Lean times ahead

Adopting a Lean Six Sigma approach to operational risk management enables financial institutions to realize improvements in cost, quality and speed, says Paul Stokes.

Risk management for financial services firms continues to increase in complexity. Regulatory requirements evolve, data volumes grow exponentially and stakeholders demand more value from the organization's risk program. As you review your risk management approach for ways to improve accuracy and timeliness, consider applying changes to your underlying methodology.

By adopting a Lean Six Sigma approach to operational risk management, financial services firms can realize improvements in cost, quality and speed. You're not throwing away the work you've done to date - rather, you're taking those efforts to the next level.

Both Lean and Six Sigma are performance management methodologies with their roots in manufacturing. Lean targets waste reduction in design, implementation and activity, while Six Sigma is a statistical approach to reducing variations in processes and quality.

When taken together, Lean Six Sigma aligns well as a services improvement approach.

Lean Six Sigma allows risk managers to perform value stream analyses on their assessment, analysis and reporting processes. Value stream analysis creates visual mapping of a service or product path from design through development to client delivery and support, and the maps identify risks, resources, activities and information. The activities are then defined according to whether they add value to the process or not.

Ask a simple question - is the client willing and prepared to pay for an activity? If yes, it's value-added, if no, you need to look at ways to minimize or remove that activity. By reducing the duplication of effort and other waste in your risk program, you will identify opportunities to better integrate the diverse risk, compliance and audit functions.

From a risk management perspective, the Lean Six Sigma philosophy builds upon some core elements of ERM. For example, the second pillar of the Basel II Accord requires a quantitative and qualitative review of not just the risks, but the risk monitoring processes themselves. Most organizations employ a control risk self-assessment approach for operational risk management, and link to historic loss data where necessary. Assessment results and losses then serve as the basis for scorecards and data modeling.

A common refrain is that for risk programs to be successful there must be both top-down and bottom-up input. The end-to-end process mapping resulting from the Lean Six Sigma analysis incorporates both approaches and leads to an additional benefit of this methodology - the ability to more accurately allocate capital.

Once your processes have been identified and mapped, the key risks within each process must be defined - in most circumstances, you will already have the risk information available, but it may require minor updates depending on how the process is defined. The next step is to establish the required scorecard. This will be an iterative process, requiring some calibration. Factors to consider upon the development of the scorecard include the size and frequency of a loss, benchmarks to external data, the timeliness of reporting and whether there were significant changes to the last reported position.

With calibrated scorecards, you can then apply the appropriate distributions regarding severity and frequency. Once you've established which simulation technique you'll be using, it becomes a matter of creating proper documentation and governance structures and implementing the Lean Six Sigma approach.

The Lean Six Sigma methodology requires your organization to have an appetite for improving your processes and a culture that embraces risk management. The rewards - better understanding of your key risks and how they impact your processes, clear measurement toward your risk and business goals and the ability to take capital from the corporate level and allocate it to a specific branch or even officer - are well worth the effort.

For more information please visit www.methodware.com.

Paul Stokes is the Managing Director of Methodware, a world-leading developer of governance, risk and compliance management software solutions with more than 1800 clients in over 80 countries.