BPO Thought Process

BPO Thought Process

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

Risk Analytics: Predict, Prevent, Detect

Category : Risk and Compliance

“Intellectuals solve problems, geniuses prevent them.” - Albert Einstein

It is tough for each of us to be an Einstein, but our external brain – the computer in the cloud – is helping us inch closer to problem prevention. With the ability to keep track of billions of bits of information and find patterns in them, Analytics is not only able to enhance visibility on potential risk areas, but also predict risk events, to make them more preventable.

While data and reporting are intent-agnostic, analytics is not. Data needs to be viewed through a different analytical lens depending on intent. Strategic risk requires careful estimation of risks involved in any decision; execution risk needs early red flags so that the right nuts and bolts can be tightened; fraud risk requires analysts to wear their Poirot hat. Thus, in my opinion, from an Analytics point of view, the risk in an enterprise looks like this:  




Strategic Risk:

The ability to make an informed “risk choice” for strategic decisions is a competitive advantage to firms. The most successful and innovative firms are all those that have taken smart risk bets and have been agile in their approach.

In 1965, physicist Richard Feynman said that the same two math formulae are unequal because they present themselves differently to the human mind. This is just as true for risk – each person and each organization has a different risk appetite. Further, while the theory of loss aversion points to the fact that people strongly prefer avoiding losses to acquiring gains, organizations paradoxically spend more time thinking about what they will gain rather than what they can lose. Analytics on strategic risk needs to factor both.

Every organizational decision leads to risk, and it is important to be aware of the risks, analyze them closely for impact and likelihood, simulate enough “what-if” scenarios, and have plans to mitigate consequences if they occur. For this analysis to occur and if it is to be effective, the relationship between revenue/profit centers/business units and the risk organization has to be robust.

Many analytical techniques exist for strategic risk, such as stress tests, risk maps, decision trees, scenario modeling, and simulations.

Execution Risk:

Most of the current risk and control frameworks are focused around this. Errors and process gaps can cause serious losses and disruptions to an organization. The ERM methodology of identify, analyze root cause, assess, treat, control and monitor is most pertinent for this. However, the tools and techniques for these have evolved. The biggest challenge earlier was in integrating data to identify patterns and outliers. Analytics has made this process a lot easier, pulling the data together, highlighting areas that exceed the threshold limits and enabling drill downs into transactions that are outliers. The investigation, treatment and assessment of controls can thus be much more focused, based on the data gathered through analytics.  

 

Fraud Risk:

Probably the area where the highest amount of analytics occurs in financial services firms, this is still a fledgling area in other sectors. As per an industry survey, 72% of executives think big data can play a key role in fraud prevention and detection but only 7% are aware of the relevant technologies. Among smaller companies (<$1B revenues), 42% work with data sets of less than 10,000 records; and in bigger companies, 71% with less than 1M records. While these are currently low, both awareness and adoption are slowly but steadily increasing. Statistical and algorithmic techniques as well as continuous transaction monitoring are gaining ground.

Since data is intent-agnostic, pooling all risk-related data would enable strategic decision making, early identification of execution risk, as well as detecting patterns for fraud. In my previous blog, I mentioned the changing concerns of CROs - Analytics is addressing many of these challenges.

In my next blog, I will look at how analytics is changing the way execution risk is managed.

About the author

Divya Kumar
12 Comments Leave a comment
Hello Divya, Your articles are precise and very informative. I believe that there are two types of risk-positive and negative, like, the risk of making money and the risk of losing money. And we mostly talk about negative risk and how to prevent or mitigate it. Can you throw some light on positive risk and how to capitalise on it. Regards, Manjusha Chundi
Thanks Manjusha! Most of strategic risk falls into the category of "positive risk". It could be expansion into markets, launching a new product - any risk that we take in order to earn a return. In my 4th blog, I will cover a few common analytical techniques used to capitalize on these risks. Send me your contacts and I can send you the link when it gets published in a couple of weeks from now...or check back on this space! Regards, Divya
Awaiting for the next article to understand the significance of analytics, informative !
Thanks for your note, Vijay. The next 2 blogs are now on the site. Regards, Divya
Hi Vidya This article has been pretty informative on the categorisation of risk and makes interesting reading. Look forward to the next article on Risk Analytics. PKR, VP-IA&RM, ALL
Thanks for your note! The next 2 blogs are now on the site. Regards, Divya
Quite informative and factually written. looking forward to reading more on the subject Best Vivek
Hi Vivek. Glad you liked it! The next 2 blogs on this subject are now on the site. Thanks, Divya
Divya, Excellent reading! How would you utilize/incorporate the almost intangible "gut instinct" or "corporate knowledge" within the risk assessment? I look forward to your future articles.
Hi Chris. Thanks for your note. "Corporate knowledge" can be factored into some of the strategic risk tools. E.g. in a risk map, the impact assessment of the risk is largely subjective in nature and is heavily dependent on corporate knowledge. The tougher aspect to factor in is "gut instinct". The way I look at it is that analytics or any risk mechanism is only a tool. How data is read or interpreted is always based on the person doing so and the decisions made will always depend on the gut/biases/behavior of the person making the decision. If you would like to read more about analytics in risk, my 3rd and 4th blogs on this topic are now on the site. Have a good day. Regards, Divya
Great Article. Good to see the role of big data in the risk management Krishna
Thanks Krishna!

Leave a comment

Your email address will not be published. Required fields are marked *.