An interview with Vivek Katyal, principal, Deloitte & Touche LLP, Risk Information Services (RIS) practice leader and Audit and Enterprise Risk Services (AERS) leader for Deloitte Analytics.

For virtually anyone working in the area of risk management, analytics isn't new. Risk professionals have been using analytics tools for years. But many have noted a resurgence of interest in the application of analytics to risk management challenges, and with good reason. There is a renaissance in analytics technology underway today, and it arrives just as the issue of risk takes on an even higher profile for leaders across industries. 

It can be challenging to separate the hype from the reality when it comes to analytics and risk management. In this issue of Risk Angles, Vivek Katyal answers five questions risk leaders frequently ask today about how best to apply an analytics approach to the job of risk management.  

Then Mark Carey, partner, Deloitte & Touche LLP and leader of the U.S. Governance and Risk Strategies services for commercial and public sector industries within Audit and Enterprise Risk Services (AERS), lends his perspective on the use of risk modeling.

How do you measure and quantify risk?

Vivek Katyal's take: There is no exact science for measuring risk. But with analytics, you can build measurement parameters that can help you establish and examine likely risk scenarios. From there, it's easier to understand the potential impact of a risk – and start planning around it. 

Along the way, analytics can help establish a baseline of data for measuring risk across the organization by pulling together many strands of risk into one unified system.
 
Haven't we been using analytics for years?  Is there anything new here?

Vivek Katyal's take: Yes, you probably have been using analytics – or some version of it – for years. On the most fundamental level, it's the same. But when it comes to the level of sophistication, there's a world of difference. Historically, analytics has been synonymous with business Intelligence – knowing the facts and reporting past and current performance. But today risk analytics is more focused on data exploration, segmentation, statistical clustering, predictive modeling, and event simulation and scenario analysis.
 
Isn't analytics already built into the Enterprise Risk Management (ERM) function? 

Vivek Katyal's take: Having a dedicated ERM team is a huge asset that can provide a good foundation for managing risk. But in many organizations, the ERM function frequently operates as a standalone unit. These days, senior management and leadership not only require business-wide visibility into the potential risks to their business strategy, but also the ability to use structured and unstructured data to better understand the potential impact of a range of risks. By embedding analytics into the ERM delivery approach, they can monitor performance through risk sensitivity analysis, model key risk events scenarios, and become more Risk Intelligent in developing intervention and mitigation strategies.
 
Can analytics help with financial statements and reporting

Vivek Katyal's take: There's a lot of natural overlap between analytics and financial reporting, and as a result they tend to feed one another. For example, analytics can offer insights into the characteristics and posting of journal entries, eventually helping identify inappropriate accounting, control overrides, or inefficient processes. Rules and controls aren't the only areas that stand to benefit. Statistical methods can help define a transaction profile that detects new fraud schemes while limiting the follow-up resulting from false detections. When it comes to enhancing the accuracy and quality of forecasts and improving reporting mechanisms, analytics can offer a significant boost.
 
What role can analytics play in meeting regulatory requirements?

Vivek Katyal's take: Regulators continue to question the integrity and timeliness of data being reported to them. In the current environment, market pressures for better risk-adjusted performance present a strong case for the use of analytics in risk management. Regulatory demands such as stress testing, systemic risk – Dodd Frank, living wills, and food & product safety require analytics driven approach. An analytics-driven approach can be used to measure the risk characteristics of each business line and product, as well as define common metrics for measuring enterprise-wide, risk-adjusted performance and risk profile.
 
A closer look: Risk modeling

Mark Carey, partner, Deloitte & Touche LLP and leader of the U.S. Governance and Risk Strategies services for commercial and public sector industries within Audit and Enterprise Risk Services (AERS)

What happens when you don't have enough data to analyze? In risk management, the ability to anticipate and avoid risks, as well as take smart risks to drive value, is no small matter. But of course we don't always enjoy the luxury of having relevant data to understand future events. In these situations, is there really a role for analytics to play?

Traditional analytics can be instrumental when it comes to better understanding past events or risks that occur with a high degree of frequency. But for forward-looking "what-if" scenarios and strategic risks, modeling is a related approach that can deliver valuable insights. What's the difference between risk analytics and risk modeling? The type of data they use. Risk modeling organizes bits and pieces of information drawn from a wide range of similar scenarios that have already played out to assemble a big-picture view of scenarios that are likely to occur in the future. That can be particularly helpful when weighing strategy-level risks that may shape your future. The more abstract the risks, the more modeling may be of use.

Modeling can also be a good option when an organization is grappling with massive complexity. In a large company with many different types of businesses, even if you have data on each line of business, the task of assembling and using that data to better understand risk may be virtually impossible. For large, complex systems, risk modeling may offer a more direct path to the insights needed to make smarter decisions.

Risk modeling shouldn't be considered a replacement for risk analytics. View it instead as another tool in the analytical arsenal – one that is best used when you need to make more informed decisions on forward-looking issues of strategic importance, but don't have traditional data sources to draw from.

Full report:

www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/IMOs/Governance%20and%20Risk%20Management/us_grm_riskangle5_053012.pdf