Data – its reliance and integrity ultimately drive risk management outcomes and decisions. It has been established from previous writings that Enterprise Risk Management (ERM) is about timely scrutiny and proactive management of risk across businesses.
For an ERM framework to be deemed a success, it must be seen to deliver better informed and timely decision-making capabilities.
A top-down perspective on enterprise risk management (ERM) is what typically obtains. This approach underestimates the importance of data, which is the core bottom-up enabler for ERM, and compromises the bigger-picture requirements of a sound ERM framework, including the longer-term strategic advantages of a solid data foundation.
Obtaining the right information at the right time, which is appropriate to the business aspect, is at the very heart of risk management. This information might be in the form of data, specific stress situations, influences, judgement and assumptions. Data is not very useful on its own but it is at the very core of risk intelligence after it has been ordered into logical information using various means.
The starting point is to focus on the business aspect that is under scrutiny. Then a list of possible data sources should be listed under external and internal headings before resources are allocated to the obtaining of the information. It is a mistake to narrow the field of possible areas of data too soon, because that can create bias. For example, just looking at past data to predict the performance of a particular risk is a bit like a pilot guessing the flight plan for an airplane. One degree of error at the commencement of the journey could result in a final destination that is several kilometres from the correct place.
Past data is useful, but it needs to be interrogated closely to look at where there are aberrations in the risk trends and to examine reasons for any changes.
Where there is little data to rely on, then other sources of information should be gathered which are relevant to the risk area under examination. With operational risk, there is usually the challenge of little internal data, such as incidents, accidents, near misses or recorded errors by which a good forecast of the future performance of the risk can be assessed.
Capturing the correct data can prove critical to ensuring that the right people discuss, monitor and manage the risks appropriate for consideration at each level of the organisation.
Deficiencies in raw data are not the only obstacle to achieving this objective. When poor data is combined with the management of risk in silos, ERM is fundamentally undermined.
Silos are perhaps inevitable for day-to-day, local operational purposes, but this approach to management of risks is inadequate for the organisation as a whole.
Once a holistic view of key risk data has been achieved, material improvements in operational efficiency both at the local level as well as at the enterprise level can be achieved.
The source of data now brings to question. Incident reports, near misses and insurance claims are grist to the mill for risk analysts who are looking for data upon which to analyse risk, but often the near misses are ignored, which is quite unfortunate as they are most useful for being able to predict how risk is performing.
Complaints from customers are also a rich source of information about risk performance, and trends from these complaints can be indicative of risk management improvement requirements. Care should be taken in order to encourage an open reporting environment so that people do not falsify the information provided if they fear punishment.
Key performance indicators, audit reports and management reports are also great areas for tracking risk changes. For that purpose, dashboards are more useful, particularly if trends can be tracked.
External information is most useful when trying to benchmark one organisationâ€™s risk performance against another and being able to predict the way in which a risk might change.
To understand how limitations in data availability across the enterprise frustrates the holistic management of individual firms, one only needs look at the recent subprime crisis, which morphed into the liquidity crisis, and then the economic crisis, which in turn led to the wider contagion that we experienced post 2008. Ultimately, banks did not have access to the data needed to enable the robust management of risk across the enterprise.
The federal government recently launched the Economic Recovery Growth Plan (ERGP), with the objective of restoring the country to a positive and sustained growth path, investing in the Nigerian people to improve their living standards, and building an economy that is globally competitive.
With little information on the number of initiatives being put in place to ensure effective implementation, the source and reliability of the data that will be employed is critical to its success. The task force constituted to drive the implementation will rely on a continuous supply of rich and reliable data from The National Bureau of Statistics. Any flaws in the source data will result in less than optimized achievement of this noble government objective.
Risk information is founded on getting the right source and type of data and manipulating it so that the data reveals the knowledge that leads to information. The seeking of the right information to support the risk analysis is a process of hard work and deliberate strategy. Whilst short cuts can be made, assumptions jumped to, and gut feeling used; there is no substitute for solid supporting data which is relevant to the risk activity in hand.