View
5.396
Download
3
Embed Size (px)
DESCRIPTION
COMPONENTS OF A RISK DASHBOARD COMPOSANTES D'UN TABLEAU DE BORD
Citation preview
Life 2008 Spring Meeting June 16-18, 2008
Session 42, Building and Maintaining Effective Risk
Dashboards
Moderator David T. (Todd) Henderson, FSA, MAAA, CERA
Authors
Karen J. DeToro, FSA,MAAA Michel Rochette, FSA
1
Session 42Society of Actuaries Spring Meeting
Quebec CityTuesday, June 17, 2008
8:30am – 10:00am
Building & Maintaining Effective Risk Dashboards
Building & Maintaining Effective Risk Dashboards
Todd HendersonThe Western & Southern Financial Group
Michel RochetteAON Global Risk Consulting
Karen DeToroDeloitte Consulting LLP
2
Risk Dashboards
Tool providing consolidated and timely reporting of risk exposures across an enterprise– All important exposures, at a glance– Drilled down and sliced as necessary– Early warnings of emerging exposures– Allowing preemptive, remedial action
Keys To Success
Algorithmics– Integrate market risk, credit risk and asset liability
reports in a single dashboard– Easily created and configured new reports– Rich set of visualization elements– Interactive and responsive
Source: www.ermsymposium.org/2007/pdf/handouts/CI/CI5_combo.pdf
3
Keys To Success
ABN Amro/LaSalle Bank– Comprehensive risk assessment– Integrated view of risk, reward and strategy– Forward-looking, actionable, risk escalation tool– Executive sponsorship
Source: www.ermsymposium.org/2007/pdf/handouts/CI/CI5_combo.pdf
Keys To Success
COGNOS– Data must be trustworthy– The business must be involved in shaping the
requirements– Content first, then aesthetics– Technology and architecture
Source: www.ermsymposium.org/2007/pdf/handouts/CI/CI5_combo.pdf
4
Comprehensive View of Risk
Business
Operational
Insurance
Interest Rate
Market
Credit
SBUSBUSBUCorporate
Drill Downs & Diagnostics
Business
Operational
Insurance
Interest Rate
Market
Credit
SBUSBUSBUCorporateValue At Risk = $643 Million
5
Forward Looking
Insurance– Underwriting errors– Pandemic Alerts
Operational– Capacity measures
Credit– Credit spread widening– Watchlist increases
Market– Value at Risk– Volatility
Interest Rate– Volatility
Actionable
Business
Operational
Insurance
Interest Rate
Market
Credit
SBUSBUSBUCorporate
Underwriting Limit Breaches = 7
Chief Underwriter installs system edit prohibiting limit breaches
6
Executive Ownership
Each measure must be owned by a senior manager– Ongoing monitoring– Remedial action
Business units should be intricately involved in developing requirements– Special knowledge– Buy-in
Session 42Society of Actuaries Spring Meeting
Quebec CityTuesday, June 17, 2008
8:30am – 10:00am
Building & Maintaining Effective Risk Dashboards
1
Risk DashboardsSociety of Actuaries Spring Meeting
Date June 17th, 2008
2
What is a Risk Dashboard?
As part of ERM, Decision Makers need an integrated view of risk across their enterprise.
Provide an approach to see correlation/links within a risk category and between risks.
Forces the organization to adopt a structured process to understand risk and opportunities:
– Review outstanding risk issues
– Prioritize management actions
– Be forward looking in risk management.
– Monitor compliance to existing risk policies
2
3
Audiences: Different NeedsRisk has to be communicated to different groups:– Board level:
• To allow them to satisfy their fiduciary duties, making sure that management is actually managing risk.
• To assess the level of risk in light of the company’s risk appetite.• To provide with a consolidated view of major threats and opportunities that
may affect the value of the company to the different stakeholders.
– Management level: • To provide them with a consolidated view of their company’s risks, a
horizontal view instead of a silo view.• To allow them to assess the cost/benefit of implementing controls to reduce
risk to the company’s desired risk tolerance/appetite.
– Business level: • To allow them to assess the effectiveness of “control” the risks under their
jurisdiction.
