Tag: Crisis Management

Risk Predictions for the New Year and Interesting Business Cases in 2016

Risk Predictions for the New Year and Interesting Business Cases in 2016

Risk Predictions for the New Year and Interesting Business Cases in 2016

With 2016 just about a week old, I would like to share some risk issues that are interesting to consider in 2016.

Federal Reserve Interest Rate Increase

Although delayed many times, the Federal Reserve did finally increase the benchmark interest rate.[1] However, inflation does not seem to exist in a significant manner and some sectors, like energy and commodities are seeing deflation. There has already been discussion of the Federal Reserve slowing its rate of interest rate increases.[2] The recent move to increase interest rates is a real test and vote of confidence that job expansion and growth are happening and will continue to happen.

I think the underemployment situation is a major risk to the economy that hinders growth prospects. The U6 measure of underemployment, which accounts for those unemployed and underemployed, as tracked by the US Bureau of Labor Statistics, ticked up in November 2015 to 9.9% and remained there for December of 2015.[3][4] Although it is on a long-term downward trend from the peak in 2010, the level of 9.9% is still at levels seen in 2008 and 2002, when we had major recessionary pressures, suggesting the job market is still delicate. With many baby boomers existing the job market, the hope is that even a sluggish job growth in the economy can suffice to bring job growth.

Even with the seemingly strong job growth numbers in the recent December labor report, there is a strong concern of wage stagnation. “Wages simply did not grow, and with Wall Street expecting a 0.2% increase in average hourly wages, in December not only was there no wage growth, but in fact, average hourly earnings posted a tiny decline from $25.25 to $25.24.”[5]

Outlook and Prediction: Look for the Federal Reserve to reverse course by the third quarter of 2016, either by reducing rates or increasing liquidity through more quantitative easing. The first week of 2016 had already shown that there are many forces working against wage growth.

ISIS

Most of the world remains in shock that the seemingly disorganized militants and extremists can pull off the attacks seen recently. The reality is that they are more organized and funded than we admit in the media. With the recent San Bernardino attack, it is clear that ISIS is a growing and formidable risk for the US and all western countries.

Outlook and Prediction: ISIS will continue to dominate the US presidential election as a major concern. The ability to respond to this risk will command attention of the US voting populous. Nationalistic feelings are on the upswing in Europe and even in the US, as demonstrated with the swelling support for Trump. Actions by ISIS and the role of the US in the region will be important to voters. Continued terrorist actions by ISIS lift Trump, too. It will make for an interesting and risky election, especially for candidates that look soft on or inexperienced with terrorism.

Deflation (In Various Forms and Places)

The danger that economist all try to avoid is that of deflation. Deflation is great if you hold cash, as assets become cheaper in the future, but for economies built on consumerism and borrowing, it is really bad news and leads to default and lack of investment (See Irving Fisher for his great work on this topic). Deflation is alive in Japan.[6] Consumer prices fell in Europe in late 2015, showing signs of the deflation beast, even with the massive quantitative easing at work in Europe to ward it off.[7] Here in the US, we have seen deflationary trends, largely driven by the drop in energy prices. China has shown signs of a slowing economy, and demographic realities of an aging US, Europe, Japan (and even China) are deflationary forces that might be kicking into high gear. (See my recent posts on China’s changing Demographics and the The World in 2050). A real danger is that as deflation takes hold, firms can and will pay less for labor and with underemployment already high, the risks of salary stagnation or even salary deflation is growing in the US and globally. (Ask the people working in the energy sector or even on Wall Street. Ask what bonuses get paid out this year, too.)

Outlook and Prediction: Hopefully, low energy prices will stimulate growth in various sectors, but it has not seemingly happened yet. Low energy prices are typically seen as an opportunity to expand, but much of the economy is driven by services that are not directly related to energy. There is some additional benefit to lower energy prices, still. Paying less for energy may allow consumers to spend more elsewhere or save more, which is generally seen as good. Currently, holding cash does not offer a large penalty now for investors, which already sounds like deflation, so stimulating saving over spending is not too helpful now. Look for firms to hold hiring increases in 2016 and for deflationary issues to weigh on salary growth.

