SlideShare uma empresa Scribd logo

Managing Uncertainty - 2011

R
RiskShare

Preparing Board of Trustees for Regulatory Reform

1 de 5
Baixar para ler offline
Global Compliance Associates, LLC The promise and challenge of managing uncertainty is analogous to the phrase “connecting the dots”, “seeing around corners”, or some other catchy sound bite that describes the ability of some group or individual to prevent disaster before it happens. While every industry would like to have processes in place to connect the dots the reality has been elusive at best. Peering into the future with a high level of certainty requires new skills and tools beyond the traditional risk and control self-assessments that are broadly used today. Let me give you an example. Suppose you build a model that touts 95% accuracy. Typically, what this refers to is a measure of false-negative ratio. In order to truly gauge the accuracy of a system you must also know the false-positive ratios. To reduce uncertainty your model must be able to achieve a high degree of true-positive results in order to make an informed decision. Mathematically, accuracy compares the number of times you “miss” (false negatives) and the number of times you incorrectly “hit” (false positives). The final result provides you with a better picture of your “true positives.” Preparing for the new demands in Regulatory Reform during volatile market conditions “American business tends to have a strong bias to ignore variations in data and instead focus on the mean or average results. There is a tendency to believe that “average” is the expected value of an outcome. Plans based on average assumptions are wrong on average.” - Sam Savage, author of the Flaw of Averages Why connecting the dots has been elusive? Managing Uncertainty
2 lorem ipsum :: [Date] “To improve is to change; to be perfect is to change often” - Winston Churchill Global Compliance Associates, LLC GCA, LLC was established to fill a gap in risk practices for firms seeking to benchmark the effectiveness of their risk management programs. The GCA, LLC “Risk Maturity Model” assesses your risk management program against industry leading risk practices. This diagnostic tool is used to begin a dialogue for enhancing operational risk, information security risk, and internal controls programs. GCA, LLC has over 70 years of practical experience creating cost effective risk management and compliance programs for a variety of world- class financial services firms. GCA, LLC’s team of risk professionals has the experience to transform your risk management program into a high performance framework designed to evolve with the growth and complexity of your organization. - - - - - - - - - - - - - - - - - - The challenge many boards face is as humans we frequently underestimate the uncertainty of events. By nature, we are wired to believe we know how to manage risk after it appears. The oil spill in the Gulf of Mexico is an extreme example of the fallacy of this approach. New approaches to understanding uncertainty have been slow to be adopted by firms who profess to manage risks well. But how do you anticipate the unknown? What probability would you assign to these events? Help is just beyond the horizon! Technology is playing a tremendous role providing organizations the ability to capture, organize, and model a richer set of risk data. These technologies are becoming very powerful tools that allow management and board of trustees to ask tough questions and to analyze a range of outcomes of uncertain events. When used properly these systems increase the probability of success. Success is never guaranteed otherwise there would be no risk! Managing risk is the process of reducing the cloud of uncertainty of bad things happening. Doing so takes a new way of thinking about the role that board of trustees play as fiduciaries. This primer is the first step in moving beyond the regulatory and compliance approach to managing risk.www.globalcomplianceassociates.com
3 lorem ipsum :: [Date] “A statistician was given the task of fording a river that was on average 3 feet deep. Three quarters of the way across the statistician was progressing as expected. Suddenly, the poor man disappeared in the middle of the river. The poor statistician did not anticipate the 20-foot sinkhole in the path of his crossing the riverbed. Too often this is how businesses plan their goals, strategy and major initiatives.” (paraphrased) - The Flaw of Averages, Sam L. Savage A highly accurate risk model would be able to parse through a vast number of individual data points, choose between or reject scenarios least likely to occur and present you with a highly targeted list of the most likely outcomes for you to focus on. Building sophisticated models with intelligence requires looking beyond the traditional high, medium, low risk assessment models where “average” is used to measure risk. The importance of intuition, experience, industry expertise, and other intangibles used daily to make valid decisions is just as relevant today as ever before. However, as organizations become more geographically diverse systemic risks are harder for any one person or group to anticipate. Two main factors contribute to this problem. Modern organizations manage millions of transactions and confidential data that hold the key to organizational success or reputational failure. Keeping track of these data points has exceeded the capacity of the human mind. Secondly, information is fragmented in different locations and in different forms of data that make it very challenging to grasp the significance of any single set of data points in isolation. Simply put, connecting the dots is insurmountable without help from technology to digest the data in a manner that informs your decision-making. Make no mistake a human is required to connect all of those separate dots into a cogent set of decisions however technology is the tool that allows this to occur! No technology reduces uncertainty completely. However, technology is advancing rapidly to address these challenges by providing the means to reduce uncertainty to a more manageable level. Why we underestimate risk Risk comes from not knowing what you’re doing. Warren Buffett 1930-, American Investment Entrepreneur (continued)
4 lorem ipsum :: [Date] The “New Normal “ in business will require innovative approaches to managing risks in an increasingly complex market environment Let’s shift gears a bit to understand how old approaches to addressing risks have resulted in recurring operational risk failures. The Flaw of Averages and our tendency to reinforce our own biases have prevented major advances in risk management practices. Why is the Flaw of Averages so prevalent in almost every human endeavor? Nassim Nicholas Taleb explains this phenomenon in his seminal book, The Black Swan. Taleb tells the story of the appearance of a single Black Swan to illustrate that our perception of the world is based primarily on our limited observations and experience of what is known. Because we do not naturally focus on what is unknown we are surprised by all of the Black Swans that occur, both positive and negative, that occur out of thin air.1 Whether you completely agree with Taleb or not is irrelevant. The point that he is making is a valid one that requires us to consider that outliers exist and one must determine were it to occur what impact would it have on your firm, business plans or employees. Avoiding the Flaw of Averages requires an understanding of the weaknesses inherent in most risk assessments that use averages to determine expected outcomes. What then is the alternative to the Flaw of Averages? One must start with the capture, refinement, and analysis of high quality data. Let’s spend time discussing the importance of getting the data right so that you can avoid the Flaw of Averages. Getting data quality right is not a new idea! If you have heard the saying “garbage in; garbage out” you understand that this concept is as old as the Cobol programs used in the early days of computing technology. However, the proliferation of data makes this problem more challenging and urgent to solve. As American industry shifted from manufacturing to the information age the importance of data has grown. The Internet is an example of how information has transformed business models and elevated content to the status of a hot commodity that must be protected, managed, and leveraged in new ways of doing business. Access to data has exploded yet the ability to glean valuable information from the reams of useless data has become a real challenge for firms handling millions of customer and business transactions. Organizations are challenged with sifting through mountains of data to focus on the data that matters most. Clearly, technology is required to collect, organize, and present the most relevant data to the board in a succinct manner. The importance of this example is that improper framing and incomplete analysis of data will lead to less than optimal outcomes. Board members should frequently challenge how risks are framed and understand the inherent weakness in data quality. Management and the Board are faced with making decisions with imperfect information in the face of uncertain outcomes. We are hard wired as humans to avoid loss at almost any cost. This bias to avoid losses based on poorly designed framing leads to the illusion of weighing all optimal options. Once this fact is fully understood then steps can be taken to improve the odds of success by improving the data used to make informed decisions. How does the Board avoid these mistakes? Request the Board ToolKit White Paper to find out more
5 lorem ipsum :: [Date] GCA, LLC Services The Risk Advisory Services group specializes in providing a range of consultative services including targeted assessments of products, strategy, or the Enterprise Risk Framework. The RAS can work along side internal risk professionals to build next generation risk processes or serve as staff augmentation to fill temporary gaps in capability. A corporation seeking to gauge how well their risk management program stacks up against best practices in comparable size organizations use the Risk Maturity Model. The Risk Maturity Model uses a comprehensive set of metrics that measure the firm’s ability to take more risk or identify risk of significant operational failure. Information Security and Privacy is quickly becoming recognized as an area of significant operational risk exposure. GCA, LLC will guide your firm through the system development life cycle of internal IT controls. Information Security goes beyond authorization and authentication to an analysis of where data resides and how data moves across organizations and is shared with customers, vendors, and competitors. GCA provides an end- to-end view of how managing data is the new best practices in information security. Protecting nonpublic confidential data and personally identifiable information is now mandated by a variety of state and federal laws that have raised the bar and liability of firms who fail to implement controls that detect, prevent, or correct weaknesses in internal controls. Whether you are focused on strong Information Barriers or simply looking for creative solutions to protecting nonpublic information GCA has the expertise to enhance your current controls. GCA’s Board Advisory Services will collaborate with senior management to benchmark the RISK IQ of the board’s oversight committees. An informed Board is an effective Board and GCA will assist in developing a Tone at the Top that informs rather than overwhelms. Global Compliance Associates, LLC provides a range of services that include Risk Advisory Services, Risk Maturity Model, Information Security and Privacy, and Board Advisory Services GLOBAL COMPLIANCE ASSOCIATES, LLC GCA@GLOBALCOMPLIANCEASSOCIATES.COM WWW.GLOBALCOMPLIANCEASSOCIATES.COM 401-451-8112 PRINCIPALS: JAMES BONE, PRESIDENT SOHAYLA FITZPATRICK, MANAGING DIRECTOR

Recomendados

Cloud Computing Disaster Readiness Report
Cloud Computing Disaster Readiness ReportCloud Computing Disaster Readiness Report
Cloud Computing Disaster Readiness Report
Gandhi Legacy Tour
 
2014 State of Backup for SMBs
2014 State of Backup for SMBs2014 State of Backup for SMBs
2014 State of Backup for SMBs
Carbonite
 
eBook: State of Data Backup for SMBs
eBook: State of Data Backup for SMBseBook: State of Data Backup for SMBs
eBook: State of Data Backup for SMBs
Carbonite
 
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to WasteIAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
Dave Steer
 
January 2017 Printed Newsletter
January 2017 Printed NewsletterJanuary 2017 Printed Newsletter
January 2017 Printed Newsletter
Yigal Behar
 
Making the numbers add up – how better financial accounting can support and p...
Making the numbers add up – how better financial accounting can support and p...Making the numbers add up – how better financial accounting can support and p...
Making the numbers add up – how better financial accounting can support and p...
Advanced Business Solutions
 
The Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyThe Critical Incident Response Maturity Journey
The Critical Incident Response Maturity Journey
EMC
 
2013 Deltek / Consulting Magazine Profitability Survey
2013 Deltek / Consulting Magazine Profitability Survey2013 Deltek / Consulting Magazine Profitability Survey
2013 Deltek / Consulting Magazine Profitability Survey
Stefan Kim (Grahn)
 

Recomendados

Cloud Computing Disaster Readiness Report
Cloud Computing Disaster Readiness ReportCloud Computing Disaster Readiness Report
Cloud Computing Disaster Readiness Report
Gandhi Legacy Tour
 
2014 State of Backup for SMBs
2014 State of Backup for SMBs2014 State of Backup for SMBs
2014 State of Backup for SMBs
Carbonite
 
eBook: State of Data Backup for SMBs
eBook: State of Data Backup for SMBseBook: State of Data Backup for SMBs
eBook: State of Data Backup for SMBs
Carbonite
 
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to WasteIAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
Dave Steer
 
January 2017 Printed Newsletter
January 2017 Printed NewsletterJanuary 2017 Printed Newsletter
January 2017 Printed Newsletter
Yigal Behar
 
Making the numbers add up – how better financial accounting can support and p...
Making the numbers add up – how better financial accounting can support and p...Making the numbers add up – how better financial accounting can support and p...
Making the numbers add up – how better financial accounting can support and p...
Advanced Business Solutions
 
The Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyThe Critical Incident Response Maturity Journey
The Critical Incident Response Maturity Journey
EMC
 
2013 Deltek / Consulting Magazine Profitability Survey
2013 Deltek / Consulting Magazine Profitability Survey2013 Deltek / Consulting Magazine Profitability Survey
2013 Deltek / Consulting Magazine Profitability Survey
Stefan Kim (Grahn)
 
BCS ELITE: Organisational change survey
BCS ELITE: Organisational change surveyBCS ELITE: Organisational change survey
BCS ELITE: Organisational change survey
bcselite
 
CFO's Guide to Business Analytics
CFO's Guide to Business AnalyticsCFO's Guide to Business Analytics
CFO's Guide to Business Analytics
Manish Desai
 
Building an enterprise security knowledge graph to fuel better decisions, fas...
Building an enterprise security knowledge graph to fuel better decisions, fas...Building an enterprise security knowledge graph to fuel better decisions, fas...
Building an enterprise security knowledge graph to fuel better decisions, fas...
Jon Hawes
 
Measuring Risk - What Doesn’t Work and What Does
Measuring Risk - What Doesn’t Work and What DoesMeasuring Risk - What Doesn’t Work and What Does
Measuring Risk - What Doesn’t Work and What Does
Jody Keyser
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud Examiners
The Lorenzi Group
 
When You Should Use Analytics for Decisions
When You Should Use Analytics for DecisionsWhen You Should Use Analytics for Decisions
When You Should Use Analytics for Decisions
Vessment
 
Accenture 2015: Global Risk Management Study - North American Insurance Report
Accenture 2015: Global Risk Management Study - North American Insurance ReportAccenture 2015: Global Risk Management Study - North American Insurance Report
Accenture 2015: Global Risk Management Study - North American Insurance Report
Accenture Insurance
 
Forte Wares - Pro-active Reporting
Forte Wares - Pro-active ReportingForte Wares - Pro-active Reporting
Forte Wares - Pro-active Reporting
Berkin Ozmen
 
Document Management in State and Local Government
Document Management in State and Local GovernmentDocument Management in State and Local Government
Document Management in State and Local Government
John Mancini
 
Making Strategy Real
Making Strategy RealMaking Strategy Real
Making Strategy Real
FindWhitePapers
 
The Open Group July Conference Emphasizes Value of Placing Structure and Agil...
The Open Group July Conference Emphasizes Value of Placing Structure and Agil...The Open Group July Conference Emphasizes Value of Placing Structure and Agil...
The Open Group July Conference Emphasizes Value of Placing Structure and Agil...
Dana Gardner
 
2007 CPM West Keynote Presentation
2007 CPM West Keynote Presentation2007 CPM West Keynote Presentation
2007 CPM West Keynote Presentation
sirjem
 
Isaca journal volume-2-2017_AgileAudit
Isaca journal volume-2-2017_AgileAuditIsaca journal volume-2-2017_AgileAudit
Isaca journal volume-2-2017_AgileAudit
Christian Patricio Vaca Benalcázar
 
Best of Both Worlds: Correlating Static and Dynamic Analysis Results
Best of Both Worlds: Correlating Static and Dynamic Analysis ResultsBest of Both Worlds: Correlating Static and Dynamic Analysis Results
Best of Both Worlds: Correlating Static and Dynamic Analysis Results
Jeremiah Grossman
 
TrustImperative_etlinger
TrustImperative_etlingerTrustImperative_etlinger
TrustImperative_etlinger
Susan Etlinger
 
Five phases of change management
Five phases of change managementFive phases of change management
Five phases of change management
LERNER Consulting
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspective
canadianlawyer
 
Monster Day 2
Monster Day 2Monster Day 2
Monster Day 2
Emily Mannel
 
Cashing in on insight
Cashing in on insightCashing in on insight
Cashing in on insight
Ihab Ahmed Atwah, CMA, CFM
 
Edelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by PonemonEdelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by Ponemon
Edelman
 
Managing Creativity and Innovation under Business Uncertainty
Managing Creativity and Innovation under Business UncertaintyManaging Creativity and Innovation under Business Uncertainty
Managing Creativity and Innovation under Business Uncertainty
Atul Bengeri
 
Business uncertainty agile india
Business uncertainty agile indiaBusiness uncertainty agile india
Business uncertainty agile india
Agile Software Community of India
 

Mais conteúdo relacionado

Mais procurados

2007 CPM West Keynote Presentation
2007 CPM West Keynote Presentation2007 CPM West Keynote Presentation
2007 CPM West Keynote Presentation
sirjem
 
TrustImperative_etlinger
TrustImperative_etlingerTrustImperative_etlinger
TrustImperative_etlinger
Susan Etlinger
 
Five phases of change management
Five phases of change managementFive phases of change management
Five phases of change management
LERNER Consulting
 

Mais procurados (20)

BCS ELITE: Organisational change survey
BCS ELITE: Organisational change surveyBCS ELITE: Organisational change survey
BCS ELITE: Organisational change survey
 
CFO's Guide to Business Analytics
CFO's Guide to Business AnalyticsCFO's Guide to Business Analytics
CFO's Guide to Business Analytics
 
Building an enterprise security knowledge graph to fuel better decisions, fas...
Building an enterprise security knowledge graph to fuel better decisions, fas...Building an enterprise security knowledge graph to fuel better decisions, fas...
Building an enterprise security knowledge graph to fuel better decisions, fas...
 
Measuring Risk - What Doesn’t Work and What Does
Measuring Risk - What Doesn’t Work and What DoesMeasuring Risk - What Doesn’t Work and What Does
Measuring Risk - What Doesn’t Work and What Does
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud Examiners
 
When You Should Use Analytics for Decisions
When You Should Use Analytics for DecisionsWhen You Should Use Analytics for Decisions
When You Should Use Analytics for Decisions
 
Accenture 2015: Global Risk Management Study - North American Insurance Report
Accenture 2015: Global Risk Management Study - North American Insurance ReportAccenture 2015: Global Risk Management Study - North American Insurance Report
Accenture 2015: Global Risk Management Study - North American Insurance Report
 
Forte Wares - Pro-active Reporting
Forte Wares - Pro-active ReportingForte Wares - Pro-active Reporting
Forte Wares - Pro-active Reporting
 
Document Management in State and Local Government
Document Management in State and Local GovernmentDocument Management in State and Local Government
Document Management in State and Local Government
 
Making Strategy Real
Making Strategy RealMaking Strategy Real
Making Strategy Real
 
The Open Group July Conference Emphasizes Value of Placing Structure and Agil...
The Open Group July Conference Emphasizes Value of Placing Structure and Agil...The Open Group July Conference Emphasizes Value of Placing Structure and Agil...
The Open Group July Conference Emphasizes Value of Placing Structure and Agil...
 
2007 CPM West Keynote Presentation
2007 CPM West Keynote Presentation2007 CPM West Keynote Presentation
2007 CPM West Keynote Presentation
 
Isaca journal volume-2-2017_AgileAudit
Isaca journal volume-2-2017_AgileAuditIsaca journal volume-2-2017_AgileAudit
Isaca journal volume-2-2017_AgileAudit
 
Best of Both Worlds: Correlating Static and Dynamic Analysis Results
Best of Both Worlds: Correlating Static and Dynamic Analysis ResultsBest of Both Worlds: Correlating Static and Dynamic Analysis Results
Best of Both Worlds: Correlating Static and Dynamic Analysis Results
 
TrustImperative_etlinger
TrustImperative_etlingerTrustImperative_etlinger
TrustImperative_etlinger
 
Five phases of change management
Five phases of change managementFive phases of change management
Five phases of change management
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspective
 
Monster Day 2
Monster Day 2Monster Day 2
Monster Day 2
 
Cashing in on insight
Cashing in on insightCashing in on insight
Cashing in on insight
 
Edelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by PonemonEdelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by Ponemon
 

Destaque

FITT Toolbox: How to manage Uncertainty in Business Strategy
FITT Toolbox: How to manage Uncertainty in Business StrategyFITT Toolbox: How to manage Uncertainty in Business Strategy
FITT Toolbox: How to manage Uncertainty in Business Strategy
FITT
 

Destaque (6)

Managing Creativity and Innovation under Business Uncertainty
Managing Creativity and Innovation under Business UncertaintyManaging Creativity and Innovation under Business Uncertainty
Managing Creativity and Innovation under Business Uncertainty
 
Business uncertainty agile india
Business uncertainty agile indiaBusiness uncertainty agile india
Business uncertainty agile india
 
Uncertainty: Business as Usual
Uncertainty: Business as UsualUncertainty: Business as Usual
Uncertainty: Business as Usual
 
FITT Toolbox: How to manage Uncertainty in Business Strategy
FITT Toolbox: How to manage Uncertainty in Business StrategyFITT Toolbox: How to manage Uncertainty in Business Strategy
FITT Toolbox: How to manage Uncertainty in Business Strategy
 
Dealing with Uncertainty - Our Business World
Dealing with Uncertainty - Our Business WorldDealing with Uncertainty - Our Business World
Dealing with Uncertainty - Our Business World
 
WTF - Why the Future Is Up to Us - pptx version
WTF - Why the Future Is Up to Us - pptx versionWTF - Why the Future Is Up to Us - pptx version
WTF - Why the Future Is Up to Us - pptx version
 

Semelhante a Managing Uncertainty - 2011

How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
Rahul Tyagi
 
Hyper Decision Making Whitepaper - Complete and Final - March 2015
Hyper Decision Making Whitepaper - Complete and Final - March 2015Hyper Decision Making Whitepaper - Complete and Final - March 2015
Hyper Decision Making Whitepaper - Complete and Final - March 2015
Dr. Ted Marra
 
EMB Briefings_technology_risk management final
EMB Briefings_technology_risk management finalEMB Briefings_technology_risk management final
EMB Briefings_technology_risk management final
Mike Wilkinson
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
Chad Korosec
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx
christiandean12115
 
Executive Breach Response Playbook
Executive Breach Response PlaybookExecutive Breach Response Playbook
Executive Breach Response Playbook
Hewlett Packard Enterprise Business Value Exchange
 
How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation
The Economist Media Businesses
 
Uncovering Fraud in Key Financial Accounts using Data Analysis
Uncovering Fraud in Key Financial Accounts using Data AnalysisUncovering Fraud in Key Financial Accounts using Data Analysis
Uncovering Fraud in Key Financial Accounts using Data Analysis
FraudBusters
 
Using Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic AuditUsing Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic Audit
FraudBusters
 

Semelhante a Managing Uncertainty - 2011 (20)

CroweHorwath
CroweHorwathCroweHorwath
CroweHorwath
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Hyper Decision Making Whitepaper - Complete and Final - March 2015
Hyper Decision Making Whitepaper - Complete and Final - March 2015Hyper Decision Making Whitepaper - Complete and Final - March 2015
Hyper Decision Making Whitepaper - Complete and Final - March 2015
 
EMB Briefings_technology_risk management final
EMB Briefings_technology_risk management finalEMB Briefings_technology_risk management final
EMB Briefings_technology_risk management final
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
The Ultimate Guide To Business Continuity
The Ultimate Guide To Business ContinuityThe Ultimate Guide To Business Continuity
The Ultimate Guide To Business Continuity
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we work
 
Executive Breach Response Playbook
Executive Breach Response PlaybookExecutive Breach Response Playbook
Executive Breach Response Playbook
 
Effective demand planning - our vision at Solventure
Effective demand planning - our vision at SolventureEffective demand planning - our vision at Solventure
Effective demand planning - our vision at Solventure
 
Protect-Biz for non-profits
Protect-Biz for non-profitsProtect-Biz for non-profits
Protect-Biz for non-profits
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and Eskins
 
How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation
 
[Free Guide] Keys to Successful Project Management and Growth for Agencies‏
[Free Guide] Keys to Successful Project Management and Growth for Agencies‏ [Free Guide] Keys to Successful Project Management and Growth for Agencies‏
[Free Guide] Keys to Successful Project Management and Growth for Agencies‏
 
Relationship Forecasting
Relationship ForecastingRelationship Forecasting
Relationship Forecasting
 
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaperRiskpro SCRAY whitepaper
Riskpro SCRAY whitepaper
 
Uncovering Fraud in Key Financial Accounts using Data Analysis
Uncovering Fraud in Key Financial Accounts using Data AnalysisUncovering Fraud in Key Financial Accounts using Data Analysis
Uncovering Fraud in Key Financial Accounts using Data Analysis
 
Using Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic AuditUsing Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic Audit
 

