Risk Management in Finance Six Sigma and Other Next-Generation Techniques ANTHONY TARANTINO DEBORAH CERNAUSKAS John Wiley & Sons, Inc Risk Management in Finance Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States With offices in North America, Europe, Australia, and Asia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers’ professional and personal knowledge and understanding The Wiley Finance series contains books written specifically for finance and investment professionals as well as sophisticated individual investors and their financial advisors Book topics range from portfolio management to e-commerce, risk management, financial engineering, valuation, and financial instrument analysis, as well as much more For a list of available titles, please visit our Web site at www.WileyFinance.com Risk Management in Finance Six Sigma and Other Next-Generation Techniques ANTHONY TARANTINO DEBORAH CERNAUSKAS John Wiley & Sons, Inc Copyright C 2009 by John Wiley & Sons, Inc All rights reserved Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on the web at www.copyright.com Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, or online at http://www.wiley.com/go/permissions Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives or written sales materials The advice and strategies contained herein may not be suitable for your situation You should consult with a professional where appropriate Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800-762-2974, outside the United States at 317-572-3993 or fax 317-572-4002 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books For more information about Wiley products, visit our Web site at http://www.wiley.com Library of Congress Cataloging-in-Publication Data: Tarantino, Anthony, 1949– Risk management in finance : six sigma and other next generation techniques / Anthony Tarantino, Deb Cernauskas p cm Includes bibliographical references and index ISBN 978-0-470-41346-3 (cloth) Financial risk management I Cernauskas, Deb, 1956– II Title HG173.T346 2009 658.15 5–dc22 2008052035 Printed in the United States of America 10 To Winkey, Peapod, and SanSan —A.T To Mom for her continued support —D.C Contents Preface xv Acknowledgments xix About the Contributors xxi CHAPTER Introduction Organization of This Book Why Read This Book? Note CHAPTER Data Governance in Financial Risk Management Introduction Data Governance Center of Excellence Data Governance Assessment Data Governance Maturity Model Best Practices in Data Governance Conclusion: Next-Generation Techniques to Reduce Data Governance Risk Notes CHAPTER Information Risk and Data Quality Management Introduction Organizational Risk, Business Impacts, and Data Quality Examples Data Quality Expectations Mapping Business Policies to Data Rules Data Quality Inspection, Control, and Oversight: Operational Data Governance Managing Information Risk via a Data Quality Scorecard Summary Notes 4 5 8 10 12 13 15 15 15 17 19 21 21 22 24 24 vii The Root Cause of the Global Financial Crisis 313 A Viable Supplement to the COSO Framework—Risk Quantification and Scoring There is a means to supplement COSO that will provide a much improved framework over internal controls and by extension improved risk management Using even a simple system of risk quantification and rationalization along with improved risk management oversight would have at least given subprime mortgages, mortgagebacked securities, and credit default swaps a great deal more exposure at the board, management, and auditor level It may not have prevented the crisis, but could have reduced its impact Using the three criteria mentioned above, such a system of risk quantification and ranking could work like this: All risks, both internal and external, are ranked by three criteria: financial severity, likelihood of occurring, and ability to detect (other criteria may be added or substituted to fit an organization’s environment) Assign a numerical value (e.g., to 10) to the three criteria for each risk Add the three criteria together List the risks in their descending risk score Focus the greatest attention on those items with the highest risk scores In the large majority of environments, Pareto’s 80/20 rule will apply in which less than 20 percent of items (those with the highest risk scores) will represent over 80 percent of the risks an organization faces Historically, accountants informally applied a five percent rule in which balance sheet items that represented less than five percent of total value were not an area of focus Such a commonsense approach using our risk scoring will allow organizations to focus on the very significant few items that represent the great majority of risks they face Such a system would benefit from establishing and publishing industryspecific risk frameworks In any case, organizations’ own ranking should be subject to review by auditors, regulators, and rating agencies In order to be viable, this system would need to be incorporated at the management and board levels and would supplement the COSO framework With the movement toward the IFRS as the global accounting standard, there is a need for a much-improved global auditing and risk framework Ideally, a new risk framework would incorporate Six Sigma Once an organization has prioritized its risk items, Six Sigma black belts would be ideal to lead the projects to attack the most dangerous risks Their proven problem-solving and project management techniques will be invaluable in the process Summary In summary, for every process, there is typically some associated risk that requires an internal control For processes that impact financial reporting, internal controls are subject to financial audits that evaluate their effectiveness The COSO framework is heavily auditor biased and needs to be supplemented with a riskbased framework created and facilitated by risk experts Auditors have a critical role in establishing the rules for the audit and conducting audits that will restore the confidence of investors and other stakeholders, but a new framework and disclosure process that evaluates and exposes the most significant risks an organization faces is essential 314 RISK MANAGEMENT IN FINANCE Provide Risk Transparency Reporting All publicly held companies must periodically report their financial results Financial statements consist of four elements: a balance sheet, income statement, statement of retained earnings, and statement