Scribd Logo
Upload

Welcome to Scribd!

  • GCOR X 2016-Key Risk - Indicators-Chadha-18 April 2016

    Uploaded by

    Agung Nugraha
    108 views27 pages
    key risk

    Original Title

    GCOR X 2016-Key Risk -Indicators-Chadha-18 April 2016

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    key risk

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    108 views27 pages

    GCOR X 2016-Key Risk - Indicators-Chadha-18 April 2016

    Uploaded by

    Agung Nugraha
    key risk

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 27

    Key Risk Indicators

    GCOR X
    RMA's 10th Annual Governance,
    Compliance, and Operational
    Risk Conference
    Overview
    • Basics Viney Chadha
    • The journey Leader Operational Risk Analytics
    • Pitfalls GE Capital Americas
    • Implementation
    • The program

    2
    New World Order Emerges…

    3
    Metrics are metrics…
    “Not everything that can be counted counts, and not everything that
    counts can be counted.”
    -Albert Einstein

    • Risk Indicator: Metric that provides information on the level of exposure to a given
    operational risk which the organisation has at a particular point in time

    • Control Indicator: Metric that provide information on the extent to which given control is
    meeting its intended objectives

    • Performance Indicator: Metrics that measure performance or the achievement of targets

    An indicator becomes “key” when it tracks an especially important risk


    exposure (key risk), or it does so especially well (key indicator), or ideally
    both
    4
    Providing insights
    An Indicator is a numeric value produced through the combination of
    measures which provides business insight. KPI, KRI, KCI…

    − Are they Different?

    − Does it Matter?

    Yes No
     Indicators inform management discussions and  The ‘Project’ to establish and implement
    decisions
    − Know your audience to determine the types of indicator  Design process and framework
     Establish clear definitions for each types of indicator
    − Apply the definitions consistently across the  Ongoing Program Management & Oversight
    organization
    − Identify the relationships between indicators to enable
    reuse of data and to promote informed discussions  Purpose & Use
    − All are used to inform and facilitate decision
     Focused and timely responses making

    5
    Response matters
    “What you measure is what you get”
    • Performance Indicator: Metrics that measure performance or the achievement of targets
    “Are we achieving the desired level of Performance e.g. Revenue achieved by On-time-arrival
    (objective)?”

    • Risk Indicator: Metric that provides information on the level of exposure to a given
    operational risk which the organisation has at a particular point in time
    “How is the Risk Profile changing and is it within the tolerance levels? E.g. Age of Tracks”

    • Control Indicator: Metric that provide information on the extent to which given control is
    meeting its intended objectives
    “Are the internal controls effective? E.g. timely maintenance”

    6
    The journey

    7
    The big picture

    Better business
    decisions

    8
    Integration into ERM
    How Do KRI’s Fit ?
    KRIs interface type How KRIs

    Core ERM processes (Input, Output, interface (Direct,

    Both) Indirect, Both)

    Risk Appetite Both Both

    Strategic Planning Both Both

    Capital Planning or Investment Input Indirect

    Stress Testing Input Indirect

    Risk Identification & Assessment Both Direct

    KRIs become the mechanism for viewing the risk profile


    dynamically and managing the risk proactively.
    9
    Potential pitfalls

    10
    Data (how much?)
    • Metrics for metrics sake
    • Too many metrics
    • Measuring what is easy
    • All metrics are not equal
    • Old metrics never die

    11
    Data (accurate &
    consistent?)
    • (seems) same but
    interpreted differently
    • Same but measured
    differently
    • Same but what is
    measured is different
    • All of the above plus
    accurate

    12
    Social
    • Threshold setting Everything you look
    • Analysis (interpretation) for and all that you
    perceive has a way of
    proving whatever you
    believe.

    13
    Culture
    • Organizational
    • Tone from the top

    14
    Implementation

    15
    Framework, project, program
    • Framework
    • Design, roles & responsibilities, standards, procedures &
    documentation requirements
    • Project
    • 5 steps: Foundation, Building Blocks, Implementation,
    Integration, Establishment
    • Program
    • Management of KRIs as a continuous process
    • Assess effectiveness, relevance and actionability of
    metrics and thresholds

    16
    Optimizing for success
    KRI Process A Model for Change

    Leaders Lead

    Instill the need to change

    Desired outcome is clear

    Commitment from Key


    constituents

    Integrating change to
    make it last

    Measure for success

    Systems and Organization


    reinforce the Change

    17
    Success or…

    The soft stuff …….


    really is the hard stuff

    18
    Identification approach
    Bottoms Up
     Existing metrics
     Processes
     Controls.

    Top Down
     Strategic
    Objectives
     Risk Appetite
     Enterprise Risks Combination
     Critical Business
    Processes

    19
    Strategic Objectives
    Strategic KRI Mitigating KCI
    Potential Risk
    Initiative # 1 Controls
    KPI

    Increase KRI Mitigating KCI


    Potential Risk
    Revenue Strategic Controls
    Initiative # 2
    KRI Mitigating KCI
    Profitability KPI Potential Risk
    Controls
    Strategic
    Reduce Costs Initiative # 3 KRI Mitigating KCI
    Potential Risk
    KPI Controls

    Strategic KRI Mitigating KCI


    Potential Risk
    Initiative # 4 Controls
    KPI

    “Risk — let's get this straight up front — is good. The point of risk
    management is not to eliminate it [but] to manage it… to choose where to
    place bets and where to avoid betting altogether.”
    “Managing Risk in the 21st Century,”
    Thomas A. Stewart,
    Fortune, 7 February 2000
    20
    The program

    21
    Using KRIs
    “Risk is like fire: If controlled it will help you; if uncontrolled it will rise up
    and destroy you.”
    -Theodore Roosevelt

     KRI analytics and reports are the smoke detector.


     Use the reports, pay attention to them

    Reduce the variability in process execution


    Early warning for management
    Increased responsiveness
    Minimize control failures or loss events 22
    Analysis & interpretation
    “Big data is pretty complex music
    -Bill Hostmann, vice president at Gartner.

    Data analysis, creativity and risk


    imagination 23
    Reporting
    “Clarity and excellence in thinking is very much like clarity and excellence in
    display of data. When principles of design replicate principles of thought, the
    act of arranging information becomes an act of insight”
    -Introduction to Visual Explanations by Edward R. Tufte,, 10th edition

    Know your Audience!


    Avoid information overload…Limit to ‘Key’ information
    Design reports based on Organization preference/culture
    Seek Feedback…Back test and validate conclusions
    Benchmark – internally & externally

    24
    Recap & key takeaways

    • Remember the big picture


    • Strike a balance between art &
    science
    • Be consistent and overlay strong
    governance
    • Remember your stakeholders when
    using & reporting

    25
    Questions?

    26
    To learn more…
    http://riskbooks.com/key-risk-
    indicators?___SID=U

    Authors:
    Ann Rodriguez & Viney Chadha

    27

    You might also like