In our first installment of this series, we looked at the importance of profit & loss statements as one of three blind spots in operational risk. Today we will get into the second area of concern: Excessive growth.
It’s important for risk managers to understand how their organization functions in a holistic way. This means working with compliance, technology, operations, and audit managers to better understand the financial and risk data they report. Once the risk manager understands how the organization works, abnormal changes in the financial data will help guide them to potential changes in risk that need to be addressed.
For example: an organization sees the number of their loan payments double. Logically, the expectation is that head count in loan operations would increase, given the need for more resources. Salary expense would similarly increase. The value of loans across the organization would potentially be affected. The financial data is telling the story of changes happening outside of a risk manager’s scope, and should be driving questions in a risk manager’s mind:
If there are double the staff doing loan transactions than before, what is the likelihood that they are all doing them correctly?
Is there reputational risk associated with that growth?
How does this increase change the controls and key indicators I have in place for these functions?
The risk manager has to consider the operational implications in that behavioral change in order to effectively address the risk that goes with it.
In the final piece of this series, we will be focusing on the completeness of the assessment process (or lack thereof) as the third operational risk blind spot you should be investigating.