of cash flow Together, they provide a comprehensive snapshot of the short-term and long-term financial position of a company, but little to provide transparency to the short-term and long-term risk exposure During the global financial crisis, major financial services companies failed after submitting financial results attesting to their financial well-being This occurred under the most rigorous U.S and EU reporting requirements, with many of the EU firms also following increased capital and internal control requirements of the Basel II capital accords While financial reporting is extremely complex, risk reporting can be very simple It would include a descending list of the highest risk exposure to an organization with a rationalization for the assessment and the mitigants to the risk that are in place and/or planned The Basel Committee has established a viable hierarchical categorization for operational risk In order to compare risk self-assessments from one organization to another, it would be helpful to apply the Basel categories and subcategories With the coming of extensible business reporting language (XBRL), and using the Basel categories, it will be possible to easily compare peer organizations within industry sectors Comparing the risk assessments will at least provide insights into the risk thinking of an organization It will be valuable to compare peer organizations and look for similarities and differences in their assessments Weaker organizations can benchmark their risk assessments against the industry leaders But, history provides warnings that industry consistency in risk assessments is no guarantee of success In the 1960s, the three big U.S automobile makers believed their primary risks came from their U.S competitors The real threat came from Japan, with its superior quality and manufacturing efficiencies This only became clear to them decades later Reform Executive Succession and Compensation Background Rakesh Khurana, a Harvard Business School professor, in his 2002 book Searching for a Corporate Savior: The Irrational Quest for Charismatic CEOs, describes the U.S change from owner-based, to managerial, to investor-driven capitalism that has occurred over the last 100 years and fundamentally chained the risk appetite of corporate America.25 In the early twentieth century, business owners were compelled to delegate control to professional managers as they sold a growing portion of their companies to shareholders and investors to finance their continuing growth Managerial capitalism proved very successful with its highly trained and experienced managers until the early 1970s, when corporate profits and U.S competitiveness declined Historically, investors had little control over corporations in which they invested In the mid-1980s, investors—especially large institutional investors—became more vocal in their demands on boards and executives to improve corporate performance As a result of the increased pressure, U.S CEOs were three times more likely to be dismissed after 1990 than before 1980.26 Corporate directors came to believe that they could exert greater control over external CEO candidates than internal candidates, and viewed external candidates The Root Cause of the Global Financial Crisis 315 as a means to satisfy investors, analysts, and the business media This could be best accomplished by hiring a marquee name as a charismatic savior of the organization The rise of investor-based capitalism and frustration with the lackluster performance of incumbent corporate management laid the foundation for what has come to be known as a charismatic or imperial CEO The traditional organizational man was replaced with a celebrity who demanded celebrity levels of compensation Executive salaries soared in this market because boards, investors, analysts, and the business media all mistakenly believed that such a great leader could cure any and all corporate woes This had two negative consequences beyond higher executive salaries First, the new CEO was under inordinate pressure to perform miracles This led to their taking on extraordinary risks, which sometimes resulted in major losses up to and including the demise of the organization Second, this undermined the need to develop strong subordinate executives who could succeed the CEO and therefore would strive to improve corporate performance Executive compensation increases have been dramatic In 1965, CEOs and CFOs were paid 20 times more than the average worker The gap in 2007 is now over 300 times and averages $10.5 million for CEOs in the S&P 500.27,28 The gap in the United States is much larger than in the rest of the world, with U.S executives making twice as much as their German, French, and British counterparts and four times as much as their Korean and Japanese counterparts.29 A basic philosophy in business management is succession planning Many organizations require incumbents to identify and train their potential replacements Such measures improve performance and help assure continuity when incumbents leave their positions By relying on external candidates only, boards have undermined the performance of their own management and raised executive compensation to levels unacceptable to virtually everyone except the executives receiving it The level of executive compensation is the most criticized element of this problem, but it is the nature of the compensation that presents the greatest risks to an organization Before the 1980s, most executive compensation was primarily fixed and in cash The culture of charismatic CEOs flipped this ratio so that variable is now the large majority of executive compensation and usually share-based The share-based nature of the variable compensation is an issue because it is often based on increases in the company’s share prices either through stock options or restricted stock, which creates major incentives for executives to take extraordinary measures to jack up share prices This can lead executives to make short-term measures at the expense of the long-term growth of the organization In the worst situations, a temporary price increase is generated by manipulation and accounting games in order for executives to exercise options The global financial crisis has created very heated public and official outcries against excess executive compensation, especially multimillion-dollar severance packages given to failed executives who led their firms to