1. Global Compliance Associates, LLC
The promise and challenge of managing uncertainty is analogous to the
phrase “connecting the dots”, “seeing around corners”, or some other
catchy sound bite that describes the ability of some group or individual to
prevent disaster before it happens. While every industry would like to
have processes in place to connect the dots the reality has been elusive at
best.
Peering into the future with a high level of certainty requires new skills and
tools beyond the traditional risk and control self-assessments that are
broadly used today. Let me give you an example. Suppose you build a
model that touts 95% accuracy. Typically, what this refers to is a measure
of false-negative ratio. In order to truly gauge the accuracy of a system
you must also know the false-positive ratios. To reduce uncertainty your
model must be able to achieve a high degree of true-positive results in
order to make an informed decision. Mathematically, accuracy compares
the number of times you “miss” (false negatives) and the number of times
you incorrectly “hit” (false positives). The final result provides you with a
better picture of your “true positives.”
Preparing for the new demands in Regulatory
Reform during volatile market conditions
“American business tends to
have a strong bias to ignore
variations in data and instead
focus on the mean or
average results. There is a
tendency to believe that
“average” is the expected
value of an outcome. Plans
based on average
assumptions are wrong on
average.”
- Sam Savage, author of the
Flaw of Averages
Why connecting the dots has
been elusive?
Managing Uncertainty
2. 2 lorem ipsum :: [Date]
“To improve is to change; to be
perfect is to change often”
- Winston Churchill
Global Compliance Associates, LLC
GCA, LLC was established to fill a gap in risk practices for firms
seeking to benchmark the effectiveness of their risk
management programs. The GCA, LLC “Risk Maturity Model”
assesses your risk management program against industry
leading risk practices. This diagnostic tool is used to begin a
dialogue for enhancing operational risk, information security
risk, and internal controls programs.
GCA, LLC has over 70 years
of practical experience
creating cost effective risk
management and compliance
programs for a variety of world-
class financial services firms.
GCA, LLC’s team of risk
professionals has the
experience to transform your
risk management program into
a high performance framework
designed to evolve with the
growth and complexity of your
organization.
- - - - - - - - - - - - - - - - - -
The challenge many boards
face is as humans we
frequently underestimate the
uncertainty of events. By
nature, we are wired to believe
we know how to manage risk
after it appears. The oil spill in
the Gulf of Mexico is an
extreme example of the fallacy
of this approach. New
approaches to understanding
uncertainty have been slow to
be adopted by firms who
profess to manage risks well.
But how do you anticipate the
unknown? What probability
would you assign to these
events? Help is just beyond the
horizon! Technology is playing
a tremendous role providing
organizations the ability to
capture, organize, and model
a richer set of risk data.
These technologies are
becoming very powerful tools
that allow management and
board of trustees to ask tough
questions and to analyze a
range of outcomes of
uncertain events. When used
properly these systems increase
the probability of success.
Success is never
guaranteed otherwise there
would be no risk! Managing risk
is the process of reducing the
cloud of uncertainty of bad
things happening. Doing so
takes a new way of thinking
about the role that board of
trustees play as fiduciaries. This
primer is the first step in moving
beyond the regulatory and
compliance approach to
managing risk.www.globalcomplianceassociates.com
3. 3 lorem ipsum :: [Date]
“A statistician was given the task
of fording a river that was on
average 3 feet deep. Three
quarters of the way across the
statistician was progressing as
expected. Suddenly, the poor
man disappeared in the middle of
the river. The poor statistician did
not anticipate the 20-foot sinkhole
in the path of his crossing the
riverbed. Too often this is how
businesses plan their goals,
strategy and major initiatives.”
(paraphrased)
- The Flaw of Averages,
Sam L. Savage
A highly accurate risk model would be able to parse through a
vast number of individual data points, choose between or reject
scenarios least likely to occur and present you with a highly
targeted list of the most likely outcomes for you to focus on.
Building sophisticated models with intelligence requires looking
beyond the traditional high, medium, low risk assessment models
where “average” is used to measure risk.
The importance of intuition, experience, industry expertise, and
other intangibles used daily to make valid decisions is just as
relevant today as ever before. However, as organizations
become more geographically diverse systemic risks are harder for
any one person or group to anticipate. Two main factors
contribute to this problem. Modern organizations manage millions
of transactions and confidential data that hold the key to
organizational success or reputational failure. Keeping track of
these data points has exceeded the capacity of the human
mind. Secondly, information is fragmented in different locations
and in different forms of data that make it very challenging to
grasp the significance of any single set of data points in isolation.
Simply put, connecting the dots is insurmountable without help
from technology to digest the data in a manner that informs your
decision-making.
Make no mistake a human is required to connect all of those
separate dots into a cogent set of decisions however technology
is the tool that allows this to occur! No technology reduces
uncertainty completely. However, technology is advancing
rapidly to address these challenges by providing the means to
reduce uncertainty to a more manageable level.
Why we
underestimate risk
Risk comes from not
knowing what you’re
doing.
