June 29, 2011
Historically, risk has been thought of solely financially, said Nicole Adams Kraus, principal with Decision Strategies International, Conshohocken, Pa., at CUES Annual Convention, June 26-29 in Cancun, Mexico. “But today, we see a broader set of factors that led to the financial crisis.”
What caused the financial crisis of 2008 can be divided into three buckets, she said.
On the individual side, it’s common to make assumptions based on our years of experience, she said. That makes it harder to see risks coming around the corner. “A history of success sometimes makes people very myopic.
“We rely on old mental models to live our lives. We need them to create short cuts but they also can inhibit us,” she added.
“A leader [gets to be a leader because he or she] has been really good in the past. But there’s no guarantee that you will be really good in the future.”
In most organizations, the majority of time is spent on operations, making sure the lights are on and members are being served, Kraus said. But half of our success is related to the external world (general economic, political conditions, industry trends, etc). “When only half of what we do is in our control, we should spend more time on external factors.”
Strategic risk management can help. Traditionally in risk management, the focus has been on market, credit, liquidity, operational, legal/regulatory and reputational risks, said Kraus, but strategic risks have largely been ignored. The others are still important but business or strategic risk is a key missing component in many organizations’ risk management.
Strategic risk management is an outside-in holistic approach to identify, assess, manage and monitor emerging and strategic risks, she said.
- a process to identify emerging risks;
- a process to map systemic relationships among driving forces;
- an approach to pressure-test an organization’s strategy and performance;
- an approach to decide what strategic risks to exploit, hedge or ignore;
- a process to surface potential cognitive biases;
- a process to identify key signals to monitor; and
- a process to add flexibility to an organization.
It is not:
- a replacement for market, credit and/or operational risk practices;
- an enterprise risk management framework or solution;
- a replacement for sound governance, leadership and risk appetite setting.
Credit unions can use scenarios to approach strategic risk management, said Kraus.
1. First, you develop scenarios for a few years into the future. You look at the world around you and see what is happening and what might happen. These uncertain factors are used to create potential scenarios and the CU creates a strategy to address these outside factors.
2. Next you pressure test your operations. Under each scenario, how resilient are your current strategies?
3. Then you assess the implications. How can you strengthen the weaknesses discovered in the previous step?
4. Next you need to manage the strategic risks. If necessary, you redesign strategic initiatives to change the risk/reward profile. You might add initiatives to capture emerging opportunities and/or to mitigate your risk or to address any pending gaps on your financial statements.
5. Next you monitor the scenarios in real time. What is actually happening? How are the scenarios really playing out in the real world? You can use this data to go back and further refine your actions in step four.
6. Finally, if you have been successful at the process and worked hard to monitor and manage the risks, you should achieve your desired outcomes.
A good question for the board of directors to ask management, said Kraus, is, “If we enter a bad economy, how are you going to manage this initiative? Can you scale up or scale down really quickly?”
Find example scenarios in 2015 Scenarios for Credit Unions in North America, developed by CUES and Decision Strategies International.
Theresa Witham is a CUES editor, Theresa@cues.org.