catastrophic losses As we noted earlier, executive compensation is a symptom of the charismatic CEO culture, which has resulted in much greater risk taking Here are some recommendations to reform executive succession and compensation Recruit Chief Executives from Within the Organization Reform needs to start with boards accepting that one person, no matter how famous a personality, is not a substitute for a strong management team A strong management team must be 316 RISK MANAGEMENT IN FINANCE composed of at least some members who are capable of ascending to the CEO and CFO positions This change in philosophy will have the benefit of creating greater incentives for senior managers to excel to prove their viability for promotion Internal candidates can be much more thoroughly vetted than external candidates, who are often selected through an imprecise and hurried process based on anectdotal information The argument that only a charismatic external candidate can fix the major issues an organization faces is a simplistic and emotional response to very complex problems that require the efforts of several key executives, senior managers, and supervisors to solve Without strong internal candidates, organizations may suffer from lower energy levels, initiative, and innovation There were valid issues of inept and caretaker management that plagued the United States in the 1970s and 1980s and led boards to look outside the organization for salvation For the most part, these issues have been resolved by the demands of the global economy and more demanding institutional investors If they have not been resolved, boards have failed in their mission While hiring an external charismatic CEO may result in a boost in the company stock, this will tend not to last without fundamental improvements A better investment is for corporate boards to upgrade the senior executive staff to prevent the types of crises that compel boards to go outside the organization for its leadership Change the Nature of Executive Compensation As mentioned earlier, traditionally executives received the bulk of their compensation in cash, with a smaller portion coming in bonuses This has changed in the past 20 years, with more and more compensation tied to share-based compensation Executives should be rewarded for performance, with the majority of their compensation in cash and a minority tied to longer-term incentives This can bring more stability to organizations and reduce excessive risk taking without sacrificing long-term growth Pressure from analysts, the business media, and proactive institutional investors will tend to keep executives very focused and motivated to perform Boards can always remove executives who fail to live up to expectations Stock options are not a viable option in most cases in that they are often tied to short-term incentives The argument that options are the best means to align the interests of shareholders and executives is flawed and reflects the day-trader mentality of many investors and analysts Executives have many vehicles to artificially jack up stock prices to maximize their option rewards These activities may be detrimental to the long-term well-being of the organization The United Kingdom has been a leader in the movement away from stock options and other share-based compensation to long-term incentive plans (LTIPs) LTIPs are a reward system designed to improve the long-term performance of executives and employees by providing rewards that may not be tied to the organization’s share price Like stock options, clever executives can and have manipulated LTIPs to work in their favor Trevor Buck, Alistair Bruce, Brian G M Main, and Henry Udueni describe the LTIP manipulation practices in the United Kingdom: “While increasing average total rewards, the presence of LTIPs is actually associated with reductions in the sensitivity of executives’ total rewards to shareholder return.” They argue that this raises doubts as to their effectiveness.30 The best defense against manipulation may be to tie compensation to metrics that are measured and averaged over three or more years and to use accepted best The Root Cause of the Global Financial Crisis 317 practices in LTIPs, which we describe in the next section This helps avoid practices that artificially inflate share prices and ultimately undermine the long-term well-being of the organization Apply Best Practices in Executive Succession and Compensation Matsumura and Shin, two professors at the University of Wisconsin–Madison, provide a list of six best practices that should be applicable to any organization seeking to improve its executive compensation practices We eliminated one, which calls for CEOs to increase their equity in the firm, and replaced it with the recommendation against share-based compensation We also add one requesting accounting standard bodies to create best practices for LTIPs.31 Executive compensation needs to be aligned with the long-term interests of shareholders and with corporate goals and strategies Long-term is the critical term here to avoid the types of dramatic actions to artificially boost stocks, only to see them decline again when the poor risk management of such actions is realized As such, executives need to be measured to performance-based metrics that tie to long-term shareholder value, which is balanced against the potential risks An independent compensation committee needs to determine the compensation of the top executives Independent means it is composed of independent directors only As we argued earlier, this will work best when the CEO is not also the CoB This prevents the obvious pressure that would fall on even independent directors Compensation committees need to thoroughly understand the total costs of the compensation packages they are considering This requires accounting support to project the total costs of retirements, severances, travel, and various long-term benefits For many executives, these costs can run into the millions of dollars The poor performance of U.S compensation committees is now common knowledge In the past, many of them naively believed that stock options were virtually free Under revised international accounting rules (IFRS), options are now expensed and can have a major impact on company earnings while diluting the value of company shares This was demonstrated when many U.S firms had to restate earnings as a result of the stock option back-dating