Warren Buffett 1930-,
American Investment
Entrepreneur
(continued)
4. 4 lorem ipsum :: [Date]
The “New Normal “ in business
will require innovative
approaches to managing risks in
an increasingly complex market
environment
Let’s shift gears a bit to
understand how old approaches
to addressing risks have resulted
in recurring operational risk
failures. The Flaw of Averages
and our tendency to reinforce
our own biases have prevented
major advances in risk
management practices.
Why is the Flaw of Averages so
prevalent in almost every human
endeavor? Nassim Nicholas
Taleb explains this phenomenon
in his seminal book, The Black
Swan. Taleb tells the story of the
appearance of a single Black
Swan to illustrate that our
perception of the world is based
primarily on our limited
observations and experience of
what is known. Because we do
not naturally focus on what is
unknown we are surprised by all
of the Black Swans that occur,
both positive and negative, that
occur out of thin air.1 Whether
you completely agree with Taleb
or not is irrelevant. The point that
he is making is a valid one that
requires us to consider that
outliers exist and one must
determine were it to occur what
impact would it have on your
firm, business plans or employees.
Avoiding the Flaw of Averages
requires an understanding of the
weaknesses inherent in most risk
assessments that use averages to
determine expected outcomes.
What then is the alternative to
the Flaw of Averages? One must
start with the capture,
refinement, and analysis of high
quality data. Let’s spend time
discussing the importance of
getting the data right so that you
can avoid the Flaw of Averages.
Getting data quality right is not a
new idea! If you have heard the
saying “garbage in; garbage
out” you understand that this
concept is as old as the Cobol
programs used in the early days
of computing technology.
However, the proliferation of
data makes this problem more
challenging and urgent to solve.
As American industry shifted from
manufacturing to the information
age the importance of data has
grown. The Internet is an
example of how information has
transformed business models and
elevated content to the status of
a hot commodity that must be
protected, managed, and
leveraged in new ways of doing
business. Access to data has
exploded yet the ability to glean
valuable information from the
reams of useless data has
become a real challenge for
firms handling millions of
customer and business
transactions.
Organizations are challenged
with sifting through mountains of
data to focus on the data that
matters most. Clearly,
technology is required to collect,
organize, and present the most
relevant data to the board in a
succinct manner.
The importance of this example is
that improper framing and
incomplete analysis of data will
lead to less than optimal
outcomes. Board members
should frequently challenge how
risks are framed and understand
the inherent weakness in data
quality.
Management and the Board are
faced with making decisions with
imperfect information in the face
of uncertain outcomes. We are
hard wired as humans to avoid
loss at almost any cost. This bias
to avoid losses based on poorly
designed framing leads to the
illusion of weighing all optimal
options. Once this fact is fully
understood then steps can be
taken to improve the odds of
success by improving the data
used to make informed decisions.
How does the Board avoid these
mistakes?
Request the Board ToolKit White
Paper to find out more
5. 5 lorem ipsum :: [Date]
GCA, LLC Services
The Risk Advisory Services group
specializes in providing a range of
consultative services including
targeted assessments of products,
strategy, or the Enterprise Risk
Framework. The RAS can work
along side internal risk
professionals to build next
generation risk processes or serve
as staff augmentation to fill
temporary gaps in capability.
A corporation seeking to gauge
how well their risk management
program stacks up against best
practices in comparable size
organizations use the Risk Maturity
Model. The Risk Maturity Model
uses a comprehensive set of
metrics that measure the firm’s
ability to take more risk or identify
risk of significant operational
failure.
Information Security and Privacy is
quickly becoming recognized as
an area of significant operational
risk exposure. GCA, LLC will guide
your firm through the system
development life cycle of internal
IT controls. Information Security
goes beyond authorization and
authentication to an analysis of
where data resides and how data
moves across organizations and is
shared with customers, vendors, and
competitors. GCA provides an end-
to-end view of how managing data
is the new best practices in
information security.
Protecting nonpublic confidential
data and personally identifiable
information is now mandated by a
variety of state and federal laws that
have raised the bar and liability of
firms who fail to implement controls
that detect, prevent, or correct
weaknesses in internal controls.
Whether you are focused on strong
Information Barriers or simply looking
for creative solutions to protecting
nonpublic information GCA has the
expertise to enhance your current
controls.
GCA’s Board Advisory Services will
collaborate with senior management
to benchmark the RISK IQ of the
board’s oversight committees. An
informed Board is an effective Board
and GCA will assist in developing a
Tone at the Top that informs rather
than overwhelms.
Global Compliance Associates,
LLC provides a range of
services that include Risk
Advisory Services, Risk Maturity
Model, Information Security and
Privacy, and Board Advisory
Services
GLOBAL COMPLIANCE ASSOCIATES, LLC
GCA@GLOBALCOMPLIANCEASSOCIATES.COM
WWW.GLOBALCOMPLIANCEASSOCIATES.COM
401-451-8112
PRINCIPALS:
JAMES BONE,
PRESIDENT
SOHAYLA FITZPATRICK,
MANAGING DIRECTOR