Replies

  • when I just started out measuring risk performance, I found that 'repeat audit findings' linked to the performance agreements a great starting point.  I annually added more but never have more than 3.  I hope that is of some assistance.

     

     

    Beulah

  • One more thought - perhaps you could consider profitability of different (exposed to  risk) areas of activity your organization is involved in.

    What does it mean when such segment is profitable (ROE on accepted level)? From the risk point of view it means that your risk approach in that segment is correct - your risk criteria, rating models, cut-off points reflect well the risk associated with particular segment. If so, perhaps that could be taken as one Risk performance indicator.

  •  

    I identify with the comments made by Chris Shorthouse.  You may have the most qualified, experienced, and hard working Risk Management Department, but the programmes put forward by the Chief Risk Officer may not be accepted by the Corporate Management.  Risk Management involves expenditure in actual capital, e.g. Risk Transfer, Risk Protection, and expenditure in time.  The Firm's management may not be committed to the required resources for either or both areas sufficiently to make this endeavour successful.  So, it is the corporation's own comittment to Risk Management which will determine the performance and value of the Risk Management Department to them.

    That said, John Fraser, Vice President and Chief Risk Officer for Hydro One, and Betty Simkins, Professor of Business and Professor of Finance at Oklahoma State University, have co-authored a book entitled " Enterprise Risk Management", published by John Wiley and Sons, Inc. which is comprehensive with respect to the issues in Enterprise Risk Management for an organization.  Those who have not read it may wish to do so to consolidate many of the thoughts on Risk Mangement that they may already have and gain some new insights.

    I believe the most successful Risk Management team is one that has engaged the committment of the firm's management to good ERM practices.  This involves the so called soft skills of persuasion and diplomacy !  Perhaps the key KPI is the engagement of Senior management.

  • Coming from a health and safety background KPIs will include proactive and reactive indicators like;

    Proactive: number of audits conducted, non-conformances issued and closed out, site inspections, actions and completed, risk assessment conducted.

    Reactive: accident stats, reported and investigated.

  • Martin,


    Thanks for the feedback despite the tight schedule...
    Martin Snyman said:

    I have alsoe struggled with this question.  I think the starting point is to clarify what the risk department does.  In our case we provide a project risk service:

    1. Knowledge Transfer: Educate people about Project Risk Management and the systems and processes

    2. Select/establish and maintain risk department processes, systems and software

    3. Generate Reports based on risk registers

    4. Fassilitate the listting of risks and assisting with the update of them.

    5. Fassilitate with the identification of risks

    6. Provide assurance regarding the risk process, systems and tools as well as the the content and appropriate management of the risks and risk registers generated by applying risk management.

     

    For me the most difficult part is risk register section.  Can't expand too much now as I have to go to a meeting.  In Smith & Merrit's book there is a section on performance measurement and the key is that you must select which risks to manage actively ( Risk Department actively involved) and which to either ignore OR leave to Owners to manage.  S&M's measurements then focus on trending realised risks from the set marked for active management vs the ones which has been accepted by virtue of the decission not to manage them actively.

     

  • Thanks Chris,


    These are great pointers and will share my review using the department focused KRIs.


    Best

    Chris Shorthouse said:

    The performance of a Risk Department is hard to quantify in traditional terms of output, savings etc. as pro-active risk management should reduce the likelihood of negative outcomes and influence management's strategy and delivery of positive outcomes - but quantifying how much value has been saved or added is problematic.

     

    I'd suggest you look at the following KPIs:

    • Frequency of risk workshops/training provided to risk owners in the business - as this will demonstrate the activity to educate and support managers across the business in effectively managing their risks;
    • Volume of realised 'unexpected' losses - as this may indicate 'gaps' in the risk management activity which should have been identified;
    • Timeliness of risk refreshes - if existing risk registers and mitigation plans are only being refreshed each year then you may need to question the accuracy of the quantification and evaluation of the mitigating controls (especially in light of global economic conditions in the last three years);
    • Qualifications and experience held - this will indicate whether the Risk Department is adequately staffed and also whether training programmes are being completed to remain 'current' and aware of topics in risk management and other related professional fields; and
    • The level of senior management / Executive Committee involvement in the Risk Department - this will ensure that there is senior support for the activities, drive engagement with middle-management and also enable the escalation of risks which cannot be adequately tackled at the operational level.

    I hope these thoughts help and would welcome comments on the points suggested and also on your experience following the review.