4
Case Study: Sub prime
Sub prime credits were issued in the mortgage department of the retail bank. Treasury department securitized sub prime credits, created SPVsand sponsored CDOs and the like in line with the new strategic models of banks to issue and sell not hold to maturity as before.Asset management departments/pension plans of the same banks invested in CDOs.Retail banks/mutual funds, some owned by the same banks, created new short-term “guaranteed” investment vehicles for retail customers, investing in asset-back securities.Banks provided liquidity enhancements to SPVs.Pricing/Valuation models were not stressed tested.
3
5
How a Dashboard Would Have HelpedA Dashboard should have consolidated the credit exposure for a single FI coming from:
– Issuance of the subprime credit– Credit exposure of the SPV. Fis had to consolidate credit exposure back on
their balance sheet after August 08 due to Reputational considerations. Ex. Banque Nationale/Desjardins in Quebec, c Citigroup in the US.
– Investment by the asset management arm/pension plan.
A Dashboard should have identified the inherent risks of the securitization business:
– Operational risk exposure of models used should have been identified.– Liquidity reports of the FI should have taken into consideration the liquidity
guarantees offered by banks to SPV.– Market risk reports should have taken into consideration the market risk of
position held by the asset management arm/pension plan of Fis.– Potential liabilities/regulatory/compliance issues should have been identified.
6
Applications of a DashboardPresents risk information consistently across the enterprise.Consolidate risks across the enterprise including outsourced operations.Allow enterprise to compare/analyze impact of external/emerging events on firm.Allow firm to monitor adherence to risk appetite using appropriate risk metrics: VAR, EAR, CashFlow at Risk.
Allow firm to publish consistent information to both internal and external audiences.
4
7
Dashboard: In line with Risk Concerns
Reputational Risk(52)
Regulatory Risk(40)
Human Capital Risk(40)
IT RISK(35)
Financial, Market, Credit and Insurance Risk(30)
Crime, security, political, natural hazard, FX, Terrorism, Country Risk(20)
Source: Economist Intelligence Unit, 2005
Max Scale: 100
8
Information on Risk
Reputational Risk(52)
Regulatory Risk(40)
Human Capital Risk(40)
IT RISK(35)
Financial, Market, Credit, FX and Insurance Risk(30)
Operational Risk: Crime, security, political, natural hazard, Terrorism, Country Risk(20)
Source: Economist Intelligence Unit, 2005
Max Scale: 100
Info: Vulnerability to critical processes
Measures:
Physical security breaches
Loss events
Fraud incidents
Environmental risk
5
9
Information on Risk
Reputational Risk(52)
Regulatory Risk(40)
Human Capital Risk(40)
IT RISK(35)
Financial, Market, Credit, FX and Insurance Risk(30)
Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk(20)
Source: Economist Intelligence Unit, 2005
Max Scale: 100
Info: Assets are impaired/capital at risk
Measures:
Default rates
Liquidity measures
Price risk
ALM risk
10
Information on Risk
Reputational Risk(52)
Regulatory Risk(40)
Human Capital Risk(40)
IT RISK(35)
Financial, Market, Credit, FX and Insurance Risk(30)
Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk(20)
Source: Economist Intelligence Unit, 2005
Max Scale: 100
Info: Malfunction in systems which
impede business
Measures:
System Downtime
Information security breaches
Business continuity readiness
Disaster recovery
6
11
Information on Risk
Reputational Risk(52)
Regulatory Risk(40)
Human Capital Risk(40)
IT RISK(35)
Financial, Market, Credit, FX and Insurance Risk(30)
Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk(20)
Source: Economist Intelligence Unit, 2005
Max Scale: 100
Info: Employees unavailable/unwilling to
perform functions.
Measures:
Staff Turnover
Key personnel attrition
Compensation Competiveness
Accident rates
12
Information on Risk
Reputational Risk(52)
Regulatory Risk(40)
Human Capital Risk(40)
IT RISK(35)
Financial, Market, Credit, FX and Insurance Risk(30)
Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk(20)
Source: Economist Intelligence Unit, 2005
Max Scale: 100
Info: Compliance with external/internal
regulations
Measures:
Fines imposed
# of investigations
Status of implementation of internal policies
New regulations discussions
7
13
Information on Risk
Reputational Risk(52)
Regulatory Risk(40)
Human Capital Risk(40)
IT RISK(35)
Financial, Market, Credit, FX and Insurance Risk(30)
Operational Risk: Crime, security, political, natural hazard, FX, Terrorism, Country Risk(20)
Source: Economist Intelligence Unit, 2005
Max Scale: 100
Info: Impact of previous risks on value
of the firm including external factors.
Measures:
Chain of events impacts
Impact of new strategic initiatives
Business risks: Price/volume
competition
14
External Requirements: ConsistencyRegulatory Standards:– Basel II/Solvency II Pillar III: Info on risk exposure and governance
– SEC: information on risks in 10-K
Accounting Standards:– IFRS: Provisions as related to risk events
– Brief description of the obligation, timing and uncertainty of outflows and expected reimbursements;
Risk Standards:– COSO ERM II
– Standards: ISO 31000/ANZ Australian Standards
1
Building and Maintaining Effective Risk Dashboards
Implementation Issues
June 17, 2008
Karen DeToroDeloitte Consulting LLP
- 2 - 042D
eTor
o.pp
t
Key Challenges in Implementation
Data Issues
Integration into Decision Making
Legal Issues
The most common challenges in implementing effective risk dashboards occur in the following key areas:
2
- 3 - 042D
eTor
o.pp
t
Data Issues
Data Availability
Reconciliation to Other Reports
Controls
Different data is required to be aggregated in a different way than for other reportingTimeliness of data is critical for supporting key management decisions
Variety of data sources may create challenges in reconciling data to published internal and external sources
Non-financial data may not be well controlledThe processes for gathering data (financial and non-financial) may not be well controlled
Data issues can be grouped into 3 general areas:
- 4 - 042D
eTor
o.pp
t
Approaches for Addressing Data Issues
Think broadly about universe of needed data at dashboard initiation
Create centralized database to hold all key data to facilitate controls and timely automated reporting
Build in sufficient flexibility to dashboard processes to be responsive as key risks change over time
Implement controls similar to those used for SOX 404; leverage existing controls over data where possible
Leverage commonalities with other data flows in organization
Develop a strong relationship with IT and business units supplying data to better understand the data and build a reliable pipeline for data
3
- 5 - 042D
eTor
o.pp
t
Integration into Decision Making
In order to fully support decision making, the dashboard must be:
Actionable– Data must be relevant to management– There must be the right level and amount of information targeted to the right
audiences
Integrated into a process that drives action– Push v. pull strategies for distributing data
Tied in to incentives– Variable compensation must be partially based on performance against risk
objectives
- 6 - 042D
eTor
o.pp
t
Legal Implications
Companies are concerned about disclosing too much risk information that may be subject to legal discovery
Companies’ responses to this issue fall somewhere on a spectrum:
Many companies (and their general counsel) presume that the middle road is more dangerous than burying one’s head in the sand
Ideal StateAcknowledge the riskCollect dataDo the right thing
Head in the SandDo not acknowledge the riskDo not collect data
Middle RoadAcknowledge the riskCollect dataDo the “wrong” thing
4
- 7 - 042D
eTor
o.pp
t
Ford Motor Company: The Middle Road Done Wrong
The situation: 1970’s Ford Pinto
The risk: Gas tanks would rupture easily in the event of a rear-end collision
The data: The risk became apparent during the design and crash studies of the Ford Pinto
Cost of repairing the flaw: $11 per car ($137 million cost)1
Value of the benefit: $200,000 saved per life lost ($49.5 million benefit)2
Internal documents indicated that a cost-benefit analysis did not support fixing the flaw
