The supporting detail of the grid, used for further analysis and line management purposes, is contained in a risk functional cross-matrix.
Red warning lights show us the most critical systems to redesign or overhaul. Where departments are already operating well, and currently get the green risk light, then there is no immediate need to replace that subsystem. Nevertheless, systems engineers will often replace that subsystem too and install a completely new one that is guaranteed to be compatible with the rest of the new integrated system.
A lot of the system satisfaction revolves around the functionality, that is, fulfilling the needs of the users. The needs analysis comes out in the defining document that is usually called the “user system requirements” (URS). Such a vital document, in summary, is circulated to interested system vendors in a communication flow, initiated by the “request for information” (RFI). This is a preliminary document that defines the summary of needs, and the firm’s plans for upgrading systems. It gives enough data to inform systems builders if they can meet the client’s needs, or not.
The final URS is analysed in full and sent to short-listed system vendors in a contractual document, usually called the “request for proposal” (RFP). It contains some data such as the user’s functional needs.
User’s functional priorities
When you are designing a risk management system, you are searching for best:
price
functionality
time taken to implement
confidentiality/security
reliability
after-sales support.
How you prioritise and assign weightings to these criteria is a subjective matter, and it defines your company’s exact situation. Even getting the best price–quality ratio and product involves the client in a calculus that offers more room for abstract judgement, rather than costs and figures alone.
You will have to check interfacing and efficiency of sharing data with the new programs. Otherwise, system integration difficulties can bring your risk management system that “speaks” English into a German bank with a French accounts system. The company’s central IT department may specify an Esperanto of XML as a mediator language for translating between the bank’s myriad systems. XML serves as a universal format for translation that also ports well to the Internet. Shared data can be sent over all the bank’s operational centres world-wide in this way. The complex design issues and the need for linking many disparate systems grow ever more insurmountable with a global corporation.
A world-wide financial company is likely to have several risk management systems, including all the “legacy” systems. This indicates a need for sophisticated integration, with the bank’s risk management system at the epicentre. The system can sit in the middle, linked by an EAI intermediary layer or module.
The interfacing and data conversion difficulties between the different business programs and suppliers may tend to work against easy linking of an enterprise-wide risk management system.
For this reason, the company may take a strategic policy for IT standards, e.g. something on the lines of:
For all global offices. To standardise our IT systems, we stipulate that:
All mainframes will be supplied by IBM, all servers by Sun Microsystems or Compaq, all PCs from Compaq or Dell, all operating systems either IBM-AIX or the latest Windows. Bloomberg will be our preferred dealing systems supplier and integrator, with MKI for back office and Sungard for risk management. Deviation from these standards will have to be approved by IT department beforehand.
Posts Tagged Business
A company’s best move may involve buying in an IT vendor’s outsourced risk management services. IT systems and services have been outsourced for many years now. Risk management services in the financial sector have generally involved external outsourced vendor systems and experts. But, value-added services rely upon the deep understanding of the specific business in question. The implementation of key risk management systems bought for the bank and adapted from insurance initially sounds fine; delivery can be something else. Tailoring it for retail banking uses can spell a disaster, it need not be cost-effective in time or money.
Successful risk management initiatives must come from the directors at the strategic planning level. Incremental addition of risk management systems or procedures may prop up the business weaknesses, but they may not cure the structural illness of the organisation. The Barings and AIB disasters showed that the directors either did not understand the target banking business, or were not too bothered to monitor real performance.
A global enterprise dealing in several foreign exchanges requires a central resource for effective internal corporate control. Otherwise, you end up with different divisions in parts of the world with varying standards of business operation and risk. One of these enterprises could have a business failure that could bring down the whole corporation.
A survey of US directors revealed:
43 % of company directors cannot identify, plan for, or safeguard against risk.
36 % do not understand major risks facing the company.
Companies that identify, plan and manage risk reap large potential business rewards. A basic view of corporate wealth formation, and risk horizons, is that it is created by the:
1. Directors’ strategic leadership planning (long term)
2. Traders or fund managers’ profit from tactical market moves (short term)
3. Risk management systems in place and effective (short to medium term)
4. Portfolio or assets of company appreciate in value (long term).