Quality MI is Integral to Good Quality Non Financial Risk Management

Quality MI is Integral to Good Quality Non Financial Risk Management

Richard Pike

Non Executive Director at Permanent TSB

Views 764

Quality MI is Integral to Good Quality Non Financial Risk Management

11.11.2016 07:15 am

“Without data you’re just another person with an opinion” W Edwards Deming, Data Scientist

This is a very true statement, however it can equally said that too much data with too few opinions is equally ineffectual. Therefore the balance between too much and too little data is a key one in ensuring the good governance of firms. The area of non financial risk is one presents some of the most challeneges where this problem is concerned.

In any medium to large financial organisation the amount of data that senior executives have to understand, in order to manage the non financial risk, is becoming a major risk in itself. Hundreds of pages in preparation for meetings are not uncommon and one’s ability to ‘see the wood from the trees’ is greatly impaired.

So your governance of non financial risk needs to be focused on those items that represent the most risk to your firm.


Governance of financial firms has undergone a major upheaval in the last few years.

Countless reports, reviews, guidelines, codes and regulations have been produced and most firms have made large leaps forward in their governance practices.

In the case of non financial risk,  senior executives are struggling to understand what is the relevant information at a point in time. This is a key determinant in enabling them to govern effectively.

One of the reasons for the recent emergence of large non financial risk reporting packs is the very reasonable requirement of regulators to be able to ‘look over the shoulders’ of the risk executives. In the past senior executives were guilty of assuming that what they were presented with was correct and not effectively challenging the data. So, when you challenge a one page overview of a risk or opportunity, the gut non financial risk executive’s reaction is often to present you with all of the facts devoid of any summary or conclusion. 

There are currently five major problems causing this to be very difficult to achieve in a medium or large financial institution:

  • The Goldilocks Problem: Too much or too little information in reports and board packs
  • The Basis Problem: Data is often presented in different bases e.g. qualitative (traffic lights, number of issues), quantitative (VaR, days survival, duration)
  • The Interdependencies Problem: The recording and visualisation of relationships between different entities and risks is not possible in current systems.
  • The Taxonomies Problem:  Non financial risk is riddled with too many differing taxonomies (Basle Op Risk Types,  Compliance categories, IT Risk categories,etc). There taxonomies are confusing and are often not mutually exclusive.
  • The Line Of Sight Problem: Data is not aggregated in a cohesive and structured manner, so hindering lone of sight into the business

Senior executives need to push back hard if they see this ‘dumping’ of management data on them. Not only does this create a huge reading and understanding overhead but also more importantly it adds to their personal risk. If you have been presented with the data then the regulator may assume that you have understood the relevance and consequences therein.


So what might a good non-financial risk pack look like?

There are essentially two types of information in a reporting pack:

  1. Information concerning the status of ongoing operations, risks and projects within the firm

For the first type of information it is vital that this is placed in context. There is no point in showing the level of ATM uptime as 98.78 if you don’t also explain what the expected value is, what the trend is and what, if any, impact this had had on customers. So what context is relevant? At senior executive level the context must be the strategy and risk appetite of the firm. If a piece of information cannot be put into one of these contexts then it may not deserve to be in a status information pack.

Once the executives have the context for the status updates they can focus on those items that seem to be out of kilter with the expected values and spend time discussing items that show the business is running off course regarding strategy or risk appetite.

  1. Information concerning new initiatives that the management wants to undertake or the results of which they want to share with the board

Regarding information about initiatives, the problem is a different one. Too little information risks the ‘have to look over their shoulder’ challenge and too much information makes it nearly impossible to have a structured debate and make a decision. A middle ground is where the risk team is required to present a set of options, and the supporting data, to the executives. The Operational Risk team will indeed have a preferred option but the challenge of providing multiple other reasonable options will present the senior executives with enough information to have a challenging debate.


The field of non financial risk has coe along way in terms of its frameworks and ability to record data. The next serious challenge is to represent that data effectively and to be able to communicate the results of data collection and analysis in a manner that gets the point across so that executives see the benefits that are being delivered for the firm.

In order to ensure the above, non financial reports need to always be set in the context of the risk appetite or the strategic goals and objectives of the firms. Also, where a course of action is presented it needs to be accompanied by other choices so that the senior executives have clear options. Better non financial risk reporting and communication leads to better overall non financial risk at your firm!


You can hear more from Richard Pike at the New Generation Operational Risk: Europe Summit taking place in London 14-15 March 2017, where he will join a speaker line-up of more than 20 senior operational risk professionals. For more details and information on how to register for the operational risk management conference, you can contact olympia.nolan@cefpro.com or call +44 (0) 207 164 6582.

Latest blogs

n/a n/a

How COVID-19 Is Ushering In a New Era of Cashless Technology

  Image source: https://www.pexels.com/photo/person-shopping-online-3944405/   Cashless technology isn't a completely fresh concept. People have been using credit cards for decades, and the market for fintech services has been Read more »

Jean Shin tyntec

Using WhatsApp for 2FA is the Future of Banking

From user authentication and password resets to transaction verification, two-factor authentication (2FA) offers basic but useful protection for consumers. The 2FA process typically sends an SMS sent to the customer with a one-time password (OTP). Read more »

Amir Ghodrati App Annie

The Role of Fintech Apps in Navigating This Period of Financial Insecurity

Economic instability has been ricocheting throughout the stock market in the wake of the global coronavirus pandemic. Its effects have been felt across all industries, with winners and losers’ across different sectors. So, how has fintech Read more »

n/a n/a

How to Choose a VPN for Digital Privacy & Security

In a world where almost everything is connected, and where hackers and other malicious people are roaming the internet, it is always advisable that you take every precaution that you can to enhance your data security and privacy protections. Using a Read more »

Ben Slater Instaclustr

The Case for Adopting Open Source – Own Rather Than Rent the Foundations of Your Business

For some time open source was seen as something that only the biggest companies could use and play with. But with the modern, increasingly fast business environment, the use cases for open source are in everything and the technology is increasingly Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel