By Rob Starr, Big4.com Content Manager
The KPMG/RMA Operational Risk Management Excellence – 2015 Global Heightened Practices Survey. was recently released and Tim Phelps, U.S. Operations Risk Network Leader at KPMG LLP, answered some questions for Big4.com.
- Why the low number of organizations aligning operational risk management (ORM) to strategy? Relatively few firms have aligned ORM with strategy because many of them began their programs as a compliance exercise in reaction to regulatory pressures rather than structuring them to support business objectives. The positive news is that more and more firms around the globe are increasing their focus on strategy and performance as they work to build sustainable, value-add ORM frameworks. What’s more, regulators are looking for greater alignment of ORM
with strategy at the Board, Executive Management and line of business levels.
- How and why are quality data and metrics important? Data quality is critical to enable confidence in risk information (“risk intelligence”) which is vital for business and risk management decision-making and planning. Metrics are a key component of the risk intelligence suite of information used across the enterprise to advise on the level, trend and direction of risk and the effectiveness of controls. Metrics act as a gauge to measure whether risk exposures are within defined thresholds/limits and/or risk appetite levels. Many firms are working to develop predictive and detective measures to identify and manage exposures that can impact their objectives and adversely affect their customers, investors and other critical stakeholders.
- What are some of the challenges facing organizations revealed in the survey? In addition to aligning ORM with strategy, other areas of challenge noted in the Survey include a) meeting global heightened regulatory expectations such as leveraging risk data to strengthen the risk and control environment, b) integrating, calibrating and simplifying risk assessment approaches, and c) improving ORM’s value add at the line of business level.
- In what ways is the evolution of ORM moving in the right direction? Several positive indicators of ORM’s progress include a) greater stature of the disciple and recognition of its contribution by the board and executive management, b) enhanced clarity of roles and responsibilities across the three lines of defense, and c) the adoption and cascading of operational risk appetite at the enterprise, line of business and other levels, and the development, monitoring and escalation of forward-looking measures of operational risk appetite.
- What needs to be done going forward? There is much more that firms need to do to better identify, measure, monitor and manage operational risk and embed it into their day-to-day practices. Business leaders and regulators have stressed the need to focus on enhanced operational risk management processes whether the Basel Capital Accord’s Advanced Measurement Approaches (AMA) requirements continue or are significantly modified. They have also stressed the need to better align ORM with firm strategy, planning and performance, and enhance communication and issue management and escalation across the 1st and 2nd lines of defense. Firms will also need to build secure data structures that provide dynamic, actionable reporting at all levels of the organization to proactively monitor and manage current and emerging threats to their business objectives, customers, and other stakeholders. As volatility continues to grow across the globe, operational risk managers will play an increasingly important role in helping their firms manage a growing range of threats and opportunities.