Some interesting firms were in the news in 2016, offering lessons on the handling of risk and how they will recover from the risks seen will prove very interesting. Here are a few to consider:

Cars: Volkswagen, GM, Tesla, (Plus Gas Prices)

The cheating and deceit at VW is only surpassed by the ignition scandal at GM (See post on The Value of Trust and Leadership Failures at VW). In the case of GM, knowingly installing faulty ignition switches harmed and killed people. GM will try to get its cases resolved quickly, but a divided Congress and an election year can make it a bigger mess. Which politician will stand with GM’s position this year? Few if any, I predict. With the concurrent VW case unraveling and everyone vilifying VW, supporting the GM case just got harder for GM (or anyone else like politicians or unions). Expect expensive settlements soon. As for VW, it  has cheated customers and the environment. Its position as a progressive, labor-forward, and environmentally oriented firm is damaged for a long time. There will be fines, maybe some prison times for executives, and a period of apology. People will remember this for a long time.

Outlook and Prediction: VW will survive, but its image as the progressively minded car manufacturer is tarnished and it will take a big hit in credibility. VW has lost the halo of being the environmentally minded and labor-forward firm that can teach others how to operate. VW sold a lie. BTW, who needs diesel cars now? Gas is at early 2000 levels (See graphic below from the EIA).[8] In the absence of an environmental promise on clean diesel, what is the benefit of a diesel car? While you are trading in that diesel VW, get an electric car, like a Tesla – that is what all the uber progressives want anyhow. Tesla can’t make cars fast enough!

Chipotle

This darling of the fresh, humane, fair, and sustainable food movement has hit more than a few bumps in 2015. The shortage of carnitas (due to a lack of pork raised by humane practices) was handled very well by management. Some might even say it helped Chipotle strengthen its sense of ethos and trust with consumers. However, the recent and multiple E. coli outbreaks at Chipotles across the US have raised concerns about the firm’s handle on its supply and operations. Can these guys keep the food safe? The stock analysts thought the burritos were a bit too hot and beat the stock down. Chipotle’s stock is down big time, losing the heat a rate of nearly 30%![9]

Outlook and Prediction: The food industry is driven by fickle tastes. Is Chipotle a movement, like Starbucks and Panera Bread, or is it a fad that will be beaten back by changing tastes? The safety issues will test consumer demand for Chipotle, and lots of options exist for consumers to get their burrito fix elsewhere. I think Chipotle will bounce back. But it will require that management really gets a handle on its sourcing and operations. It will further require a strong demonstration that things are different going forward and that the risks are under control. It will be a great example to exercise the benefits of risk and supply chain management to return to its pepper hot place in the market.

NFL

There seems to be no sport that has ever enjoyed the dominance currently enjoyed by the NFL. Fans are engrossed each weak, gambling (no, um, playing games of skill) for weekly payouts. But the NFL has major issues facing its image. Last year, the high profile cases of players assaulting women made the news. This year, the release of Concussion, a movie that highlights the concussion risks in the NFL, will, in my opinion, cement in the minds of millions that football is a real health risk (and avoidable). Added to this, we have seen various health warnings on playing youth football and challenges by doctors in recommending not to play the youth sport.[10] [11] A recent survey of views of parents by NPR shows that 51% believe high school football is too risky or needs to be made safer (See graphic below).[12] It is not a good sign for the creation of the next generation of NFL players.

With the NFL owners and teams desiring more luxurious stadiums in various markets and with local municipalities all suffering economically from the downturn in tax revenues since the Great Recession, the appetite for municipally financed stadiums is on the decline. In a major twist, the stadium proposed for relocating the St. Louis Rams to LA would be financed by the owner. This is a change in course for teams and will give some cities increased leverage when teams demand municipally financed stadiums in the future.