     

  • I have alsoe struggled with this question.  I think the starting point is to clarify what the risk department does.  In our case we provide a project risk service:

    1. Knowledge Transfer: Educate people about Project Risk Management and the systems and processes

    2. Select/establish and maintain risk department processes, systems and software

    3. Generate Reports based on risk registers

    4. Fassilitate the listting of risks and assisting with the update of them.

    5. Fassilitate with the identification of risks

    6. Provide assurance regarding the risk process, systems and tools as well as the the content and appropriate management of the risks and risk registers generated by applying risk management.

     

    For me the most difficult part is risk register section.  Can't expand too much now as I have to go to a meeting.  In Smith & Merrit's book there is a section on performance measurement and the key is that you must select which risks to manage actively ( Risk Department actively involved) and which to either ignore OR leave to Owners to manage.  S&M's measurements then focus on trending realised risks from the set marked for active management vs the ones which has been accepted by virtue of the decission not to manage them actively.

     

  • The performance of a Risk Department is hard to quantify in traditional terms of output, savings etc. as pro-active risk management should reduce the likelihood of negative outcomes and influence management's strategy and delivery of positive outcomes - but quantifying how much value has been saved or added is problematic.

     

    I'd suggest you look at the following KPIs:

    • Frequency of risk workshops/training provided to risk owners in the business - as this will demonstrate the activity to educate and support managers across the business in effectively managing their risks;
    • Volume of realised 'unexpected' losses - as this may indicate 'gaps' in the risk management activity which should have been identified;
    • Timeliness of risk refreshes - if existing risk registers and mitigation plans are only being refreshed each year then you may need to question the accuracy of the quantification and evaluation of the mitigating controls (especially in light of global economic conditions in the last three years);
    • Qualifications and experience held - this will indicate whether the Risk Department is adequately staffed and also whether training programmes are being completed to remain 'current' and aware of topics in risk management and other related professional fields; and
    • The level of senior management / Executive Committee involvement in the Risk Department - this will ensure that there is senior support for the activities, drive engagement with middle-management and also enable the escalation of risks which cannot be adequately tackled at the operational level.

    I hope these thoughts help and would welcome comments on the points suggested and also on your experience following the review.

     

This reply was deleted.

Introducing the Global Risk Series - Book 1 Risk Management How Tos

Dear GlobalRisk Community member, Our community’s mission is to foster business, networking and educational explorations among members. Learn from some of the top experts in the industry as they clearly explain how to approach the most important Risk management concepts. Check out their expert tips and use the link at the end of each article to navigate back to the website to leave your comment or ask a question.   Some of the topics include: How do you Explain Risk Appetite?  How to Prepare a…

Read more…
16 Replies · Reply by GlobalRiskCommunity Mar 21
Views: 1135

[Free COVID-19 Framework] What's the path to recovery look like?

We created a free presentation (attached), which discusses both global and organizational impacts of the COVID-19 pandemic, along with critical actions organizations should take immediately. This presentation introduces a framework that helps regions and organizations navigate a path to recovery via 9 potential scenarios. These scenarios capture outcomes related to GDP impact, public health response, and economic policies. The presentation also breaks down 6 immediate and critical actions…

Read more…
4 Replies · Reply by Steve Diaz Jul 8, 2023
Views: 244

If risk management is about decision making, are current risk management solutions irrelevant?

Now that the updated COSO and ISO risk management standards emphasize a connection to enterprise objectives and decision making, does this mean ERM and GRC solutions focused on risk registers and regulatory compliance are missing the true value of risk management?Will current risk management solutions evolve to integrate more decision support functionality or will standalone prescriptive analytics and other technology solutions take a more prominent role in enabling risk-informed…

Read more…
3 Replies
Views: 177

A question related to classification of instruments between trading and banking book.

We have an interesting question from one of our members.       "We usually perform OTC FX transactions with clients backed-to-back on the market (with Banks). Now we are going to perform a FX swap (i.e. Spot + forward) JPY/EUR for the Bank account for 1 week at the longest. The purpose is to get EUR place @ CB for LCR compliance purpose (no trading purposes). Bank's Management think that this should be considered as a trading position and therefore be classified within the Bank's trading book.…

Read more…
5 Replies · Reply by Prisha Singh Dec 26, 2023
Views: 381

Plunging oil prices: curse or blessing in disguise?

The recent sudden crash of oil prices has had a major impact on the world economy, leading to many troubled faces in the international arena. The Russians fear the effects of yet another powerful hit on their economy, Venezuela seems to be considering default and the Americans are weary of the consequences for its young and emerging shale oil industry. And then you have the Middle East, where the smallest match is enough to ignite the largest fire. But are these worries really justified or…

Read more…
1 Reply
Views: 114

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead