Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Article on Modelling of RCSA Data
1. sponsored statement
The convenient untruth
Op risk professionals must revisit their attitude to qualitative data. John Kiddy, CEO of Chase
Cooper, says we must stop thinking of it as ‘just’ qualitative data and view it as a precious source of
intellectual capital
Most operational risk professionals are aware that takeovers that “hemmed in” the Bank of England face in uncovering reliable risk event data, it seems
there is far more so-called qualitative data avail- and prevented it taking more timely action . . . at entirely logical to focus more attention on the
able through risk and control assessments (RCSA) least not until a similar problem arises. abundant intellectual data that is available.
than reliable quantitative data. The ‘system’ approach accepts humans are The quantitative modelling and stress testing of
‘So-called’ because much of the data collected fallible, and will make errors, even in the best RCSA data empowers op risk managers. The RCSA
through RCSA is not truly qualitative at all. It is companies employing the best people. They are data collection is the beginning of the process,
most often an estimation of quantitative statistics consequences of systemic factors, not causes. As rather than something to be reported.
such as expected frequency of an event, expected Reason points out: “We can’t change the human The analytical power is immense. Op risk
severity, and information about the design and condition, but we can change the conditions under managers can apply multiple ‘what if’ scenarios
performance of controls. which humans work.” to RCSA data, to consider the sensitivity of their
The analysis of this qualitative data by quan- This approach encourages reporting – errors and organisation and of individual business lines to
titative methods represents one of the biggest near misses are reported and analysed within the changes in risk and control profiles.
untapped opportunities for the industry, and context of a blame-free culture. The results can also be stress-tested to analyse
particularly for op risk professionals. Most risk professionals would agree this is a the loss sensitivity of changes to individual data
Modelling techniques are not only relevant for crucial part of effective risk management, but are points, such as the effect of the degradation of a
capital charge calculation purposes, but are valu- we totally confident that the legal, regulatory and control on multiple risks across multiple business
able for all institutions in understanding their busi- management framework in which we operate lines. The risk profile can be simulated to exclude
ness and generating business benefits. encourages this in all cases? Perhaps the people certain controls, or to include controls that are not
A structured and rigorous quantitative analysis of queuing round the block at Northern Rock were yet operational, or to investigate the time sensi-
RCSA data will generate a number of benefits for telling us something we would be well advised as a tivity of the organisation to either an increase in
the industry. For example, it could greatly facilitate profession to act upon. risk or a fall in control effectiveness. For example,
the development of risk-based pricing and could Studies of ‘high-reliability organisations’ such as an op risk manager could consider the impact on
help to promote a ‘system’ approach to op risks, US nuclear aircraft carriers, nuclear power plants, a business if risk frequency or severities increased
as opposed to the ‘person’ or ‘legal’ approach that and air traffic control centres have thrown up some by 10% while the effectiveness of certain controls
seems all too prevalent in the UK and the US. interesting paradoxes that are relevant to our fell by 10%.
As James Reason pointed out in Human Error: industry. For example, one of the most important New business lines can be modelled from an op
Models and Management, the ‘person’ approach safeguards to errors was found not to be a strict risk perspective to investigate their likely impact,
seeks to control errors (risk events) by reducing adherence to procedures but human variability, controls can be analysed for value and whether it is
unwanted variability in human behaviour, the ability to make timely adjustments to processes beneficial to re-allocate resources to other areas of
by creating procedures and applying sanc- and to adapt to changing requirements. These the control infrastructure.
tions to those that fail to carry them out. This is organisations were able to make rapid changes The modelling of RCSA data can give the opera-
augmented by the ‘legal’ approach, which seeks locally at the centre of a potential problem, to allow tional manager an analytical ‘playbook’ to uncover
by regulation to make individuals responsible for experts to take temporary operational control. The information about an organisation’s risk profile
systemic breakdowns. success of this process was due to the high degree that is not readily apparent, to consider and
Sarbanes-Oxley requirements are the embodi- of shared agreement on objectives and goals. analyse multiple ‘what if’ scenarios to improve the
ment of the ‘person’ and ‘legal’ approaches – the These organisations also had a ‘collective preoc- decision-making process, driving significant busi-
idea that bad things only happen to bad people, cupation’ with the possibility of failures, and ness benefits to the organisation, its customers,
what psychologists call the ‘just world hypothesis’. continually considered scenarios for errors that had and to the financial services industry. These types
This might be emotionally appealing, but does it not occurred previously. of analytical tools are taken for granted in other
enhance the safety of investors’ money? The modelling of RCSA data can help facilitate risk disciplines; they should also be available as a
Now that the chairman of Northern Rock has this process, by mining the intellectual data preva- matter of course to op risk professionals.
resigned, perhaps we don’t have to concern lent in every organisation through the years of
Chase Cooper is a provider of risk management
ourselves with the systemic issues that created the collective experience and knowledge of its people. solutions, which includes its fully integrated, cutting-
problem, or the legislation on market abuse and Given the apparent difficulties many institutions edge operational risk software ‘aCCelerate’