You are currently browsing the tag archive for the ‘operational risk’ tag.

All the hubbub around big data and analytics has many senior finance executives wondering what the big deal is and what they should do about it. It can be especially confusing because much of what’s covered and discussed on this topic is geared toward technologists and others working outside of Finance, in areas such as sales, marketing and risk management. But finance executives need to position their organization to harness this technology to support the strategic goals of their company. To do so, they must have clarity as to what big data can do, what they want it to do, and what skills and tools they need to meet their objectives.

Big data has always been with us, just on smaller scales: The term refers to data sets so large and complex that organizations have difficulty processing them using on-hand database management systems and applications. It has become a popular buzzword because technology for handling big data has crossed a threshold, making it at the same time more capable and cost-effective. Companies now can tap into huge amounts of structured and unstructured data using advanced data processing technologies, analytics and visualization tools to achieve insights not previously available using more conventional techniques. In a recent research analysis, I covered some of the potential benefits (and potential pitfalls) of big data as it relates to company management. Increasingly, the ability to analyze large quantities of business-related data rapidly holds the promise of fundamental changes in how executives and managers run their businesses. Properly deployed, big data analytics enables a more forward-looking and agile management style, even in very large enterprises. Because it allows more flexible forms of business organization, it can give finance organizations greater scope to play a more strategic role in corporate management.

Big data and analytics are a natural combination. By itself, a mass of data is not especially useful, and there are significant challenges to teasing out insight from such large data sets. However, information technology has evolved to make assembling and working with extremely large amounts of data far more practical. As well, routines involving advanced analytics that were once the domain of people with Ph.D.s in statistics are increasingly usable by business analysts, as new analytical software packages are designed to hide the complexity of the underlying statistical work. My colleague Tony Cosentino recently summarized the progress to date in adoption of big data analytics, covering some of the existing uses (already numerous) and emerging trends.

Keep in mind that it’s not just a matter of learning how to master new software and munge data. Finance departments must sharpen their skills in determining how to best utilize big data analytics. And it’s even more important that finance executives understand vr_oi_goals_of_using_operational_intelligencehow to make practical use of big data analytics: In some cases users may want to consume only the output of the analytics created by other parts of the organization (such as demand forecasts by product families), while in others the organization may want to purchase applications that use or embed big data analytics (such as continuous monitoring for ERP systems governance) or enable price and profit optimization.

Our benchmark research on operational intelligence, a technology-driven discipline that has been using big data operating across networks and systems has been using analytics for years, shows that the most common reasons for using such applications (cited by almost three in five companies) are to manage performance, detect fraud, comply with regulations and manage risk. These areas are broadly applicable for finance organizations, but I assert that as well as governance and control, initially the three main applications of big data analytics are planning, reviews and alerts. Here’s how.

Companies do a lot of planning, so it’s useful to segment the activity. One way is by time. There are three main planning time frames in which big data analytics plays a role.

  1. Short-term tactical planning is used, for example, to project demand for specific products or create offers that might spur incremental demand. Especially in consumer products and business-to-consumer marketing, these models are statistically and computationally challenging, as they must be continually updated and adjusted. However, this is not an area of business where Finance has taken a role.
  2. Long-term and strategic planning can help determine the impact of a confluence of factors on markets and costs. Decades ago, the largest companies maintained strategic planning staffs to generate long-term forecasts to inform senior executives of important market trends. Except at companies that have very long cycles with specific demand and supply requirements, those staffs have disappeared or have been substantially reduced as corporations switched to third-party sources.
  3. In the time horizon between short- and long-term planning there are techniques for improving the accuracy of forecasts of revenue and costs using large sets of historical data, which enable organizations to better understand the various factors that influence demand. This sort of advanced modeling using predictive analytics can be useful in improving the accuracy of corporate business planning and budgeting, which is at the core of financial planning and analysis. Predictive analytics uses techniques from statistics, modeling and data mining that weigh multiple current and historical facts and their interactions to predict outcomes. Good predictive models can identify the most important factors driving outcomes, and because of this, they often can be more accurate than simple extrapolation. For example, by examining large sets of historical data, a fast-food chain can predict with reasonable accuracy demand for certain menu items at specific locations at a given hour of a given day by taking into account factors such as the day of the week, time of the year, sales patterns over the past three weeks, advertising spend and special offers.

