Two of the most important questions which CROs need to answer are: Is our risk profile transparent and understood by management? And is it within delegated authorities?
Answering these questions lies at the heart of an effective risk and limit controlling framework, one of the four elements of an effective enterprise risk management framework. I emphasize this point because risk controlling is too often confused with risk management. Reiterating a common theme, having the right information is an important and necessary precondition to creating value, but it is not sufficient – the information has to lead to business impact through better decisions and execution.
Given the complexity of most banking and insurance businesses, answering these questions typically leads to very large systems investment, in capturing the underlying data, applying the technical approaches necessary to characterize a complex risk landscape and making the results available and relevant to managers.
This chapter outlines the fundamentals of a risk and limit controlling framework.
That a bank or insurer needs to understand its risk profile and ensure that it is within delegated limits is a bit like “Motherhood and Apple Pie” – it is compelling on an emotional level, offering nothing to disagree with, but there is not a lot of depth behind it. This section goes a little deeper in order to better understand and motivate why financial services firms typically ...