Outlook and Prediction: The NFL has a major liability with concussions. Indeed, it has (and likely will) pay for the health damages experienced by past players. But its impact to the image of the sport and the cultivation of younger fans is a growing risk. How many kids go into boxing? The NFL can be experiencing a similar downturn.

The role of cities in funding stadiums is a potentially alienating risk, too. Although not sanctioned by the NFL, the gambling sites for the sport offer long-term risks. Will football be about the sport or the payouts in fantasy football? The answer will change the make-up of fans and what they want out of the sport. Gamblers are less likely to follow one team, I think, making the franchise model less valuable to owners. And, the growing public image of a game destroying people with concussions and municipalities supporting this with stadium subsidies will become a challenge to NFL advances on the stadium front. I think the recent movie, Concussion, will galvanize people to believe more strongly that football is dangerous and that other people should play it and other people should pay for it, but they will continue to watch the product on TV.

Happy New Year!

About Russell Walker, Ph.D.

Professor Russell Walker helps companies develop strategies to manage risk and harness value through analytics and Big Data. He is Clinical Associate Professor of Managerial Economics and Decision Sciences at the Kellogg School of Management of Northwestern University.

His most recent book, From Big Data to Big Profits: Success with Data and Analytics is published by Oxford University Press (2015), which explores how firms can best monetize Big Data. He is the author of the text Winning with Risk Management (World Scientific Publishing, 2013), which examines the principles and practice of risk management through business case studies.

You can find him at @RussWalker1492 and russellwalkerphd.com

[1] Fed Raises Rates after Seven Years Near Zero, WSJ, Dec. 16, 2015.

[2] Fed Raised Rates Even as Inflation Debate Continued, Reuters, Jan. 6, 2016.

[3] U6 Unemployment Rates (2000-2015)

[4] The True Unemployment Rate, U6 vs U3.

[5] December Jobs Soar by 292k, Smash Expectations, but Average Wages Post First Drop Since 2014.

[6] Japan Falls Back into Deflation for First Time Since 2013. Financial Times, Fall, 2015.

[7] Eurozone Faces Renewed Deflation Threat as Consumer Prices Fall. WSJ, Sept. 30, 2015.

[8] US Historical Gasoline Prices from EIA.

[9] Chipotle Stock price for 2015, CNN Money

[10] Noted Surgeon, Dr. James Andrews wants your young athlete to stay healthy by playing less.

[11] America’s Most Dangerous Football is in the Pee-Wee Leagues, Not the NFL. The Atlantic. Aug. 2013.

[12] NPR Poll on High School Football Safety, Feb, 2014.

Risk Management Leadership Lesson: The Value of Trust in Operations

Risk Management Leadership Lesson: The Value of Trust in Operations

Risk Management Leadership Lesson: The Value of Trust in Operations

In business and life, we grow to expect certain things. Namely, our society expects companies to produce products that are safe and reliable. We go to Yelp and rail against restaurants that do not meet our expectation for service. However, large firms, when caught red-handed often have gotten by with a mere slap on the hand. When we see a firm misbehave or use a controversial advertisement, we see boycotts initiated and apologies extracted. What about more severe damages? How a firm operates is important in its success and in forming trust with its customers.

In the last few weeks, we have seen a couple of major developments in how firms have cheated and thus lost trust. Stewart Parnell, the former CEO of Peanut Corporation of America, was sentenced to 28 years in prison for knowingly selling and distributing peanut products containing salmonella. At least nine people are known to have died from these contaminated peanut products. It is a striking case, because we now have the science to keep food safe. We now have the science to find what has killed us and identify the source of that contamination. Yet, a firm and its executives decided to operate in a reckless manner. It is the first severe penalty levied on a food company for selling contaminated food. In the trial, former employees of the Peanut Corporation of America testified that the CEO and firm prioritized profits over safe operating conditions. Of course, the tragic deaths cannot be reversed with prison time or fines. The damage to the Peanut Corporation of America was self-inflicted. No competitor or market force did that to them. No surprise in the capital markets or fear of peanuts by consumers brought them harm. When firms cheat and do harm, they ultimately hurt themselves. This fraud is of course a major risk to shareholders, customers, markets, and, in this case, the health of people.

The recent EPA disclosures about how Volkswagen has more or less gamed its diesel engine systems to perform well on emissions tests (and only during tests) showcases yet another case of internal fraud. Attorneys General across the US are already calling for billions in damages from Volkswagen. The firm created an image for “clean diesel,” sold it to well-educated and wealthy Americans, who wanted an environmentally palatable vehicle, and they profited handsomely from it. Now the lies have been revealed. The fraud, again, is internal and self-inflected. No competitor, regulator, customer, or market force made Volkswagen do this. It is risk that now will harm shareholders, customers, the German economy, and the environment. And, let’s not forget about Toyota and its accelerator, GM and its ignition switches, and well… the list goes on and on. We lose trust in firms because of the harm they cause and because that is the result of internal risk taking and decision-making gone awry.

These two recent cases are largely about internal fraud. It is clear that the firms knew about their misdeeds and elected to operate in a reckless and harmful manner. We often think of internal fraud as a banker walking out of the vault with gold bars. Such fraud is far less likely to occur than that of an executive taking undue risk against the firm to meet short-term goals. With average CEO tenures on the order of 5 years, the pressure to preform is high and the window of opportunity is short. The threat of internal fraud is a risk that all firms must address.

The management of such risk falls under Operational Risk Management. Operational Risk and self-inflicted damages are the cause of the greatest reputational harm. Nobody forced BP, GM, Volkswagen, Toyota, or the Peanut Corporation of America to do what they did. Their executives elected to take risks (and dangerous ones). Trust requires operating successfully over many transactions and creating value for customers. Once that trust and reputation are damaged, the firm must work to change not only its image, but also its operation. The process to managing Operational Risk requires a treatment that addresses the organization, its culture, its management, and leadership. We will explore all of these topics in the upcoming course Operational Risk Master Class: Measurement, Management, and Leadership.

Join us!

About Russell Walker, Ph.D.

Professor Russell Walker helps companies develop strategies to manage risk and harness value through analytics and Big Data. He is Clinical Associate Professor of Managerial Economics and Decision Sciences at the Kellogg School of Management of Northwestern University.

His most recent book, From Big Data to Big Profits: Success with Data and Analytics is published by Oxford University Press (2015), which explores how firms can best monetize Big Data. He is the author of the text Winning with Risk Management (World Scientific Publishing, 2013), which examines the principles and practice of risk management through business case studies.

He  has advised many leading institutions on Operational and Reputational Risk Management, including: The World Bank, SEC, Genworth, Capital One Financial, Discover Financial, PNC, The Bank of England, and the US State Department, among others.

You can find him at @RussWalker1492 and russellwalkerphd.com

Risk Management Leadership Lessons – The Importance of Focusing on Operational Risk

Risk Management Leadership Lessons – The Importance of Focusing on Operational Risk

The Volkswagen case shows us a contemporary case of what can go dramatically wrong when an enterprise does not focus on its operational risk. Worse, it shows what happens when a lack of leadership and presence of cheating overtake the virtues and values of the firm. Operational risk is a major concern for many firms and in particular for financial service firms.

It is important for risk leaders to focus on operational risk for many reasons. Let’s examine some reasons:

