Even though KRI is one of the most familiar terms used amongst the senior management and risk managers, it has not been given its due share of importance amongst other such risk measurement tools. This article focuses on highlighting the typical challenges experienced in organizing a good KRI system.
Some of the key challenges in having an efficient risk indicator are incompatible languages used by different sources, usage of different terminologies, timeliness of reporting the risk profiles to the management, appropriate authority to take necessary mitigating steps and finally clearly defining the risk thresholds.
Incompatible languages
Incompatibility in the language refers to two different dimensions, where one relates to the risk controller in understanding the various evolutions in the market practices and integrating them in the internal risk control framework. This is commonly attributed to the skills and tools or information sources one has access to. The other one pertains to the process of assigning a unified scale for measurement of the inputs received from the various risk indicators since most indicators are specific to individual businesses or processes and generally uncommon in nature.
Use of different terminologies
Often there are disconnects between the operations management teams and operational risk teams on the term ‘Risk Metrics’ and ‘Process Metrics’. The Operations team views their process metrics and in some cases their Service Level Agreements (SLA’s) as the key metrics and holds true as a risk indicator also. A good risk controlling group would consider those factors as risk metrics, which would result in a high impact financial or non-financial loss and it is not uncommon to have some of the process metrics or SLA’s form the sub-sets of risk metrics. Another interesting fact is that one person’s KRI is another’s performance indicator (KPI) and a third person’s service level indicator. Thus, these terminologies differ based on the different perspectives of the users and the activity in which they are engaged.
Timeliness of reporting
This might sound very generic but when you add the essence of risk management, this has the potential to alter the overall outcome of an event. To give a reference from history, imagine the changed scenario if the fax informing US authorities of an attack on Pearl Harbor was reported even a few hours earlier instead of a day late! In the real time corporate environment where every bit of your action is recorded and used in the performance appraisals, there will always be some amount of resistance towards declaring the errors or issues in the system. It is hence very crucial to design the system in such a manner that all such errors or issues are flagged in the best possible timelines. Many times, the operations and risk management groups need to predict the possibilities based on the inter dependability of factors amongst each other.
Right authority
Issue of authority in risk management is one of the major under-currents which has not surfaced much or is not discussed openly in public forums. It is very important for a risk controller or manager to have access to necessary authority to push the right lever at the right time. Unavailability of such authority slowly leads to deterioration of the control effectiveness and thus leads to major losses through undetected or delayed actions on critical risk exposures.
Some of the key challenges in having an efficient risk indicator are incompatible languages used by different sources, usage of different terminologies, timeliness of reporting the risk profiles to the management, appropriate authority to take necessary mitigating steps and finally clearly defining the risk thresholds.
Incompatible languages
Incompatibility in the language refers to two different dimensions, where one relates to the risk controller in understanding the various evolutions in the market practices and integrating them in the internal risk control framework. This is commonly attributed to the skills and tools or information sources one has access to. The other one pertains to the process of assigning a unified scale for measurement of the inputs received from the various risk indicators since most indicators are specific to individual businesses or processes and generally uncommon in nature.
Use of different terminologies
Often there are disconnects between the operations management teams and operational risk teams on the term ‘Risk Metrics’ and ‘Process Metrics’. The Operations team views their process metrics and in some cases their Service Level Agreements (SLA’s) as the key metrics and holds true as a risk indicator also. A good risk controlling group would consider those factors as risk metrics, which would result in a high impact financial or non-financial loss and it is not uncommon to have some of the process metrics or SLA’s form the sub-sets of risk metrics. Another interesting fact is that one person’s KRI is another’s performance indicator (KPI) and a third person’s service level indicator. Thus, these terminologies differ based on the different perspectives of the users and the activity in which they are engaged.
Timeliness of reporting
This might sound very generic but when you add the essence of risk management, this has the potential to alter the overall outcome of an event. To give a reference from history, imagine the changed scenario if the fax informing US authorities of an attack on Pearl Harbor was reported even a few hours earlier instead of a day late! In the real time corporate environment where every bit of your action is recorded and used in the performance appraisals, there will always be some amount of resistance towards declaring the errors or issues in the system. It is hence very crucial to design the system in such a manner that all such errors or issues are flagged in the best possible timelines. Many times, the operations and risk management groups need to predict the possibilities based on the inter dependability of factors amongst each other.
Right authority
Issue of authority in risk management is one of the major under-currents which has not surfaced much or is not discussed openly in public forums. It is very important for a risk controller or manager to have access to necessary authority to push the right lever at the right time. Unavailability of such authority slowly leads to deterioration of the control effectiveness and thus leads to major losses through undetected or delayed actions on critical risk exposures.
Defining risk thresholds
Risk thresholds can represent or misrepresent the actual risk exposure. This is why it is important to understand that an organization is defining these thresholds not based on the industry benchmark but based on their real time risk appetite. Both the Operations Managers and the Risk Managers need to review it based on a neutral and independent manner. It must be in the common interest of the authorities to define these risk thresholds in a manner that they flash the Red or Amber code also. Many times, it would help to revisit those metrics which are continuously sitting in the Green zone as they might do so because of relaxed risk threshold definitions.
I believe these typical and real time challenges might sound familiar to many of you managing the Operations or Risk portfolios, but with few careful actions and precautions, this tool will work wonders in helping you hit the ‘Bulls eye’ while managing risk in operations.
Posts
We strongly recommend a transparent and formal approach to Risk Tolerability to our clients.
ReplyDeletePLease refer to the numerous examples in
http://www.slideshare.net/foboni presentations where you will see how formal Risk Tolerability can be used to steer better decision making.
As per you other point related to glossary, I could not agree more, and that's why at http://www.riskope.com, in the info-center we have a full glossary available for perusing.
Kindest regards
Dr. F. Oboni, Ph.D.
Pres. Riskope International
The presentations are very well put together. I am glad you are recommending on such an approach for risk tolerability! I will be glad to share information about Riskope with some of my contacts.
ReplyDeleteMy best wishes for success in your goal!
Best regards,
Bala
Lovely.... Bala its too good :)
ReplyDelete