Linking business objectives & strategy to Risk for better operational risk management

Linking business objectives & strategy to Risk for better operational risk management

By Richard Pike, CEO, Governor Software.

Richard, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

I have a number of roles at the moment. I am a independent non-executive director at three financial institutions (permanenttsb bank, JPMorgan fund administration and JPMorgan hedge fund administration), I teach risk and compliance management at various levels (bank director, MSc and diploma) and I am the founder and CEO of Governor Software. My real focus right now is on improving governance and oversight of risk and compliance within financial institutions.

At the New Generation Operational Risk Europe Summit, you will be speaking on your insight regarding ‘Linking business objectives & strategy to risk for better operational risk management.’ Can you give a taster as to what risk professionals will gain from your insights?

I have been involved in operational risk since 2000 and I have seen the maturing of processes like RCSA, loss recording and control assurance, however I think Op risk has always struggled with how to aggregate data for senior execs and how to ensure the relevance of their frameworks to the business. I have recently been involved in some research and development work that has derived a process where risks are linked to the strategic objectives of the business. The aim is to ensure that risk reports are relevant to senior execs and also add value to the business. I will be detailing the approach in my talk at the event.

Can you give a brief overview of the importance of effective risk reporting and oversight?

It is absolutely vital. In these days where regulators are looking to make individuals responsible for the oversight of their businesses, those individuals must have clear oversight of the status of their risks and must be able to evidence that to outside parties.

What are the key considerations that need to be made when aggregating measurements?

It has always been difficult to aggregate risk data as it is in many different bases (losses, RCSA results, control testing results, etc) so you firstly need to normalize the data. The next task is to define the levels and structures that you need to aggregate it by (org units, legal entities, processes, etc). Finally you need to define the appetite levels so that you can compare the aggregated data to something and achieve a ‘so what’ result.

What, in your opinion does the future hold for operational risk professionals, and how can they keep up with the increasing change?

I think that it is an important time for operational risk professionals. On the one side their frameworks and processes are relativey mature and stable, but on the other their underlying business is changing rapidly due to competitive and structural changes like outsourcing. There is a real risk that if Op risk doesn’t change to meet the new demands it will be seen as an overhead and devalued. On the good side if Op risk professionals are willing to adapt and take on the challenges, there are lots of new approaches and technologies out there that they can utilize to add serious value to their businesses and senior executives. They need to make themselves aware of new ideas and be willing to try them out in their environments. That is why your event and others like it are so important.