Managing Uncertainty - 2011

  • 1. Global Compliance Associates, LLC The promise and challenge of managing uncertainty is analogous to the phrase “connecting the dots”, “seeing around corners”, or some other catchy sound bite that describes the ability of some group or individual to prevent disaster before it happens. While every industry would like to have processes in place to connect the dots the reality has been elusive at best. Peering into the future with a high level of certainty requires new skills and tools beyond the traditional risk and control self-assessments that are broadly used today. Let me give you an example. Suppose you build a model that touts 95% accuracy. Typically, what this refers to is a measure of false-negative ratio. In order to truly gauge the accuracy of a system you must also know the false-positive ratios. To reduce uncertainty your model must be able to achieve a high degree of true-positive results in order to make an informed decision. Mathematically, accuracy compares the number of times you “miss” (false negatives) and the number of times you incorrectly “hit” (false positives). The final result provides you with a better picture of your “true positives.” Preparing for the new demands in Regulatory Reform during volatile market conditions “American business tends to have a strong bias to ignore variations in data and instead focus on the mean or average results. There is a tendency to believe that “average” is the expected value of an outcome. Plans based on average assumptions are wrong on average.” - Sam Savage, author of the Flaw of Averages Why connecting the dots has been elusive? Managing Uncertainty
  • 2. 2 lorem ipsum :: [Date] “To improve is to change; to be perfect is to change often” - Winston Churchill Global Compliance Associates, LLC GCA, LLC was established to fill a gap in risk practices for firms seeking to benchmark the effectiveness of their risk management programs. The GCA, LLC “Risk Maturity Model” assesses your risk management program against industry leading risk practices. This diagnostic tool is used to begin a dialogue for enhancing operational risk, information security risk, and internal controls programs. GCA, LLC has over 70 years of practical experience creating cost effective risk management and compliance programs for a variety of world- class financial services firms. GCA, LLC’s team of risk professionals has the experience to transform your risk management program into a high performance framework designed to evolve with the growth and complexity of your organization. - - - - - - - - - - - - - - - - - - The challenge many boards face is as humans we frequently underestimate the uncertainty of events. By nature, we are wired to believe we know how to manage risk after it appears. The oil spill in the Gulf of Mexico is an extreme example of the fallacy of this approach. New approaches to understanding uncertainty have been slow to be adopted by firms who profess to manage risks well. But how do you anticipate the unknown? What probability would you assign to these events? Help is just beyond the horizon! Technology is playing a tremendous role providing organizations the ability to capture, organize, and model a richer set of risk data. These technologies are becoming very powerful tools that allow management and board of trustees to ask tough questions and to analyze a range of outcomes of uncertain events. When used properly these systems increase the probability of success. Success is never guaranteed otherwise there would be no risk! Managing risk is the process of reducing the cloud of uncertainty of bad things happening. Doing so takes a new way of thinking about the role that board of trustees play as fiduciaries. This primer is the first step in moving beyond the regulatory and compliance approach to managing risk.www.globalcomplianceassociates.com
  • 3. 3 lorem ipsum :: [Date] “A statistician was given the task of fording a river that was on average 3 feet deep. Three quarters of the way across the statistician was progressing as expected. Suddenly, the poor man disappeared in the middle of the river. The poor statistician did not anticipate the 20-foot sinkhole in the path of his crossing the riverbed. Too often this is how businesses plan their goals, strategy and major initiatives.” (paraphrased) - The Flaw of Averages, Sam L. Savage A highly accurate risk model would be able to parse through a vast number of individual data points, choose between or reject scenarios least likely to occur and present you with a highly targeted list of the most likely outcomes for you to focus on. Building sophisticated models with intelligence requires looking beyond the traditional high, medium, low risk assessment models where “average” is used to measure risk. The importance of intuition, experience, industry expertise, and other intangibles used daily to make valid decisions is just as relevant today as ever before. However, as organizations become more geographically diverse systemic risks are harder for any one person or group to anticipate. Two main factors contribute to this problem. Modern organizations manage millions of transactions and confidential data that hold the key to organizational success or reputational failure. Keeping track of these data points has exceeded the capacity of the human mind. Secondly, information is fragmented in different locations and in different forms of data that make it very challenging to grasp the significance of any single set of data points in isolation. Simply put, connecting the dots is insurmountable without help from technology to digest the data in a manner that informs your decision-making. Make no mistake a human is required to connect all of those separate dots into a cogent set of decisions however technology is the tool that allows this to occur! No technology reduces uncertainty completely. However, technology is advancing rapidly to address these challenges by providing the means to reduce uncertainty to a more manageable level. Why we underestimate risk Risk comes from not knowing what you’re doing. Warren Buffett 1930-, American Investment Entrepreneur (continued)
