| During this time of crisis I studied many documents | | | | Currently they are not yet well embedded as a |
| written by regulators, by big and small consultancy | | | | management concept. There will be a better |
| companies, I participated in different forums and I | | | | appreciation that good communication and a learning |
| came to the conclusion that the following 7 | | | | culture, with openness, lack of blame and analysis of |
| improvement areas will shape the future of Risk | | | | mistakes, is the key to effective risk management. |
| management in the coming years. These areas are: | | | | The idea of risk management being embedded in the |
| ERM or Enterprise risk management; data quality; | | | | culture of organisation is central in this context. |
| systems; business processes and organisation; move | | | | Area 5: Move from quantitative to qualitative |
| from quantitative to qualitative measurement; | | | | measurement. |
| reporting requirements. | | | | One of the reasons of the current financial crisis was |
| Area 1: ERM implementation. | | | | cited as over reliance on quantitative approach. The |
| Many organisations are starting the implementation of | | | | future measurements should combine efficient expert |
| their ERM program. This will require a complete new | | | | based judgment, risk governance or proper |
| thinking. Instead of managing different types of risk | | | | arrangement of roles and responsibilities, stress |
| such as market risk, credit risk and operational risk as | | | | testing and holistic view of risks. In sound stress |
| separate silos, financial institutions are bringing them | | | | testing, management judgment and imagination are |
| together under a single enterprise-wide framework. It | | | | essential to determining the scope, likelihood and |
| will also require a shift from business line aggregation | | | | severity of stress test scenarios. (See "Principles for |
| to risk type aggregation of risks and exposures. | | | | sound stress testing practices and supervision", Basel |
| Area 2: Data quality. | | | | Committee of banking Supervision). |
| High-quality master and reference data are central to | | | | Area 6: Strengthening of the reporting requirements. |
| the success of an enterprise risk- management | | | | Authorities and boards require relevant and timely |
| strategy. Each of the components of enterprise risk | | | | information concerning key risks that is captured by |
| requires different levels of data input. Other | | | | the risk reporting system to oversee the efficiency |
| important areas are workflow management and | | | | of the organisation's risk management approach. |
| event reporting. | | | | Area 7: Convergence of Market and Operational risk. |
| Area 3: Systems. | | | | Risk managers from different disciplines, especially |
| High-quality master and reference data are central to | | | | from market and operational risk are working |
| the success of an enterprise. In order to better | | | | together to develop more forward-looking risk |
| manage risk, corporations need to bring together | | | | management approaches and techniques. |
| data from systems that in the past operated as silos | | | | Market risk is by its nature very data-driven and |
| and have seemingly little or no relation to each other. | | | | already using the forward-looking tools such as |
| The main challenge in this area is to bring data from | | | | scenario analysis and stress testing. In contrast to |
| different transactional systems, involving different | | | | credit risk, which is still mainly driven by historical |
| product lines and from different jurisdictions in such a | | | | quantitative data, Operational risk did not produce |
| way that data will remain relevant and consistent | | | | sufficient historical data. Instead, the Operational risk |
| without duplication or integrity loss. | | | | has focused on using business specialists' knowledge |
| Area 4: Business processes and organisation. | | | | and expertise to generate scenarios. These scenarios |
| There will be more discussion about 'risk appetite' and | | | | have been applied together with the existing data to |
| 'risk tolerance', which means a greater understanding | | | | produce risk measurements or projections of risk |
| that companies need to look at their risk culture. | | | | probability and severity. |