“It’s critical to unite multiple perspectives on risk,” said Brenda Boultwood, Senior Vice President at MetricStream, “even though approaches to risk and compliance can be very different” throughout an organization. Boultwood was the second of two speakers at a webinar on operational risk held on August 27, 2015, sponsored by the Global Association of Risk Professionals.
A common framework will require standard taxonomies, common definitions, and consistent risk assessment across a company, said Boultwood. She sketched out an integrated enterprise risk management (ERM) framework, in which all types of risk share a common hierarchy, common business processes, and a common set of libraries. Risk and control assessment must be part of end-to-end business processes. “Standard libraries of risks and controls will ensure consistent methodology and facilitate aggregation,” she noted.
In order to implement an effective ERM framework, a company will need a centralized technology solution that integrates all types of risk—as well as decision making and strategic planning.
The risk data model must be universal and consistent, uniting “people, products, counterparties,” Boultwood said. Analytics and reporting will give predictive capabilities. “The outcome will be risk intelligence” for optimum business performance.
“It’s important for risk managers to think clearly: what risks are coming from emerging risks? What changes are on the horizon?” she said. For example, changes in customer behaviour start off small but can become overwhelming.
“It’s not just a culture of risk we want, it’s a culture of collaboration,” she said. Companies need to incorporate the three lines of defence, with risk management embedded as the first line of defence.
“Technology IS the differentiator,” she noted. Choice of a good technology solution will enhance risk strategy, improve control and processes, embed risk management, and optimize risk management functions.
“Ultimately this will enable informed decision-making,” Boultwood said, “so that when a company takes risks, they are taken deliberately—in order to further the company’s long-term strategy.” ª
Click here to view the webinar presentation, Integrating Operational Risk Management into your Enterprise Risk Framework. Boultwood’s presentation is from slide 11 to 21, inclusive.
Disclaimer: TextMedic completes occasional contract work for MetricStream.