In the first post of this trilogy, we outlined the types of risk that financial firms can face, and the areas where they might arise. Now we’re moving on to explore how you should identify and measure the risks facing your organisation.
At a broad level, you need to take the risks in turn, and consider for each one how likely it is to occur, how severe the consequences would be and the overall impact on your organisation.
By doing that, you make it easier for your team to ‘see the wood for the trees’ and prioritise the most important areas for change, so their efforts go where they’ll have the most effect.
The seven stages of risk assessment
Let’s dig a little deeper and consider the seven stages of risk assessment in more detail.
- Front to back risk assessments. Look at your technology functionality, trade processing, data stores, data integration and analytics platforms. How good are you at processing, reporting and obtaining insights?
- Technology maturity. Conduct a ‘health check’ on your investment technology portfolio. How could you strengthen the ecosystem to improve your productivity unit cost ratio and usage?
- Technology and operations capability. How well are you performing in technology delivery and operations? Do your capabilities support transformation and new ways of working?
- Operational readiness. Use benchmarking, diagnostics and portfolio data to analyse your firm’s technology operating model. Are you ready for transformation and adopting new tech?
- Service taxonomy. Analyse the risks in structural, qualitative and validation terms to develop statements of common problem areas.
- Productivity measurement. Gauge the performance of trading, allocation and optimising operational costs.
- Simplify. Review the investment operating model so you can simplify and compress asset-class trading functions and technology operating processes.
Making sense of the data
Once you’ve followed the process described above, you’ll be left with a mass of raw data. The next step is to collate and coordinate that data into a report that sets out the relative nature of the risks you are facing, along with their impacts, in a risk matrix.
With the information in a usable format, we (or you) can then begin to prioritise where to take action, and create mitigations for each risk.
These mitigations could be either retroactive or proactive. Retroactive mitigations are only needed should a risk have a real impact on your operations. Proactive mitigations, meanwhile, are those you put in place to prevent the impacts occurring at all.
These mitigating actions can result in significant internal change to processes and systems, and therefore people’s roles and responsibilities too.
All the stages of the process are shown in the diagram below.
Once you’ve worked through these stages, you can move on to the topic of the third post in this trilogy, which looks at how to manage the most important risks.
To learn about this topic in more detail, download our free whitepaper A Risk Based Approach to Transforming Your Trading Operating Model.