Risk management is an important topic for many organizations, especially those in financial services. Most of these organizations acquire risk one customer, one transaction at a time – this customer is not going to be able to pay (risk), this transaction is fraudulent (risk), this deal will not make money in the prevailing economic circumstances (risk). Many of these same organizations, however, have a portfolio focus in their risk management program – they use BI and reporting tools to summarize and assess their overall risk profile. They consider their total risk and invest their analytic dollars at this level. This is a mistake.
By considering risk only after the fact, these companies are substituting risk reporting for risk management. They are using analytics not to prevent risk or to make effective trade-offs, but to see how much risk they have acquired and what the consequences might be. By considering only their overall or total risk they are obscuring the impact of individual transactions – individual decisions…
Risk management is an important topic for many organizations, especially those in financial services. Most of these organizations acquire risk one customer, one transaction at a time – this customer is not going to be able to pay (risk), this transaction is fraudulent (risk), this deal will not make money in the prevailing economic circumstances (risk). Many of these same organizations, however, have a portfolio focus in their risk management program – they use BI and reporting tools to summarize and assess their overall risk profile. They consider their total risk and invest their analytic dollars at this level. This is a mistake.
By considering risk only after the fact, these companies are substituting risk reporting for risk management. They are using analytics not to prevent risk or to make effective trade-offs, but to see how much risk they have acquired and what the consequences might be. By considering only their overall or total risk they are obscuring the impact of individual transactions – individual decisions – on their overall risk profile.
Instead companies need to identify all the decisions involved in their business that contribute to risks. When I work with clients I call this Decision Discovery and focus on the high-volume, transactional decisions that drive day-to-day operations. Many of these operational decisions involve some assessment of risk – or at least they should. Identifying these decisions and analyzing them allows a company to see all the places where risk enters the system.
This more decision-centric thinking positions a company for controlling and managing risk as it is acquired. Predictive analytic techniques can be used to score each decision for risk – how risky is it to offer this customer this line of credit, how risky is this trade or deal, how likely is this transaction to be fraudulent and so on. Combining this kind of predictive model – focused on estimating the likely future risk of an individual transaction or customer – with optimization technologies to be used to manage tradeoffs and business rules technology to manage actions and compliance allows risk-aware automation of these decisions. Now the systems and processes that support day to day operations are managing risk before it is acquired, not just reporting on it after the fact.
For more on this check out some of my posts like this one on the value of treating operational decision making as a corporate asset, this one on using decision management to manage risk and this one on how decision-centric organizations focus on decisions.
