Professional Documents
Culture Documents
GCOR X
RMA's 10th Annual Governance,
Compliance, and Operational
Risk Conference
Overview
• Basics Viney Chadha
• The journey Leader Operational Risk Analytics
• Pitfalls GE Capital Americas
• Implementation
• The program
2
New World Order Emerges…
3
Metrics are metrics…
“Not everything that can be counted counts, and not everything that
counts can be counted.”
-Albert Einstein
• Risk Indicator: Metric that provides information on the level of exposure to a given
operational risk which the organisation has at a particular point in time
• Control Indicator: Metric that provide information on the extent to which given control is
meeting its intended objectives
− Does it Matter?
Yes No
Indicators inform management discussions and The ‘Project’ to establish and implement
decisions
− Know your audience to determine the types of indicator Design process and framework
Establish clear definitions for each types of indicator
− Apply the definitions consistently across the Ongoing Program Management & Oversight
organization
− Identify the relationships between indicators to enable
reuse of data and to promote informed discussions Purpose & Use
− All are used to inform and facilitate decision
Focused and timely responses making
5
Response matters
“What you measure is what you get”
• Performance Indicator: Metrics that measure performance or the achievement of targets
“Are we achieving the desired level of Performance e.g. Revenue achieved by On-time-arrival
(objective)?”
• Risk Indicator: Metric that provides information on the level of exposure to a given
operational risk which the organisation has at a particular point in time
“How is the Risk Profile changing and is it within the tolerance levels? E.g. Age of Tracks”
• Control Indicator: Metric that provide information on the extent to which given control is
meeting its intended objectives
“Are the internal controls effective? E.g. timely maintenance”
6
The journey
7
The big picture
Better business
decisions
8
Integration into ERM
How Do KRI’s Fit ?
KRIs interface type How KRIs
10
Data (how much?)
• Metrics for metrics sake
• Too many metrics
• Measuring what is easy
• All metrics are not equal
• Old metrics never die
11
Data (accurate &
consistent?)
• (seems) same but
interpreted differently
• Same but measured
differently
• Same but what is
measured is different
• All of the above plus
accurate
12
Social
• Threshold setting Everything you look
• Analysis (interpretation) for and all that you
perceive has a way of
proving whatever you
believe.
13
Culture
• Organizational
• Tone from the top
14
Implementation
15
Framework, project, program
• Framework
• Design, roles & responsibilities, standards, procedures &
documentation requirements
• Project
• 5 steps: Foundation, Building Blocks, Implementation,
Integration, Establishment
• Program
• Management of KRIs as a continuous process
• Assess effectiveness, relevance and actionability of
metrics and thresholds
16
Optimizing for success
KRI Process A Model for Change
Leaders Lead
Integrating change to
make it last
17
Success or…
18
Identification approach
Bottoms Up
Existing metrics
Processes
Controls.
Top Down
Strategic
Objectives
Risk Appetite
Enterprise Risks Combination
Critical Business
Processes
19
Strategic Objectives
Strategic KRI Mitigating KCI
Potential Risk
Initiative # 1 Controls
KPI
“Risk — let's get this straight up front — is good. The point of risk
management is not to eliminate it [but] to manage it… to choose where to
place bets and where to avoid betting altogether.”
“Managing Risk in the 21st Century,”
Thomas A. Stewart,
Fortune, 7 February 2000
20
The program
21
Using KRIs
“Risk is like fire: If controlled it will help you; if uncontrolled it will rise up
and destroy you.”
-Theodore Roosevelt
24
Recap & key takeaways
25
Questions?
26
To learn more…
http://riskbooks.com/key-risk-
indicators?___SID=U
Authors:
Ann Rodriguez & Viney Chadha
27