  • 4. 4 lorem ipsum :: [Date] The “New Normal “ in business will require innovative approaches to managing risks in an increasingly complex market environment Let’s shift gears a bit to understand how old approaches to addressing risks have resulted in recurring operational risk failures. The Flaw of Averages and our tendency to reinforce our own biases have prevented major advances in risk management practices. Why is the Flaw of Averages so prevalent in almost every human endeavor? Nassim Nicholas Taleb explains this phenomenon in his seminal book, The Black Swan. Taleb tells the story of the appearance of a single Black Swan to illustrate that our perception of the world is based primarily on our limited observations and experience of what is known. Because we do not naturally focus on what is unknown we are surprised by all of the Black Swans that occur, both positive and negative, that occur out of thin air.1 Whether you completely agree with Taleb or not is irrelevant. The point that he is making is a valid one that requires us to consider that outliers exist and one must determine were it to occur what impact would it have on your firm, business plans or employees. Avoiding the Flaw of Averages requires an understanding of the weaknesses inherent in most risk assessments that use averages to determine expected outcomes. What then is the alternative to the Flaw of Averages? One must start with the capture, refinement, and analysis of high quality data. Let’s spend time discussing the importance of getting the data right so that you can avoid the Flaw of Averages. Getting data quality right is not a new idea! If you have heard the saying “garbage in; garbage out” you understand that this concept is as old as the Cobol programs used in the early days of computing technology. However, the proliferation of data makes this problem more challenging and urgent to solve. As American industry shifted from manufacturing to the information age the importance of data has grown. The Internet is an example of how information has transformed business models and elevated content to the status of a hot commodity that must be protected, managed, and leveraged in new ways of doing business. Access to data has exploded yet the ability to glean valuable information from the reams of useless data has become a real challenge for firms handling millions of customer and business transactions. Organizations are challenged with sifting through mountains of data to focus on the data that matters most. Clearly, technology is required to collect, organize, and present the most relevant data to the board in a succinct manner. The importance of this example is that improper framing and incomplete analysis of data will lead to less than optimal outcomes. Board members should frequently challenge how risks are framed and understand the inherent weakness in data quality. Management and the Board are faced with making decisions with imperfect information in the face of uncertain outcomes. We are hard wired as humans to avoid loss at almost any cost. This bias to avoid losses based on poorly designed framing leads to the illusion of weighing all optimal options. Once this fact is fully understood then steps can be taken to improve the odds of success by improving the data used to make informed decisions. How does the Board avoid these mistakes? Request the Board ToolKit White Paper to find out more
  • 5. 5 lorem ipsum :: [Date] GCA, LLC Services The Risk Advisory Services group specializes in providing a range of consultative services including targeted assessments of products, strategy, or the Enterprise Risk Framework. The RAS can work along side internal risk professionals to build next generation risk processes or serve as staff augmentation to fill temporary gaps in capability. A corporation seeking to gauge how well their risk management program stacks up against best practices in comparable size organizations use the Risk Maturity Model. The Risk Maturity Model uses a comprehensive set of metrics that measure the firm’s ability to take more risk or identify risk of significant operational failure. Information Security and Privacy is quickly becoming recognized as an area of significant operational risk exposure. GCA, LLC will guide your firm through the system development life cycle of internal IT controls. Information Security goes beyond authorization and authentication to an analysis of where data resides and how data moves across organizations and is shared with customers, vendors, and competitors. GCA provides an end- to-end view of how managing data is the new best practices in information security. Protecting nonpublic confidential data and personally identifiable information is now mandated by a variety of state and federal laws that have raised the bar and liability of firms who fail to implement controls that detect, prevent, or correct weaknesses in internal controls. Whether you are focused on strong Information Barriers or simply looking for creative solutions to protecting nonpublic information GCA has the expertise to enhance your current controls. GCA’s Board Advisory Services will collaborate with senior management to benchmark the RISK IQ of the board’s oversight committees. An informed Board is an effective Board and GCA will assist in developing a Tone at the Top that informs rather than overwhelms. Global Compliance Associates, LLC provides a range of services that include Risk Advisory Services, Risk Maturity Model, Information Security and Privacy, and Board Advisory Services GLOBAL COMPLIANCE ASSOCIATES, LLC GCA@GLOBALCOMPLIANCEASSOCIATES.COM WWW.GLOBALCOMPLIANCEASSOCIATES.COM 401-451-8112 PRINCIPALS: JAMES BONE, PRESIDENT SOHAYLA FITZPATRICK, MANAGING DIRECTOR