As useful as predictive analytics are for forecasting, they may be even more valuable when applied to reviews and alerts. Predictive analytics can provide a baseline against which to compare actuals. This, in turn, enables an organization to get an earlier warning when results diverge meaningfully from what was expected, so executives and managers can react immediately rather than in days or weeks. For example, in business-to-business relationships that involve many routine purchases (any sort of supplies, for example) a divergence from established trends could generate an alert to the sales organization. Embedded analytics in an order-entry system could highlight late or smaller-than-usual orders. These might indicate a competitive threat or some other issue that would benefit from a timely interaction with the customer. This is just one of the ways that data captured by the financial systems can be used to improve the effectiveness of other business units, enabling the department to play a more strategic role in supporting the company.

Another use is in accounts receivable, where predictive analytics can promote customer satisfaction. To illustrate, a company that does a routine analysis of payment patterns can have a good idea of when specific customers will pay. If one that routinely pays its invoice between the 16th and 19th day of the month has not paid by the 23rd day, the analytics system generates an alert. A call to the customer or an automated email notes the delayed payment, asking if there was an error in the billing or some other point in dispute. There are a couple of advantages to this approach. If nothing else, if there is an issue, it is likely to be resolved more quickly. Moreover, from a customer satisfaction perspective, it’s a far superior form of customer interaction than waiting several weeks and then sending out a dunning notice demanding payment. Resolving any issue sooner improves cash flow, and if the company did make a mistake, asking for payment will only annoy the customer. Another use of big data in receivables is to automatically identify customers that are routinely tardy in paying. This can kick off an internal company discussion about what ought to be done about the situation, such as limiting credit or finding ways to accelerate payments.

Governance is another area where big data analytics are already at work, with companies using it for fraud detection and alerting. For instance, software packages can monitor a company’s financial systems for evidence of suspicious activities such as payments to bogus vendors or top-level alterations to financial statements. Such systems are designed to be high-level controls that reduce the need for manual internal and external audit work. And even more is possible. As I noted earlier, in the not-too-distant future it may be possible to have an “auditor in a box” – a forensic system that continuously identifies and lists all suspicious activities, transactions and conditions and weighs their materiality. Such a system would permit more timely responses to the risk of material errors or fraud and facilitate examinations by external auditors. In addition to being far more efficient than periodic manual effort, the auditor-in-a-box concept is potentially more reliable because it examines everything rather than relying on sampling.

However, there are challenges. Staffing and training are significantvr_bigdata_obstacles_to_big_data_analytics issues for Finance in dealing with big data analytics. Our research into the challenges of utilizing big data shows that nearly four in five companies find staffing and training to be an obstacle in utilizing big data. Despite the fact that analytics is an inherent element of the finance function, it almost always involves the broad application of basic approaches employing simple math (ratio and margin analysis, for example). Few departments have applied advanced analytics: Our finance analytics research finds that only 13 percent of finance departments employ predictive analytics.

To be able to handle these staffing and training needs, finance executives must understand their department’s big data analytics competence requirements. A useful place to start is to become familiar with the five personas Tony Cosentino developed to describe the people working with business intelligence and analytics. These personas illustrate the various objectives, skills and interests that individuals bring to the discipline. Adapting his approach to big data analytics to this discussion, at the top of the list are highly skilled statisticians who do exploratory work and create purpose-built analytics and analytical models to address specific tasks. These people usually have advanced degrees in statistics and understand how to use sophisticated analytical software and data sets to their fullest. Few finance organizations need this level of capability. A second type of user includes business analysts who have in-depth knowledge of the business and finance issues, know how to access and apply available data relevant to the issue, and have the ability and commitment to master software that requires training but not an advanced degree in statistics. Depending on a company’s size, finance organizations will need a person or a group of people with this level of competence. A third type is the knowledge worker. This description includes executives, managers and directors who need to interact with – not just consume – advanced analytics. These types of users should not be expected to learn how to create or structure analytics, but they need to know how to employ analytics embedded in dashboards or applications as well as visual discovery tools, which are increasingly user-friendly. This level is where the need is broadest, so finance executives must focus most of their efforts in terms of developing these skills.

Big data analytics is an important development that will challenge finance organizations to use new capabilities to improve their effectiveness and enhance their company’s competitiveness. There are many ways organizations can begin to address the challenge. At least, CFOs and senior finance executives should create a steering committee to identify opportunities to apply big data analytics; identify gaps in skills, processes, data availability and software; and establish timelines and goals. Moreover, if CFOs are serious about exploiting the potential of big data analytics, they must communicate its importance to their department and demonstrate a commitment to a plan of action.