  1. Operational Risk is not tied to an investment with a direct upside. Unlike credit and market risk, where the downside exposure is known (or mostly known) at the time of investment, and an upside is projected, setting up an operation or taking on a new vendor introduces operational risk of an unknown and unforeseen nature. There is no upside, generally. Therefore, reducing operational risk is a direct monetary benefit to the enterprise. Removing operational risk requires knowing how and why it occurs, in the first place.
  2. Measuring Operational Risk requires acknowledging it. I once met with a CEO at a bank that told me, “We don’t have operational risk.” I remember telling him in response that until you recognize it as operational risk, you will see operational risk only as unexpected costs via project overrides, unexpected credit losses, and even lawsuits from customers. He informed me, “We have lots of that.” It is not about semantics. Operational risk is an error and unless you are looking for errors, it will simply look like your business, process, or systems have deviated from plan. Removing the error will be impossible from the investment decision to operate. If a loan process has missing data (a common operational risk) and the loans under-perform, the decision might be to shutdown the loan business entirely (not to invest) but the correct action is to fix the operational risk and process for collection of data. Not understanding and measuring operational risk will mean that business decisions are sub-optimal. Operational risk management is about removing the errors and making the business investment more precise going forward.
  3. Critical operations introduce the biggest operational risk. As in all industries, the desire to reduce costs and develop new products is with us constantly in financial services. Outsourcing and new business models have also brought new risks as costs have been removed. The pressure to move into new banking products, such as online, mobile, and RFID payments have introduced operational risks too. It is little surprise that Apple Pay experienced a fraud rate of over 6%, which is more than 60 times that of normal credit cards.[1] Today, every bank and insurance executive fears that day they see customer data breached and shared online. A repeat of the Target case is nightmare for any business leader. Storing, accessing, and transmitting critical data are now some of the most critical decisions facing a financial institution.[2]
  4. Operational Risk is at the root of reputational harm and regulatory risk. When asked, a risk leader, CEO, or board member will report that their greatest concern is harm to the reputation and customer.[3] Next, it is a great concern that a regulatory body might target the firm for behaviors (real or implied) and penalize the firm accordingly, often in response to how a customer has been harmed. The way a business operates is tied to how it treats a customer and how it fails in providing the customer what he or she expected or was promised. Customers sue banks and insurers for their practices and enforcement when something goes wrong. That is operational risk. If you want to get a head of reputational harm and regulatory risk, focus on operational risk detection and prevention. Develop a plan to measure, manage, and lead operational risk.

How a firm operates and makes decisions is tied to how it manages internal decision-making processes. The management of such risk falls under Operational Risk Management. Operational Risk and self-inflicted damages are the cause of the greatest reputational harm. Through cases and simulations, we will explore all of these topics in the upcoming course Operational Risk Master Class: Measurement, Management, and Leadership.

Join us!

About Russell Walker, Ph.D.

Professor Russell Walker helps companies develop strategies to manage risk and harness value through analytics and Big Data. He is Clinical Associate Professor of Managerial Economics and Decision Sciences at the Kellogg School of Management of Northwestern University.

His most recent book, From Big Data to Big Profits: Success with Data and Analytics is published by Oxford University Press (2015), which explores how firms can best monetize Big Data. He is the author of the text Winning with Risk Management (World Scientific Publishing, 2013), which examines the principles and practice of risk management through business case studies.

He has advised many leading institutions on Operational and Reputational Risk Management, including: The World Bank, SEC, Genworth, Capital One Financial, Discover Financial, PNC, The Bank of England, and the US State Department, among others.

You can find him at @RussWalker1492 and russellwalkerphd.com

[1] http://blogs.wsj.com/digits/2015/03/03/fraud-comes-to-apple-pay/

[2] Deloitte, Global Risk Survey of CROs.

[3] Economist Intelligence Unit, survey of CROs.

Risk Management Leadership Lessons – Operations Are Improved when Leaders Welcome Bad News

Risk Management Leadership Lessons – Operations Are Improved when Leaders Welcome Bad News

Risk Management Leadership Lessons – Operations Are Improved when Leaders Welcome Bad News

As the Volkswagen case unravels before our eyes, it plays out a familiar and repeated lesson on dealing with risk. This lesson is that early warning signs were available, but ignored. It appears that Bosch warned VW of the illegal diesel emissions as early as 2007.[1] It is not entirely surprising that VW and its executives ignored the warning. In fact, many of the great risk-driven crises involve firms that ignored early warning signs. Often early warning signs come as disconfirming information – or bad news – information that suggests the prevailing outlook on things is flawed and that a negative outcome is looming.

Let’s look at some other big failures in risk management and how the ignoring of early warning signs played a dangerous role. Evidence shows that BP had many test results, indicating that the critical pressure levels on the doomed Deepwater Horizon well were questionable. Toyota had the benefit of many years of excessively large numbers of customer complaints about accelerators. GM knew of the ignition problems. And, even famously, the NASA leadership team knew of the vulnerability of rubber O-rings in low temperatures (it was below freezing at Cape Canaveral the night before the launch in January, 1986). In all cases, the organizations ignored the information and elected to interpret it in a different manner. Why?

The answer is tied to how we develop our outlooks or hypotheses for the things around us. In these spectacular failures, the organizations and their leaders had early warning signs. Yet the early warning signs were ignored. As humans, we are predisposed to confirmation bias when confronted with new and disconfirming information. That is to say, when we see data that suggests our outlook is wrong, we first interpret the data in a way that still fits our rose-colored outlook. We attempt to discredit the data, the messenger, or the meaning of the data before we question our outlook and theory.

For instance, it results in the following claims: The drivers are the problem with Toyota automobiles, not the accelerators. Inconclusive pressure tests are common in oil well tests, as noted by BP. There is no statistically shown relationship between O-ring failure and temperature, as asserted by NASA before the Challenger explosion. And at VW, our engines are better, in spite of the data and warnings.

Overcoming these challenges is a fundamental one in the management of risk and decision-making. It involves organizational refocus and a diligent examination of disconfirming information or bad news. For the leader, it means opening your personal and professional network to the upward from of disconfirming information. That is not a one-time task, but a change in how you operate and do business.

How a firm operates and makes decisions is tied to how it manages internal decision-making processes. The management of such risk falls under Operational Risk Management. Operational Risk and self-inflicted damages are the cause of the greatest reputational harm. Through cases and simulations, we will explore all of these topics in the upcoming course Operational Risk Master Class: Measurement, Management, and Leadership.

Join us!

About Russell Walker, Ph.D.

Professor Russell Walker helps companies develop strategies to manage risk and harness value through analytics and Big Data. He is Clinical Associate Professor of Managerial Economics and Decision Sciences at the Kellogg School of Management of Northwestern University.

books together from amazon

His most recent book, From Big Data to Big Profits: Success with Data and Analytics is published by Oxford University Press (2015), which explores how firms can best monetize Big Data. He is the author of the text Winning with Risk Management (World Scientific Publishing, 2013), which examines the principles and practice of risk management through business case studies.

He has advised many leading institutions on Operational and Reputational Risk Management, including: The World Bank, SEC, Genworth, Capital One Financial, Discover Financial, PNC, The Bank of England, and the US State Department, among others.

You can find him at @RussWalker1492 and russellwalkerphd.com

The Value of Trust: Operating for Success

The Value of Trust: Operating for Success

The Value of Trust: Operating for Success

In business and life, we grow to expect certain things. Namely, our society expects companies to produce products that are safe and reliable. We go to Yelp and rail against restaurants that do not meet our expectation for service. However, large firms, when caught red-handed often have gotten by with a mere slap on the hand. When we see a firm misbehave or use a controversial advertisement, we see boycotts initiated and apologies extracted. What about more severe damages? How a firm operates is important in its success and in forming trust with its customers.

In the last few weeks, we have seen a couple of major developments in how firms have cheated and thus lost trust. Stewart Parnell, the former CEO of Peanut Corporation of America, was sentenced to 28 years in prison for knowingly selling and distributing peanut products containing salmonella. At least nine people are known to have died from these contaminated peanut products. It is a striking case, because we now have the science to keep food safe. We now have the science to find what has killed us and identify the source of that contamination. Yet, a firm and its executives decided to operate in a reckless manner. It is the first severe penalty levied on a food company for selling contaminated food. In the trial, former employees of the Peanut Corporation of America testified that the CEO and firm prioritized profits over safe operating conditions. Of course, the tragic deaths cannot be reversed with prison time or fines. The damage to the Peanut Corporation of America was self-inflicted. No competitor or market force did that to them. No surprise in the capital markets or fear of peanuts by consumers brought them harm. When firms cheat and do harm, they ultimately hurt themselves. This fraud is of course a major risk to shareholders, customers, markets, and, in this case, the health of people.

The recent EPA disclosures about how Volkswagen has more or less gamed its diesel engine systems to perform well on emissions tests (and only during tests) showcases yet another case of internal fraud. Attorneys General across the US are already calling for billions in damages from Volkswagen. The firm created an image for “clean diesel,” sold it to well-educated and wealthy Americans, who wanted an environmentally palatable vehicle, and they profited handsomely from it. Now the lies have been revealed. The fraud, again, is internal and self-inflected. No competitor, regulator, customer, or market force made Volkswagen do this. It is risk that now will harm shareholders, customers, the German economy, and the environment. And, let’s not forget about Toyota and its accelerator, GM and its ignition switches, and well… the list goes on and on. We lose trust in firms because of the harm they cause and because that is the result of internal risk taking and decision-making gone awry.

These two recent cases are largely about internal fraud. It is clear that the firms knew about their misdeeds and elected to operate in a reckless and harmful manner. We often think of internal fraud as a banker walking out of the vault with gold bars. Such fraud is far less likely to occur than that of an executive taking undue risk against the firm to meet short-term goals. With average CEO tenures on the order of 5 years, the pressure to preform is high and the window of opportunity is short. The threat of internal fraud is a risk that all firms must address.

The management of such risk falls under Operational Risk Management. Operational Risk and self-inflicted damages are the cause of the greatest reputational harm. Nobody forced BP, GM, Volkswagen, Toyota, or the Peanut Corporation of America to do what they did. Their executives elected to take risks (and dangerous ones). Trust requires operating successfully over many transactions and creating value for customers. Once that trust and reputation are damaged, the firm must work to change not only its image, but also its operation. The process to managing Operational Risk requires a treatment that addresses the organization, its culture, its management, and leadership. We will explore all of these topics in the upcoming course Operational Risk Master Class: Measurement, Management, and Leadership.

Join us!

About Russell Walker, Ph.D.

Professor Russell Walker helps companies develop strategies to manage risk and harness value through analytics and Big Data. He is Clinical Associate Professor of Managerial Economics and Decision Sciences at the Kellogg School of Management of Northwestern University. His most recent book, From Big Data to Big Profits: Success with Data and Analytics is published by Oxford University Press (2015), which explores how firms can best monetize Big Data. He is the author of the text Winning with Risk Management (World Scientific Publishing, 2013), which examines the principles and practice of risk management through business case studies.

books together from amazon

He  has advised many leading institutions on Operational and Reputational Risk Management, including: The World Bank, SEC, Genworth, Capital One Financial, Discover Financial, PNC, The Bank of England, and the US State Department, among others.

