Operational risk management and compliance management today require levels of management and board reporting. Traditional risk management annual reporting was constructed of key status of compliance programs, including approvals of policies and action plans.
Today, risk management and compliance teams need to provide more nimble and flexible responses to complaint management, compliance issues, and emerging risks. To stay on top of the issues requires a new approach in monitoring trends– and that starts with metrics.
There are leading and lagging metrics that are indicators of a potential risk or issue. As compliance expands to new strategic risks, operational risk, and consumer protection, there are new areas to monitor for triggering the need for action.
Data can be used to tell your story internally to justify business cases, or to quantify the implication of a risk. Data can also be used to balance the compliance perspective – monitoring credit/refund rates or complaint to order ratios can show the scale or importance of reported issues, based on the big picture.
Think about the story you need to tell when you create metrics:
Measure the data points that can help you quantify resource, costs, or time. Don’t get caught in the “track everything” trap.
- Don’t track with free text fields in spreadsheets – it’s the death of your metrics. Standardize how you capture data, listed values in capturing data are your friends
- Be aware of how Red/Yellow/Green convey risk based on audience. Don’t derail your message by making everything “Red”, but have clear criteria to escalate risk issues.
As you build metrics into your risk management program, focus on simple messages. Define the “whats” – what you want to measure. Define the “so whats” what the risks are and the implications to your business. Make sure your metrics then help you then define the “so whats” to take actions.
Linnea Solem is the Vice-Chair of the Shared Assessments Program and is the Chief Privacy Officer and Director of Business Risk & Privacy Management for Deluxe Corporation. Linnea is a management professional with 20+ years financial services experience in areas eCommerce, technology, business development, marketing, information practices and risk management .She is a Certified Information Privacy Professional and led Deluxe’s compliance initiatives for Y2K, GLB, Check 21, and Red Flags Legislation.
Reposted with permission from Forward Banker