I would add that there needs to be improvement in the tools risk managers use to turn all that data in the warehouse into information. Whether you call it data mining or business intelligence or just “get me the report and I-don’t-care-how”, there must be tools that are not only powerful, but that can be used by the folks that actually need the information. There has to be a way of getting around the need for semi-programmer analysts whose only job is to receive information requests, turn those into structured queries that actually hit the data, and then get the information back to the requestor.

If you have a real-time calc engine re-valuing your portfolio within 5 minutes of the latest price tick, but it takes 24 hours to get a usable presentation of what that means for your enterprise, how much have you really gained?

As usual, Debbie Williams is right on target. At a fundamental level, risk is a portfolio concept. As such it requires consolidated information on the full portfolio under consideration. Overcoming the massive data fragmentation that has accompanied migration of computing power from mainframes to minicomputers to PCs over the past 35 years is one of the biggest challenges to achieving effective enterprise risk management. As Debbie points out, flexibiity and transparence is the key. The necessary data elements needed for effective risk calculations will evolve continuously both because of new businesses and new products and because of a desire to perform more complex calculations.

My one caution is to avoid the temptation to attempt to build an all encompassing data warehouse with every scrap of information in the entire organization. That kind of project will become a black hole and will never be updated in a sufficiently timely fashion or be performant enough in the computational sense to provide the expected benefits. A far better approach is to build fit-for-purpose data marts that are designed to meet well defined analytical objectives. This will:

1) Provide a clear framework for what data elements are required.

2) Allow database designs that meet the retrieval needs of he intended analysis in a computationally efficient manner (which will not be the case in a fully normalized - i.e. maximally flexible - table layout.)

3) Provide early evidence of valuable output that will strengthen organizational support for the continuing cost and effort involved in data consolidation.

David,

I would add the following:

- ability to create and maintain a flexible data infrastructure to respond to the constantly changing data requirements for modeling and reporting of risks and exposures

- reference data management solutions to enable increasingly diverse financial institutions to meet individual department/divisional needs while allowing aggregation and centralized analysis in a consistent manner.

Speaking from current challenges, without these two things, any solutions we build to meet current needs will have limted ability to meet future requirements. None of the challenges you mention above will be able to be met without these two fundamental building blocks.

Rich Petersen makes an excellent point. It is vital that we remember our mission in building risk management systems should be “Technology in Support of Sound Judgment.” Among other things, this means that the ultimate goal is to make better decisions under uncertainty. Access to results that is flexible, tailored to particular end-users’ needs and doesn’t require esoteric technical training to formulate many meaningful queries is central to the mission. Unfortunately, as Petersen implies, we too often spend all our time and effort on the underlying analytics and little or no time making the results meaningful for the target audience. At a minimum, it should be possible to filter, sort and group detailed results so that any end-user is looking only at the information that is relevant to his or her role and authority. In brief, effective interface design is not fluff, as some technies are prone to think. Rather it is central to achieving the improved decisions that are at the heart of effective risk management.

I will pick the stress test comment to begin my thoughts. I believe that defining the impact of potential stress events for both market and credit risk will become increasingly important as we move forward. If we divide risk measures into marginal risk measures, stress/scenario tests and probablilistic measures, several things seems to stick out. We will always need the marginal risk measures simply because we use them in our daily thinking about risk. Probabilistic risk measures, while useful for many things, suffer from the simple fact that we are not 100% sure of the shape and location of the underlying distribution and cannot (at this time) tell the difference between a Type 1 error and a Type 2 error with complete confidence. “Did we really get a four standard deviation move last week or did the distribution move in the short or long term?” is a question we cannot fully answer at this moment. I know of several institutions that perform VaR simply for regulatory purposes (my point is NOT to dismiss probabilistic measures here at all).

Which brings me to stress and scenario tests. The institutions to which I refer above also noted that the results of stress and scenario tests are actionable, i.e., must be noted and discussed whenever some pre-set loss is reached under a specific scenario. By correctly (or maybe just sufficiently) defining the scenario and stress tests, an activity which requires significant human capital and experience more so than the other two measures (in my opinion) we can bring a combination of quantitative ability AND business experience and judgement to the risk management problem.

Kumar,

I can’t claim to be an expert on this area, so I will happily defer to others’ suggestions. Nevertheless, not being the bashful sort, here are my suggestions:

1. Derivative Risk Management

Derivatives are powerful tools for managing and moderating risk, but used casually they can create serious risks of their own. Some basic principles for proper management of derivative activity are essential.

2. Assuring Financial Statement Integrity – A Special Form of Operational Risk Management

Preparation of financial statements is a specialized type of business process. Methods to assure proper discipline around this process are similar to those for other processes from manufacturing to customer service. Integration of broader operational risk management techniques is the sensible approach to assuring financial statement integrity.

3. Liquidity Risk Management

Failure of effective funding and unexpected inability to liquidate assets when required are ever present threats. The best time to address such risks is before a crisis occurs, not after.

4. Stress Testing – Forewarned is Fore-armed

Just simulating a repeat of “the market’s greatest hits” does not constitute a proper stress testing program. Analyzing events that exploit the most serious vulnerabilities in a firm’s current situation is essential.

5. Broaden Your Risk Horizons

Often the worst risks are those not recognized. A classic example is the financial consequences of the tragic accident suffered by Roy Horn of Siegfried & Roy. It is said the Mirage had no key man insurance to cover the impact of such a possibility on the revenues of the casino in such an event. What unrecognized potential events could hit your firm? In many cases a little imagination can identify both such risks and possible ways to limit their impact.

6. GAAP Earnings vs. Economic Fair Value – Managing the Tradeoff.

Historical cost accounting will play a continuing role in financial statements despite the growing application of fair value accounting. Managing the inevitable tradeoff between these two concepts represents a continuing challenge.

I am planning to conduct a one day seminar on Financial Risk Management . The targer audience is CFOs of Business enterprises. Can I have a six point agenda (each point will be presented for an hour by a speaker). Can someone please tell me the these six points in sequence?

Great read, Thank you.

-Steven Burda