How quickly this conversion of data to useable information needs to be done is dependent on the role and needs of the particular decision maker. For instance, for an algorithmic trader, relevant time is measured in fractions of a second, whereas relevant time for a risk manager who is monitoring a trading desk can range from minutes to an hour. Alternatively, for the owner of a private equity deal, relevant time can range from weeks to months. So while a trader may execute in what approximates to ‘real time’, generally, there’s not a lot that is real time about risk management. The critical time measure is the time it takes to convert data into information and make a decision based on that data. It is therefore the goal of all risk systems to present data in a useable format as quickly and accurately as possible. Rather than providing high frequency ‘data’ updates, which can actually impede decisions, relevant time risk management provides decision makers with high quality data that is processed and summarises the required information.

Holistic risk management At Macquarie Bank’s February 2010 investor and analyst briefing, the importance of effective risk management was highlighted in nearly all divisional presentations. The chief executive, Nicholas Moore, stated: “Risk management continues to be at the core of all our businesses.” Whether it is called ‘real time’ or ‘relevant time’, risk management is now one of the top three concerns for CEOs, with many organisations now taking a holistic approach to risk management. This approach means that a risk culture is established at board level and embedded throughout the institution. To ensure the process is effective, there are some lessons from those institutions that sustained the crisis relatively unscathed. Some of these lessons include: • Senior management and the Board must take a critical view of risk and have a complete understanding of risk reports • Risk management function should be independent of the business and various business divisions • Appropriate levels of risk appetite must be set and understood • The limits of any risk measure that is used must be understood. For example, if using VaR, recognise that it needs to move towards a multi-period, default adjusted calculation that incorporates macroeconomic stress events to increase its accuracy • The use of stress testing and scenario analysis should be revised and expanded to incorporate unlikely events, rather than just looking at minor extensions of incidents that have already occurred • Ensure technology systems are based on a flexible and coherent architecture to provide the adaptability required to incorporate modifications and extensions resulting from changes to regulation and business processes

Join the discussion