In a financial services organization without an institutionalized risk management culture, employees often make the wrong decision even in the face of good policies. A business unit within that organization may place bets the firm can't cover. Executive management and the board may not know of their exposure to these risks until it is too late to save the firm. A lack of a risk-oriented culture is flying blind with uninformed pilots at the helm.

In a well-controlled organization with an institutionalized risk management culture, however, employees will do the right thing even in the face of unclear policies. Organizations that establish a strong risk management culture will foster risk-informed decision making that ensures its long-term viability.

For a risk management culture to take hold within a financial services organization, there must be a pervasive philosophy communicated from the top management down through the organization and embraced by the entire staff.

Every employee must understand the organization's risk tolerance or risk appetite and where the "edges of the envelope" are for each business line, product and geographic unit. Employees on the front lines must buy into the definition, and operate under it, for the culture to be effectively implemented.

A comprehensive enterprise risk management (ERM) platform can help a financial services organization accomplish all of this by arming employees with tools that empower them to become more proactive in doing what is right. An effective solution illuminates risks, facilitates the process of identifying them and helps illustrate how certain inherent risks could harm the organization or even lead to its failure. It shows clarity of impact for critical decisions. The solution becomes the vehicle for communicating risk to senior executives and the board and enables the eye-wide-open embrace of the right opportunities.

An ERM product can also provide a financial services organization's employees with a single, common risk management framework, with streamlined process flows and centralized functionality, data stores and risk libraries.

As a result, each department within the organization such as compliance, risk, IT and internal auditing, can address risks that are important to them, but still within the common framework. This allows for easy roll-ups for a comprehensive view of all risks. The common framework allows risk identification, measurement and management both at the department level and across the enterprise.

This framework becomes a cultural shift-enabling technology through direct workflow-oriented interaction with employees. It pushes responsibility, accountability, and measurability into the banks operational teams. This results in positive reinforcement of desired behaviors and fast identification of deviations from an organization's philosophy and code.

Some leading financial services organizations have even conflated the concepts of risk management and ethics to describe the fabric of the culture they want to operate within. Technology can help push those top-down efforts forward.

An effective ERM solution is much more than a simple technology platform, however. A 360-degree view of aggregated risk allows an organization to evaluate risk exposure and adjust risk management strategies to conform with the risk appetite.

The tools that assist in the analysis of past risks should enable management of the monitoring program through an integrated viewpoint. For example, when managers perform audits to evaluate risks and controls, the technology platform should present the corresponding information in the form of past audits, issues raised, losses incurred, and so on. This gives managers the information needed to make decisions about risk ratings and controls.

When evaluating current risks, organizations need to know if the defined controls are being carried out as prescribed. Tools used in control assurance provide perspective on the performance, effectiveness and efficiency of existing controls. This is particularly important for controls that mitigate a high inherent risk to a lower residual risk because without the controls, there would be a high risk of failure.

Risk assessments are used to derive risk scores that reflect the likelihood and impact of future risks. Forecast accuracy is improved by access to control attestation and testing results, as well as any incidence or issue reports associated with the risk or control. What-if scenarios are used to plan for the probable outcome, if an event occurs. Key risk indicators (KRIs) should provide a snapshot view of potential points of failure. KRIs can be defined, managed and viewed through dashboards designed for quick analysis and decision support.

The right technology solution can play an instrumental role in creating a strong risk management culture within a financial services organization. The result will be more intelligent risk-taking by employees, leading to fewer losses and failures as well as additional opportunities for the business to succeed.

Customers, investors and regulators will all notice. Investing in sound risk management practices and a technology offering to support them leads to a healthier bottom line, a solid reputation and a strong competitive position in the marketplace.

This article can also be found at

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access