“Intellectuals solve problems, geniuses prevent them.” – Albert Einstein
It is tough for each of us to be an Einstein, but our external brain – the computer in the cloud – is helping us inch closer to problem prevention. With the ability to keep track of billions of bits of information and find patterns in them, Analytics is not only able to enhance visibility on potential risk areas, but also predict risk events, to make them more preventable.
While data and reporting are intent-agnostic, analytics is not. Data needs to be viewed through a different analytical lens depending on intent. Strategic risk requires careful estimation of risks involved in any decision; execution risk needs early red flags so that the right nuts and bolts can be tightened; fraud risk requires analysts to wear their Poirot hat. Thus, in my opinion, from an Analytics point of view, the risk in an enterprise looks like this:
The ability to make an informed “risk choice” for strategic decisions is a competitive advantage to firms. The most successful and innovative firms are all those that have taken smart risk bets and have been agile in their approach.
In 1965, physicist Richard Feynman said that the same two math formulae are unequal because they present themselves differently to the human mind. This is just as true for risk – each person and each organization has a different risk appetite. Further, while the theory of loss aversion points to the fact that people strongly prefer avoiding losses to acquiring gains, organizations paradoxically spend more time thinking about what they will gain rather than what they can lose. Analytics on strategic risk needs to factor both.
Every organizational decision leads to risk, and it is important to be aware of the risks, analyze them closely for impact and likelihood, simulate enough “what-if” scenarios, and have plans to mitigate consequences if they occur. For this analysis to occur and if it is to be effective, the relationship between revenue/profit centers/business units and the risk organization has to be robust.
Many analytical techniques exist for strategic risk, such as stress tests, risk maps, decision trees, scenario modeling, and simulations.
Most of the current risk and control frameworks are focused around this. Errors and process gaps can cause serious losses and disruptions to an organization. The ERM methodology of identify, analyze root cause, assess, treat, control and monitor is most pertinent for this. However, the tools and techniques for these have evolved. The biggest challenge earlier was in integrating data to identify patterns and outliers. Analytics has made this process a lot easier, pulling the data together, highlighting areas that exceed the threshold limits and enabling drill downs into transactions that are outliers. The investigation, treatment and assessment of controls can thus be much more focused, based on the data gathered through analytics.
Probably the area where the highest amount of analytics occurs in financial services firms, this is still a fledgling area in other sectors. As per an industry survey, 72% of executives think big data can play a key role in fraud prevention and detection but only 7% are aware of the relevant technologies. Among smaller companies (<$1B revenues), 42% work with data sets of less than 10,000 records; and in bigger companies, 71% with less than 1M records. While these are currently low, both awareness and adoption are slowly but steadily increasing. Statistical and algorithmic techniques as well as continuous transaction monitoring are gaining ground.
Since data is intent-agnostic, pooling all risk-related data would enable strategic decision making, early identification of execution risk, as well as detecting patterns for fraud. In my previous blog, I mentioned the changing concerns of CROs – Analytics is addressing many of these challenges.
In my next blog, I will look at how analytics is changing the way execution risk is managed.