technological
capabilities but, also remember, the type - and
complexity - of modelling should be appropriate, not only
to the nature and materiality of the risk, but also to the
amount and quality of data available. Otherwise, it risks
giving an unrealistic view of the robustness of the model
outputs and potentially will lead to a false sense of
security.
Technology, and the access to information it affords, has
made it far easier to monitor an organisation’s continuing
risks. It would be almost inconceivable for risk
management to work effectively without the storage and
processing capabilities of modern computers and the
almost instant ability to communicate data-rich material
around the globe. Furthermore, computerised controls
play an ever increasing part in reducing risk.
Let’s be clear then. It’s no time to throw the baby out with
the bath water. The banking industry’s risk models may
have gathered a momentum of their own and not
predicted the near global financial meltdown, but
technology is an essential part of modern financial
services risk management.
Regulatory recognition
Nevertheless, the banking crisis had led some people to
ask if the banking regulation (Basel II) and enterprise risk
management (ERM) were misconceived. Are the
concepts flawed or were the issues that arose to do
primarily with implementation? And were the failures
those of technology or people?
The insurance industry’s version of Basel II – Solvency II
– attempts to reconcile and address some of these
questions head on. Its provisions encourage the use of
internal models to assess risk and to set solvency capital
on the basis of that assessment. This is similar to an
advanced approach for Basel II. However, there are two
points to consider:
1. The ‘internal model’ is much more than a calculation
engine. It is the full system of assessing and
quantifying risk, including governance, oversight
and challenge to the financial model
2. The regulators will insist that, if the internal model is
used to set the amount of solvency capital, the
model should also be used heavily within the
business for strategic decision making. This is
known as the ‘use test’. However, at the same time,
they are insistent that there must not be over-
reliance on the model and that there should be
effective challenge to it

3. Conclusions
What we have to recognise, as the insurance industry
appears to be doing, is the limitations of technology and
its impact on human behaviour.
We can all already see this in how automated risk
management touches upon our personal lives through
technology such as CCTV cameras, speed cameras and
speed limiters. Often this means there is less focus on
human, ‘intelligent’ risk management. But to what extent
does our reliance on technology drive behaviour?
The reality is that we often learn to understand how
technology works and how to manipulate or avoid
disadvantageous outcomes - for instance, slowing down
for a speed camera. Therefore, the technology itself can
change behaviours and potentially lead to riskier,
unexpected outcomes. That certainly seems partially at
the root of the current financial crisis. How much did the
existence of complex financial models allow bank
executives to absolve themselves of risk management
responsibilities?
The author of The Hitchhikers Guide to the Galaxy,
Douglas Adams, had some thoughts on technology and
behaviour when he said: “A common mistake that people
make when trying to design something completely
foolproof is to underestimate the ingenuity of complete
fools.”
Harsh perhaps, but a telling insight nonetheless! What we
all have to remember is that technology can be very
effective in supporting the management risk – as long as
it is treated as a tool rather than the panacea.
Mike Wilkinson leads EMB’s Risk Management Consulting team.
Mike has over 20 years’ experience of working with the insurance industry across a
wide range of sectors, assisting clients to develop and implement strategic change
initiatives. In recent years, he has focused on assisting clients to assess the impact
and implementation of risk based regulatory change, such as ICAS, Basel II and
Solvency II as well as dealing with the broader issue of Enterprise Risk
Management. Mike works closely with both business and actuarial teams to
address the increasingly important issue of integrating qualitative and quantitative
risk approaches.
mike.wilkinson@emb.com
For further information about EMB Igloo, please visit www.emb.com/software
For further information about risk management and Solvency II, please visit our Solvency II portal on
www.solvency-2.com

4. The information and opinions contained in this publication are for general information purposes only. They do not constitute definitive professional advice,
and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. EMB does not accept or assume any liability,
responsibility or duty of care for any loss which may arise from reliance on information or opinions published in this publication or for any decision based on it.
EMB would be pleased to advise on how to apply the principles set out in this publication to your specific circumstances. Copyright © 2009. EMB Consultancy LLP.
All rights reserved. EMB refers to the international actuarial, consulting and software practice carried on by EMB Consultancy LLP, EMB Software Management LLP,
EMB Software Limited and their directly or indirectly affiliated firms or entities, partnerships or joint ventures, each of which is a separate and distinct legal entity.
EMB Worldwide
emb.com
For more information contact your local EMB office or email us at info-uk@emb.com
Africa
South Africa,
Johannesburg
+27 11 728 7651
info-za@emb.com
Asia-Pacific
Japan,
Tokyo
+81 3 5942 5901
info-jp@emb.com
India,
New Delhi
+91 124 410 1018
info-in@emb.com
Australia,
Sydney
(The Quantium Group)
+61 2 9292 6400
info@quantium.com.au
Europe
United Kingdom,
Epsom
Cambridge
London
+44 (0)1372 751060
info-uk@emb.com
Germany,
Cologne
+49 221 356626-0
info-de@emb.com
France,
Paris
+33 (0)1 42 68 52 23
info-fr@emb.com
Norway,
Bergen
+47 93 00 88 50
info-no@emb.com
The Netherlands,
Amsterdam
+31 (0)20 820 00 60
info-nl@emb.com
Spain,
Madrid
+ 34 91 791 29 34
info-es@emb.com
North America
San Diego, CA
+1 858 793 1425
info-us@emb.com
San Antonio, TX
+1 210 826 2878
info-us@emb.com
Chicago, IL
+1 312 986 1425
info-us@emb.com
Chagrin Falls, OH
+1 440 725 6204
info-us@emb.com
Hollywood, MD
+1 312 261 9631
info-us@emb.com
Stamford, CT
+1 203 604 2930
info-us@emb.com
Latin America
Brazil,
Sao Paulo
+55 11 2711 1500
info-br@emb.com