by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Summer 2013
33 Over the last decade or so, most financial institutions will have made significant investment in risk management systems in response to regulatory requirements and as a result of operating in increasingly complex global business environments. However, systems alone a re simply not enough. The human factor is critical in effectively managing risk. Most sophisticated risk management systems need to be customised, configured and fine-tuned to monitor risk effectively, thus requiring considerable input from people that have the knowledge, skills and experience of the operating environment and who truly understand the risks that their business faces. As many risk systems are business-rule driven and calibrated by experts based on thresholds and scores, the resulting 'alerts' need to be evaluated by experts. They must analyse contributing factors and apply judgment-based decisions to determine whether the alert is a 'false positive' or requires investigation. Trained investigators then need to examine a wide range of factors including the frequency of alert occurrences and re-occurences, the volume and value of the contributing transactions, the parties and accounts involved in the transaction(s), the timeframe over which the transactions were conducted, the instruments used to facilitate the transaction(s) and many other factors to arrive at a decision. Risk systems are ultimately only as effective as the people that design and operate them, so I don't expect humans will become redundant in the GRC space anytime soon. Using software increases transparency, consistency and efficiency by taking a process-driven approach to GRC to resolve incidents quickly with a full audit trail demonstrating your cor rective a nd preventive actions. Software customised to AFSL/ACL obligations and combining audit-proof workflows with industr y experience, can assist organisations with efficiently assessing situations. Using documented processes lets you confidently meet your licence obligations while efficiently managing risks. Having a system to manage your regulatory and commercial concerns and their related actions, is crucial to robust management. Manually managing risks rarely ensures risk prevention. Software can put all your data concerning risk assessments, control-testing and audits in a single database to ensure consistency with reporting and real-time snapshots of your risk status. GRC is all about balancing commercial success with risk appetite. You can build a system to identify/manage all risks but that comes at a price -- profitability. Setting up automatic control alerts is one way a system can efficiently and effectively a ssist you. However, technology possesses no consciousness. It can outperform humans in capacity but doesn't have the human intelligence to pick-up human emotions during auditing, ask questions, seek answers to those questions, and expand on what we learn from the answers. In this way the human element cannot be eliminated. Similarly, technology can't replace auditors or the evaluative review process. ••• ANTHONY QUINN, FINANCIAL CRIMES CONSULTING Risk systems are ultimately only as effective as the people that design and operate them. ' CHEYENNE WALKER, HEAD OF RISK AND PROFESSIONAL STANDARDS, ADVICENET PTY LTD ' Manually managing risks rarely ensures risk prevention.
GRC Spring 2012
GRC Autumn 2013