Founded in 2011, the Milliman Risk Institute provides scientific-based thought leadership on all facets of enterprise risk management (ERM). Composed of senior risk executives, actuaries, and university professors, the Milliman Risk Institute Advisory Board meets semi-annually in discussing ERM trends, research, and key topics.
In this blog series, members of the Milliman Risk Institute Advisory Board share their views on ERM research and development and how it can support business insights.
Enterprise risk management (ERM) is still a relatively new field, which really started to come into its own only after the global financial crisis in 2008 and 2009. But three basic facets of ERM have remained critical constants since even before that. The first lies in integrating ERM with internal audit business resiliency. How do we really look at the interdependence across those particular functions within an organization? If ERM is pigeonholed into a compliance function, or a protection function, it’s all too easy to lose track of whether enough risk has been taken on—whether an entity actually creates more risk for itself by being too risk-averse. ERM more and more needs to be treated as a distinct discipline.
The second is found in the wider culture itself, how it is changing to become more aware of risk. Evidence of this shift could be seen in Sarbanes-Oxley and was there again in Dodd-Frank. This trend raises questions about what a risk culture looks like in the first place. If you step back from all this regulatory climate that we’ve now imposed, if you look at the financial crisis and the impact it’s had, how has the culture changed? It’s obviously not easy to quantify but it’s an interesting question to take on. How do you know when your ERM program is working? Is it that you have good reporting and compliance? Is it that you have fewer surprises? And how do you measure that impact, quantify it?
The third facet involves big data and predictive analytics. We now have information resources that we’ve never had before, we can slice and dice it a hundred new ways and the information is constantly streaming in to us in real time. Is it really helping us get better at managing risk, or is it diluting our ability to focus and really understand root causes? Can it really be used to improve an overall operation — and how can you know whether or not that is actually happening?
Goldman Sachs, for example, is the best I’ve ever seen at using big data and predictive analytics, whether it’s on the trading floor or in other areas—absorbing the mountains of data, understanding the implications, and using that as the basis for action, with tremendously impressive results. Cisco is another, automated from day one because it didn’t have the legacy. Even the Federal Reserve, with its more traditional, old school approach to information, has begun to consider and work with macro impacts, particularly in areas where it has access to information others don’t, such as about companies and trends in other countries.
The amount of information available now is incredible. Every meeting, I have an opportunity to know a lot more about who I am meeting with. I can start targeting people. It doesn’t have to be marketing groups, it can be personal. I’m going to a particular social gathering, I’m going to a particular event. I can, if I choose to, be much better at working the room than I ever could have before, because people are freely giving up unbelievable amounts of information on social media now. The implications for data mining and profiling are almost staggering.
Christina Kite is a member of the Milliman Risk Institute Advisory Board. She is Senior Vice President of Business Services and Director of Finance at BB&T.