Regards,

Robert Kugel – SVP Research

I’ve frequently commented on the artificiality of the emerging software category of governance, risk and compliance (GRC). The term is used to a cover a combination of what were once viewed as stand-alone software categories, including IT governance, audit documentation and industry-specific compliance management, to name three examples. While it’s still common for specific types of software to be purchased piecemeal by different departments, these disparate areas have started a long convergence process. Since just about all controls and risk management efforts require a secure IT environment to be effective, there is a growing interdependence between effective IT governance and everything else connected with enterprise GRC.

Our research has established that companies are immature with respect to their risk and compliance activities. One fertile area where most companies can make substantial improvements is in operational vr_grc_operational_risk_effectivenessrisk effectiveness. Although one-fifth or fewer said their operational risk controls are ineffective, even fewer rated them very effective. For example, just 20 percent said their company’s controls for natural disasters are ineffective, but only 15 percent assessed them as very effective; the rest rated their controls in the middle category, effective. Just 9 percent have controls for supply chain disruption, and therefore almost all must improvise in response to these relatively common occurrences. Certainly, companies with big, important brands pay attention to the risk of reputational loss. Yet even small businesses must now contend with the impact of negative reviews on a range of websites – assuming they even know that one has been posted. Just one in eight (13%) has effective controls to deal with natural disasters – and that’s the leading risk category. More than a decade after the Sarbanes-Oxley Act was enacted to address it, just 6 percent of companies say they have effective internal fraud controls. (For private U.S. companies, it doesn’t matter if they don’t document these controls, but for the sake of good governance they must be present and effective.) The research shows that companies are least good at controlling demand disruption (26% said their controls are ineffective and just 5% said they are very effective) and reputational loss (26% and 9%, respectively).

The responses show that a majority of organizations believe they are doing reasonably well, but I disagree. “Somewhat effective” is a risky attitude. This type of thinking leads to complacency and a lack of effort to improve risk management. I think “very effective” ought to be the standard companies apply to their risk controls.

Financial controls are easier to implement, and there is a long history of their use, yet here again many companies are lagging. Of six key financial risk management efforts we listed, participants identified as the most effective their controls for material financial misstatements (the key objective of the Sarbanes-Oxley Act), with 37 percent saying they are very effective and 51 percent calling them effective. Fewer rated their credit controls very effective (24%), though only 5 percent said they are ineffective. The explanation for this distinction may be that, whereas the consequences of material financial misstatements are direct and severe (likely requiring restatement of financial results and possibly a loss of investor credibility), there may be a strategic reason for a certain laxity in granting trade credit (such as trading off higher revenues against increased credit losses). Controlling risk through contingency planning was identified as the least effective control, with just 14 percent saying it is very effective and 34 percent labeling it ineffective. (Of course, in this case such an assessment is speculative.) Across industries, fire, insurance and real estate companies rated their risk management efforts more effective, likely because risk management is a well-established practice and readily quantifiable in that industry. Midsize companies rated their tax risk management as very effective much less often than larger ones, likely because they have fewer resources to devote to it; they also said more often they are ineffective at preventing disruption of funding.

Managements in heavily regulated industries are more attuned to the risk vr_grc_value_of_a_better_approach_to_grcof compliance failures. Those in financial services businesses are regularly focused on risk because it is a core competence (after all, risk is what insurance is all about). Other types of industries, however, pay less attention to managing risk and usually implement change after disaster strikes. Human nature being what it is, many successful executives and managers are less inclined to focus on risk, yet companies will find that regular risk reviews are in order to challenge assumptions and consider potential responses when unfavorable events occur. Along with this, companies must define and develop methods for spotting risk events sooner and responding faster. The research finds that one of most often identified benefits companies get from GRC efforts is being able to identify and manage risk faster (chosen by 79%), followed by improving the control environment (59%) and preventing situations from occurring because of neglect (54%).

Managing risk and compliance effectively is an important component of good governance. Managing risk intelligently enables organizations to be more successful because it can deliver a competitive edge. Those businesses that are good at managing risk are able to make aggressive moves more prudently, spot negative trends faster, and respond more quickly and effectively when disaster strikes. Harnessing IT for more intelligent risk and compliance management is an important practice in operational risk management. Executives and managers must become familiar with the technology if they want to manage risks as intelligently as they should.

Regards,

Robert Kugel – SVP Research

RSS Robert Kugel’s Analyst Perspectives at Ventana Research

  • An error has occurred; the feed is probably down. Try again later.

Twitter Updates

Stats

  • 127,040 hits
%d bloggers like this: