The discipline of risk management has become increasingly important and more complex, underscoring the value of a corporate culture that emphasis risk analysis throughout a firm’s decision-making process, SIA Chairman Richard E. Thornburgh, today told SIA’s Technology Management Conference in Washington.
“I’m convinced that it is even more important to have a robust culture of risk management within an organization,” said Thornburgh, the chief risk officer for Credit Suisse Group and a member of the Credit Suisse Group Executive Board.
Effective technology is essential, Thornburgh said, but “the best tools that technology has to offer – even combined with sound analytical judgment – are bound to fall short of the goal of successful risk management.”
The importance of risk management, he said, is shown in the cumulative dollar value of operational risk management failures, which he estimated to be nearly $25 billion through the end of 2003. “While such failures obviously can have large financial consequences,” Thornburgh said, “they also can lead to even greater costs – such as the loss of investor confidence in a company, its products and services, or its leadership. Ineffective risk management can destroy a company, and in the process inflict tremendous damage on the world’s financial markets.”
The challenge of managing risks, he said, was becoming more complex due to globalization of the financial markets, the ever-increasing sophistication of financial engineering, the changing nature of regulatory requirements, notably the Basel II capital accord, and terrorism.
In summarizing the key milestones in the evolution of the discipline of risk management, he said “economic risk capital represents the emerging best practice for measuring and reporting all kinds of risk across a financial organization. ERC provides management with a standardized unit for decision making, a common reference point within a firm for identifying and pricing risk.”
“While effective technology is an indispensable tool of risk management, it is insufficient by itself,” Thornburgh said. “Companies must have a robust risk culture. That means embedding the risk management function into their core business processes. It means that risk manager must be partners in risk-return discussions. And it means that companies must place a high value on the ability to operate sophisticated I.T. systems and the business judgment needed for sound business practices.”