21 April 2006

Mechanisms for Continuous Risk Monitoring...

Today Freddie Mac announced their settlement with shareholders. 410 Million Reasons why they have now hired a SVP of Enterprise Operational Risk Management.

Freddie Mac's New Chief of OPS Risk is now in a great position even though the SEC and the Justice Department are still a pair of "External Events" that could continue to be an issue.

WASHINGTON (MarketWatch) -- Gareth Davies, a veteran of nearly 20 years with General Electric (GE), will be joining Freddie Mac (FRE) April 24 as senior vice president, enterprise operational risk.

A native of Wales, Davies joined General Electric in London in 1987. Most recently, he served as vice president and chief risk officer for GE Asset Management. Davies will report to Anurag Saksena, SVP and chief enterprise risk officer. For the past five years, Davies has served as vice president and chief risk officer for GE Asset Management, where he developed both a risk framework and an operational risk structure. Additionally, he developed an in-house system to automate operational risk reporting.

One of the systemic problems at large institutions including organizations like Freddie Mac is keeping your finger on the pulse of "Risk Indicators". Unfortunately for SVP's and other executives in the corporate hierarchy, your middle managers are creating the layer that impedes the best Early Warning System you have at your disposal. When problems surface on the front line or in the "Cube City" down in Information Systems the normal agenda is for the employee to go to their direct supervisor to raise the "Red Flag" or disclose the incident. And the first behavioral response by the Middle Manager is to keep it quiet. Fix it before anyone else finds out. Keep it under wraps until damage control can be implemented.

When you are the head of Enterprise Risk Management, you need mechanisms to bypass and eradicate the barrier holding your intelligence, incidents and overall hunches for ransom. There is no magic system or process that will solve it all. The only way to attempt at breaking through this layer of social and organizational dysfunction is to circumvent it.

A continuous risk monitoring system has to be implemented and operating anonymously 24/7 if the upper echelons of executive management are ever going to "Feel the Pulse" of risk hotspots in the company. These hotspots translate into "Risk Indicators" from the sources themselves, people who know what's going wrong and know the truth. A Continuous Risk Monitoring System (CRMS) is an automated human feedback and problem identification mechanism for detecting risks. It allows leaders of large organizations to quickly identify problems and incidents of all kinds in their company. Call it a sophisticated whistle-blower system or suggestion box but that is exactly what it is, on steroids.

The ideal system would emulate communication patterns in small groups which is often a major ingredient in successful teams. It would also run on the existing computers and networks of the organization or from home by logging in via a VPN. The soldiers on the front line know what is going on far sooner than the commanders in the Joint Operations Center just as the employee or supplier does and they need a way to communicate the issue, concern or threat in a rapid and efficient manner. The system provides the executives with instant or trend based intel that is actionable. It provides the "Insight" as well as the pertinent facts that you need to make quick effective decisions.

Think about how long it takes for data and information to percolate and bubble up from the places in your organization that are considered "Current Risk Hot Spots". How many times do you kick yourself for not shooting the messenger. The point is that for far too long we have been playing the old telephone game. You know, the one that you played as a kid sitting around the kitchen table or on the floor in a circle. One person starts and whispers into the ear of the person to their right. Just a sentence or two. By the time the message gets around to the 3rd or 4th person, now the data is dramatically different than the original. It's been interpreted, edited and sanitized.

Walk down and visit the person who is in charge of the electronic suggestion box or whistle-blower program at your insitution. Ask them for an activity log. Ask yourself how you could get this mechanism to perform better and then work with your front line to develop something that middle management can't filter, change or delete. That is when you will be on your way to getting the real story, in real time.

No comments:

Post a Comment