You can find him at @RussWalker1492 and russellwalkerphd.com

The Increasing Importance of Operational Risk in Enterprise Risk Management

The Increasing Importance of Operational Risk in Enterprise Risk Management

Enterprise Risk Management, as a corporate undertaking, has its deepest roots in financial services. Historically, for banks and insurance firms, the focus within enterprise risk has largely been credit and market risk. The Great Recession of 2008 showed us that liquidity risk and the interplay between a firm and capital markets were also important to consider. Now that sufficient time has passed since the Great Recession, we see that credit and market risk were not the sole causes. Indeed, critical operations and processes at many lending institutions failed. Underwriting procedures, loan processing, and the like were subject to little if any confirmation and oversight, leading to larger and higher credit risk positions than anticipated. Operational risk had reared its ugly head. The wave of regulation that has overtaken the financial services industry since then is largely driven by concerns over processes and procedures that caused harm to customers. The impact of processes and policies has never been greater. There are drivers at work to suggest that operational risk is still increasing, and that in particular, firms should be mindful of certain risk drivers, in the context of enterprise risk management, such as Increasingly Complex Operations, Development of New and Untested Products, Automation and Digitization, Increasing Reputational Impact from Operational Risk, New Focus of Regulators on the Treatment of Customers as Victims, and lastly, Cyber Risk. The disturbing and uncomfortable reality is that operational risk is unintended and, in theory, should not happen, if critical processes are well designed. Operational risk is self-inflicted, or if not self-inflicted, it is the result of unexpected errors or mistakes, all proving to be much more costly and dangerous than initially anticipated. Therefore, this leads firms to pay specific focus on operational risk management as part of enterprise risk management.

Full article at:

http://www.ermjournal.org/index.php/erm

Managing Data Breaches and Cyber Risks

Data Breaches Impact Reputations and Customers

A data breach can lead to terrible consequences for you and your customers. In addition to devastating financial losses, the damage to your reputation and brand may be irreversible. Yet, despite the risks, some firms still view cyber crimes as random events. They take a “this will never happen to me” approach. On the contrary, it can happen to you and there are things you can do to prevent it.
For one, know that hackers don’t pull names out of a hat. They target firms for precise reasons. Either you have something they want or they’ve spotted a weakness in your system that makes you vulnerable. Consider TJX. In 2007, the retail giant reported the largest data breach in history. Out from under the company’s nose, cyber criminals made off with more than 45 million credit and debit card numbers. It turned out the crooks had been siphoning data for nearly two years before TJX detected the breach. How did the hackers do it? They intercepted insecure wireless payment information TJX was sending to its credit card authorizers and banks. TJX was using an outmoded WEP encryption instead of the more secure WAP. The company elected to not install the latest encryption technology, figuring the risk of a breach was low. Sounds familiar. It was also at work in the Target and Home Depot cases. You might argue, TJX’s business was retail, not technology. What did its management know about cyber crime? Probably not as much as they do now. But had they taken the risks more seriously, the event likely would never have happened.
Employees present a risk, too
Sometimes cyber criminals get help from employees inside a company. In 2011, an RSA employee retrieved an email from his junk folder and opened it. The email contained a malware that gave cyber thieves a foothold and allowed them to burrow into the company’s network. That one employee’s oversight ended up costing RSA and its parent company EMC $66 million. Other times, employees inside a company become the cyber criminals themselves. Booz Alan Hamilton gave its employee Edward Snowden access to classified information. Snowden, in turn, went against his employer’s client, the US government, by going public with that information. JP Morgan, Barings Bank and Société Générale are examples of other companies that also have experienced employee fraud or data breaches.
Tips for securing your data
We live in a data-driven society. Fortunately, you can do a few things to mitigate loss, and ensure your data is more secure.
1. Pay attention to the tiniest of details – As we rely increasingly on data automation to do our heavy lifting for us, we open ourselves up to the dangers of processing data inappropriately. Cloud storage and file sharing add to that risk. It’s best to take a detailed approach to examining data flows. Small holes easily can turn into flood gates.
2. Partner with best-in-class data firms – TJX lost money not because of a bad business model or even poor customer service. It lost money because of how it transferred credit card data, a task far outside of running a department store. Target, Home Depot, and many more are suffering the same. Be honest about what you do best and don’t be afraid to partner with experts in data risks and management.
3. Know your employees and their actions – A broad universe of tools (social networks, blogs, and intranet postings) is available for monitoring employee behavior. Many firms even deploy keystroke tracking software to comb messages and emails for legal issues. It is important to educate employees on how their actions can impact a company’s overall data security.
4. Customers expect more than the law – Laws exist that set clear direction on how companies need to process financial and health care data. But as more firms allow data sharing with web services and third-party apps, the risks become greater. Management needs to look to customer expectations regarding the treatment of data.