Select Page

The Evolution of Risk Accounting

Operational Risk Management Today: Insights from the McKinsey & Co. and ORX Report

Operational risk management has always been a critical area of focus for banks and financial institutions, but recent years have brought heightened scrutiny to the methods and tools used to manage these risks. A 2017 report by McKinsey & Co. and the Operational Riskdata eXchange Association (ORX) offered a sobering assessment of the state of operational risk management, highlighting significant gaps and challenges that continue to plague the industry.

In this article, we’ll delve into the key findings of this report, explore the persistent issues in operational risk management, and discuss how risk accounting can provide the much-needed paradigm shift to address these challenges.

looking up at tall buildings in a city

Summary of the Report

The report titled “The Future of Operational Risk” by McKinsey & Company and ORX highlights the evolving landscape of operational risk management in financial institutions.

The report emphasizes the need for a shift from traditional, often manual, risk detection methods to more advanced, analytics-driven approaches. It identifies several key areas for improvement: expanding the mandate of operational risk management to include more active oversight, leveraging real-time data and advanced analytics for issue detection, and addressing the growing importance of specialized risks such as cyber and fraud risks.

Additionally, the report discusses the challenges of improving organizational risk culture and the necessity of enhancing the skills and tools available to risk managers. The ultimate goal is to move operational risk management from a compliance-focused activity to one that proactively supports business resilience and operational excellence, particularly in the face of increasingly complex risks and regulatory demands.

The McKinsey & Co. and ORX Report

The report titled “The Future of Operational Risk” was the result of an extensive survey conducted with Chief Risk Officers (CROs) across leading financial institutions. The goal was to assess the effectiveness of current operational risk management practices and identify areas for improvement. The findings were eye-opening and highlighted several critical issues that continue to undermine the effectiveness of operational risk management in the banking sector.

One of the most striking observations from the report was that “many still described existing operational risk management information as backward-looking, shallow, not dynamic, and hard to compare across the organization.” This echoes the concerns that have been raised repeatedly about the limitations of traditional risk management methods, such as Risk & Control Self-Assessment (RCSA) and the Advanced Measurement Approach (AMA), which we’ve discussed in previous articles.

The Limitations of Current Approaches

The report identified several key limitations in the way operational risks are currently managed:

  1. Backward-Looking Information: Much of the risk data used by banks is based on historical loss events. While this information can provide valuable insights, it is inherently backward-looking and does not offer a predictive view of future risks. This limits the ability of banks to anticipate and prepare for emerging threats.
  2. Lack of Depth: Operational risk management information was often described as shallow, meaning that it lacked the detail and nuance needed to fully understand the complexities of the risks involved. This can lead to oversimplified assessments and inadequate risk mitigation strategies.
  3. Static and Inflexible: Many of the risk management tools and frameworks in use are static, meaning they do not adapt well to changes in the risk environment. This lack of dynamism makes it difficult for banks to respond to new risks as they arise.
  4. Poor Comparability: The report also highlighted the challenge of comparing risk data across different parts of an organization. This lack of comparability can make it difficult for senior management and regulators to get a clear picture of the overall risk profile and to make informed decisions about risk management strategies.

These limitations have significant implications for the banking sector. In an industry where the risk landscape is constantly evolving, relying on backward-looking, shallow, and static information can leave institutions vulnerable to unexpected losses and crises.

The Call for a Paradigm Shift

The findings of the McKinsey & Co. and ORX report underscore the need for a fundamental shift in how operational risks are managed. As the report suggests, what is needed is “information that is regularly available, comprehensive, comparable, action-oriented, and forward-looking.”

This call for a paradigm shift aligns closely with the principles of risk accounting. As we’ve discussed throughout this series, risk accounting offers a way to move beyond the limitations of traditional risk management methods by providing a more comprehensive, standardized, and forward-looking approach.

How Risk Accounting Can Address These Challenges

Risk accounting addresses the critical gaps identified in the McKinsey & Co. and ORX report by offering several key advantages:

  1. Forward-Looking Risk Assessment: Risk accounting integrates forward-looking risk measures into financial statements, providing a predictive view of future risks. This helps banks anticipate and prepare for emerging threats, rather than relying solely on historical loss data.
  2. Increased Depth and Detail: Risk accounting provides a more nuanced and detailed assessment of risks by quantifying them in financial terms. This allows for a deeper understanding of the complexities involved and supports more effective risk mitigation strategies.
  3. Dynamic and Adaptable: Risk accounting is designed to be dynamic and adaptable, allowing it to respond to changes in the risk environment. This flexibility ensures that risk management practices remain relevant and effective in a constantly evolving landscape.
  4. Standardized and Comparable Data: By providing a standardized method for quantifying and reporting risks, risk accounting enhances comparability across different parts of an organization. This makes it easier for senior management and regulators to get a clear and consistent view of the overall risk profile.

A Brief Introduction to Risk Accounting

Risk accounting is an innovative approach that combines traditional accounting practices with advanced risk management techniques. It involves identifying, quantifying, and aggregating risks across an organization and integrating these risk measures into financial statements. This provides a more comprehensive and transparent view of a company’s financial health, enabling better decision-making and more effective risk management.

Conclusion

The McKinsey & Co. and ORX report highlighted significant gaps in the current state of operational risk management, emphasizing the need for a more forward-looking, comprehensive, and adaptable approach. Risk accounting offers a viable solution to these challenges by providing a standardized, detailed, and dynamic method for managing risks.

As we continue this series, we’ll explore how risk accounting can be applied to address other critical issues in the financial industry. For those interested in learning more about risk accounting, additional resources are available to help deepen your understanding of this critical innovation.

More Articles in the Series