Outcome: Estimates put the impact at over 500 deaths3, and significant financial and reputational damage to Ford
- 8 - 042D
eTor
o.pp
t
Major Conglomerate: The Middle Road Done Right
The situation: Income tax return for a major US conglomerate
The risk: The company pursued a tax accounting policy, despite some concern that it might not be deemed acceptable by the IRS
The data: The company documented their rationale for interpreting the tax law as they did, and quantified the impact of their interpretation versus another interpretation commonly in use. This information was clearly documented
Outcome: The company was taken to court by the IRS. Although the company’s interpretation was ruled to be invalid, fines and penalties were substantially reduced because of the company’s ability to document its rationale
5
- 9 - 042D
eTor
o.pp
t
Taking the Middle Road – Other Lessons
1999 Institute of Medicine report: medical errors cost $17B to $29B per year and are the 8th leading cause of death in the US4
Pressure on hospitals to disclose errors so patients can make informed choices about where to obtain care
Hospitals have mechanisms in place to disclose adverse medical events as learning opportunities for doctors
– Weekly Mortality & Morbidity (“M&M”) conferences
– Hospital risk managers
Lessons can be learned from the approaches hospitals have taken in dealing with medical errors
- 10 - 042D
eTor
o.pp
t
Taking the Middle Road – Hospitals’ Responses
Traditional approach was “defend and deny” – No admission of wrong-doing
– Cases cited of risk managers and doctors denying knowledge of medical errors to protect colleagues
Proposed legislation – IOM proposed mandatory reporting of errors to make health care safer; simultaneously proposed legislation to extend peer-review protections to reports of errors (currently extend to M&M)
Improve processes to reduce errors – Medical community adopting similar checks and protocols to the airline industry
Apologize and disclose – Discussed in next case study
Hospitals have responded to pressures for full disclosure in several ways:
“With malpractice premiums soaring and a national patients’rights movement pushing for full disclosure of medical errors, the industry is rethinking the traditional approach known as
‘defend and deny’.”5
6
- 11 - 042D
eTor
o.pp
t
Lexington VA: The Middle Road Refined
The situation: Hospitals use weekly Mortality & Morbidity (“M&M”) conferences and other disclosures of adverse events as learning opportunities to teach doctors how to address complications
The risk: Admissions of mistakes may be used against doctors in malpractice suits.
The data: Lexington VA implemented a mandatory disclosure policy, requiring all doctors to report errors to a committee which then informed the family and offered compensation.
Outcome: Instead, after implementation, the average cost of error-related payouts was only $15,632, which was in the lowest quarter of the 35 VA hospitals in the country, and Lexington VA is deemed one of the safest VA hospitals in the country.6
“”Being honest defused situations that would otherwise lead to litigation.”7
- 12 - 042D
eTor
o.pp
t
Legal Issues - Summary
Acting responsibly, prudently and reasonably with the data they gather
Disclosing and apologizing when things go wrong
Utilizing lessons learned from risk events to move closer to the ideal state by improving processes to limit future adverse events
Ideal StateAcknowledge the riskCollect dataDo the right thing
Head in the SandDo not acknowledge the riskDo not collect data
Middle RoadAcknowledge the riskCollect dataDo the “wrong” thing
Companies can live more comfortably with the middle road by:
7
- 13 - 042D
eTor
o.pp
t
BibliographyEnd Notes
Mark Dowie. “Pinto Madness.” Mother Jones. Sept / Oct 1977.
Ibid.
Ibid.
Stephanie Mencimer, “Casualties of Medicine.” Legal Affairs. May / June 2003.
Rachel Zimmerman. “Doctors’ New Tool to Fight Lawsuits: Saying I’m Sorry.” Wall Street Journal. May 18, 2004, page A1.
Ibid.
Stephanie Mencimer, “Casualties of Medicine.” Legal Affairs. May / June 2003.
Other Sources
Sara Nathan and Guillermo X. Garcia. “Ford visit led to settlement.” USA Today. Jan. 9, 2000.
Jane Garbutt et al. “Lost Opportunities: How Physicians Communicate About Medical Errors.” Health Affairs. Vol. 27, No. 1, 2008.
Karen Lundegaard. “Study Raises Roof-Safety Questions.” Safety Issues. Vol. 4, Issue 41, April 2005.
Copyright © 2008 Deloitte Development LLC. All rights reserved.