Knowledge Leadership
THE NEW ERA OF RISK MANAGEMENT
T he recent financial market meltdown
has highlighted the importance of risk
management in protecting and creating
shareholder value. It is widely acknowl-
edged that the current crisis has been
driven by failures in risk management and
oversight that led many organizations to
rethink their risk-management strategies.
While clearly there were management
mistakes that led to the current crisis, it’s
also true that executive management and
boards of directors need a better under-
standing of how risk is being managed in
their businesses to drive shareholder val-
ue. Unfortunately, the ability to accurately
assess, monitor, and manage the key risks
to the business has proven to be very dif-
ficult.
Compounding this risk-management
challenge, regulators around the world
will likely be enacting stronger regulation
and pursuing a stricter line of regulatory
oversight with regard to risk management.
As U.S. Secretary of the Treasury Timo-
thy Geithner recently declared, “We need
much stronger standards for openness,
transparency, and plain, common sense
language throughout the financial system.”
One of the main challenges is that risk-
management functions frequently operate
in silos. For instance, in some banks leading
up to the crisis, there were serious opera-
tional risks (e.g. mortgage fraud) as part of
the lending process that when realized led
to these banks holding large positions in
toxic assets. A better integration across
the operational and credit risk functions
could have mitigated these risks. In addi-
tion to delivering poor outcomes, a siloed
approach to risk management is expensive,
the result of its multiple, redundant data
collection processes and duplicative tech-
nology infrastructures. Going forward, ex-
ecutives will rethink their risk-management
infrastructures and design them with a lev-
48
el of integration across heretofore siloed
functions. By integrating risk-management
silos through a consolidated technology
infrastructure and shared processes, com-
panies can benefit from improved efficien-
cies, reduced costs, and improved trans-
parency in the interdependencies of risks
in the business.
In addition, companies are increasingly
adopting a risk-based approach to manag-
ing their business. A risk-based approach
identifies the key business processes and
associated risks and then allocates re-
sources accordingly. All companies are un-
der pressure to reduce costs, so focusing
on the right risks in the business is more
critical than ever.
Now is a defining moment in our in-
dustry. Executives are under pressure
to improve their risk-management capa-
bilities and to be responsive to additional
regulatory oversight. At the same time, the
economic climate dictates that companies
must squeeze out additional efficiencies
across their business. To meet these chal-
lenges, companies are turning to a strategy
of integrated risk management—the “New
Era of Risk Management.”
Integrated Risk Management
Many organizations today, from financial
services to manufacturing, are rethinking
their approach to risk management with
a particular eye toward integrating across
different risk-management functions. Tra-
ditionally, compliance has been a separate
function, but is increasingly converging
with operational risk–especially in the fi-
nancial services industry. Further, within
the compliance function itself, companies
have found that managing compliance in
silos is both cumbersome and costly. For
each new regulation, organizations typi-
cally implement a new technology point-
solution aimed at the specific regulatory
WWW.COMPLIANCEWEEK.COM » 888.519.9200
mandate. This fragmented approach limits
an organization’s ability to streamline com-
pliance processes and reduce costs. It may
also obscure the opportunity to integrate
compliance with other initiatives including
operational risk management and technol-
ogy risk management.
Business managers are realizing that
while complying with regulatory mandates
and mitigating risks to a certain business
process certainly have different objectives,
a single loss event can affect the outcome
of each. For instance, data loss and securi-
ty breach from a lost laptop can be viewed
both as a realized operational risk and as
regulatory non-compliance.
The rising cost of capital will lead to
tighter control environments. Investors
and lenders will reward those companies
with a lower inherent operating risk, and
they will demand a premium for the un-
certainty associated with weak control en-
vironments. Many institutions today have
limited visibility into the state of their con-
trol environments. As companies rethink
their risk-management strategies mov-
ing forward, many are hoping to leverage
operational risk management to improve
performance in other risk-management
disciplines. For instance, in the case of
market and credit risk, strong controls can
support the trading and lending processes
for better business outcomes. A well-man-
aged controls environment will benefit all
risk disciplines.
Integrating risk and compliance across
the enterprise and adopting a risk-based
approach to the business will enable ex-
ecutives to focus on those risks that could
have the greatest impact on the organiza-
tion. Business managers can spend less
time on assessments and more time on
proactively managing risk and capitalizing
on opportunities to meet company objec-
tives.
JUNE 2009
 OpenPages

The Role of Technology
Meeting the increasing demands of inte-
grated risk management in a large organiza-
tion requires effective technology support
to manage risk in a rigorous and systematic
way across the entire business. Technology
should be an enabler—supporting the risk
and compliance management process and
methodology—not defining the process
and methodology. Key objectives include:
» A converged risk-management meth-
odology that delivers efficiencies
» One assessment serving multiple pur-
poses—Risk and Compliance
» Dashboard reporting for real-time ac-
cess to business unit risk exposure
» A single technology infrastructure
kets, higher credit ratings, and lower costs
of capital. Providing enhanced visibility
into the risk landscape, an integrated risk-
management approach empowers business
managers to make smarter decisions that
maximize value, reduce costs, and balance
risk with returns. When embedded into
everyday processes at all levels of the orga-
nization, better risk management will drive
business performance. ■

» Providing real-time data management Summary

and decision support to ensure that
senior management and boards of di-
rectors receive accurate information
on the causes, financial impact, and
potential mitigating actions to control
issues
» Automating and streamlining risk and
compliance processes (e.g. Risk Self-
Assessment, Control Self-Assess-
ment, Loss Events, Scenario Analysis,
and KRIs)
» Supporting enterprise-wide risk as-
sessment, measurement, and report-
ing through a central repository of
policies, procedures, risks, and con-
trols
» Integrating with other applications to
leverage data that exists elsewhere in
the organization (e.g. loss events)
Certainly, one of the keys to successful risk
management is establishing an integrated
risk-management framework that spans
risk and compliance programs and provides
the ability to identify, manage, and monitor
the key risks across the enterprise. Those
companies that don’t rationalize the over-
lap between risk and compliance activities
must conduct and manage separate as-
sessment, documentation, and reporting
processes, which may actually hinder the
ability to effectively assess enterprise-wide
risk and the adequacy of internal control
systems.
Firms that successfully identify, mea-
sure, and mitigate risk should be rewarded
with higher valuations from financial mar-
Figure One
Business Unit Process Owners
ABOUT OPENPAGES
OpenPages is the leading provider of inte-
grated risk management solutions for global
companies. OpenPages solutions enable
companies to eliminate risk and compliance
silos, manage risk across the business, sustain
compliance across multiple regulations, and
embed these activities into their core business
practices. OpenPages is working closely with
its customers as they make the transition to
a risk-based approach to managing their busi-
ness, and many of its customers are integrat-
ing disparate risk management activities into
a common set of processes supported by a
single technology platform, OpenPages 5.5.
These companies are prepared for the New
Era of Risk Management.

As shown in Figure One, an integrated

risk-management solution can help com-
panies meet the increasing burden from
regulatory compliance requirements and
Shared
risk management, while gaining tangible Risk and
Compliance
benefits through: Framework

» A single point of accountability for Internal Risk Regulatory IT

oversight of compliance and opera- Audit Management Compliance Operations
tional risks

JUNE 2009 WWW.COMPLIANCEWEEK.COM » 888.519.9200 49