scandal of the past five years Compensation committees need the services of nonbiased, independent, and experienced advisers to guide them in selecting and modifying compensation packages Some compensation committees have foolishly relied on external consultants who were retained at the behest of incoming CEOs to justify inflated salaries Typically, they would point to other inflated executive compensation packages for externally recruited and charismatic CEOs to justify their recommendations Hopefully, the global financial crisis will make compensation committees more leery of taking such actions, but recruiting internal candidates and preventing CEOs from ascending to the CoB may be the best means to break this cycle Companies need to provide complete compensation transparency The United States and many EU nations now require more disclosure as to executive compensation Unfortunately, the disclosure does not always provide transparency to the true costs of a wide variety of benefits and perks Regardless of the regulations, shareholders deserve full disclosure in an understandable format of the 318 RISK MANAGEMENT IN FINANCE compensation of the top executives The failure of the current U.S regulations can be seen in the huge public outcries over the severance packages given to terminated executives of the major financial service organizations The disclosure rules did not provide significant insights into the costs of golden parachutes that ran up to $100 million Accounting standard bodies need to publish guidelines as to LTIPs This will help to eliminate manipulation by executives, allow compensation committees to avoid the mistakes of the past, and facilitate tax and financial reporting When used prudently, LTIPs may be the best means to align shareholder interests with incentives to company executives Selecting from a list of approved LTIPs should help to validate the process Companies need to avoid stock options and other share-based compensation plans In the Governance, Risk, and Compliance Handbook, we dedicated a chapter to the dangers of stock options and argue that there are better means to reward executives Even if all the abuses around back-dating and hiding expenses are resolved, it is still a bad idea that measures employees to a metric over which they have little control Executives, who can influence share prices, face too many temptations to manipulate events to maximize their option exercise price levels The IFRS requirement to expense options will end one major abuse, but does not change their inherent problems Create and Publish a Corporate Governance Scorecard There is truth in the old adage “that which is measured improves.” We have listed areas in which risk management can be improved A scorecard will provide an easy means to measure an organization’s progress in improving its corporate governance around risk management In our Governance, Risk, and Compliance Handbook, we call for a voluntary approach to SOX section 404, which covers internal controls that impact financial reporting This includes a scorecard for those that opt in to the program Organizations would be given a grade based on number of material weaknesses and financial restatements they receive A similar program can work for risk management Most of these proposed reform areas can be given a simple pass/fail grade Historically, investors and other stakeholders have relied on rating agencies for such indices, but the process has many flaws, which are now becoming abundantly clear—financial institutions failed after receiving very high ratings Most of the recommendations are easily monitored and graded The risk management framework would require an organization to list its descending list of high-risk items and its programs to mitigate these risks Even if these reforms are embraced, it will be years before they become statutorily mandated in whole or in part Therefore, a scorecard for publicly listed organizations will be essential to provide the marketplace with the visibility it needs to make more rational investment decisions CONCLUSION The global financial crisis can provide very painful lessons learned to move America forward and the potential for the best of all worlds—fewer and less severe scandals, higher growth, and greater stability The Root Cause of the Global Financial Crisis 319 Root cause analysis typically comes with recommendations for permanent corrective actions The permanent corrective actions we make here are very attainable with improved government and corporate leadership Most of our recommendations have been proven within the United States or elsewhere—by America’s major trading partners The alternatives are very unattractive Doing nothing virtually assures we will continue to suffer wave after wave of increasingly destructive scandals and crises This will make the United States and other laggards less likely to attract global capital as other regions enjoy higher growth, improved corporate governance, and fewer marquee scandals Creating additional but tactical regulations as occurred during previous scandals will invoke the specter Einstein used to define stupidity: doing the same thing over and over again and expecting a different result In this case, targeted regulatory action will help end abuses behind subprime, but could create other negative consequences, and little to prevent the next crisis It will take a holistic approach with systemic reforms, such as the ones recommended here, to break the cycle we have fallen into—boom to bust to scandal to overreactions in regulations and litigation At the end of the day, capital will flow to markets that best balance growth with creditability and accountability These reforms will never completely break the age-old and vicious cycle in which periods of laisles-faire activity with inadequate oversight leads to scandals, and scandals in turn lead to regulatory action Unfortunately, the pendulum tends to swing too far in each direction—under regulation permitting scandals and crises to flourish to overregulation which stifles growth With much higher growth rates in emerging economies and the relative stability and security of the EU, the United States can no longer afford these wide swings between under regulation and overregulation For the United States to remain competitive in global markets, its goal should be to mitigate these destructive cycles in such a way that reforms are less reactionary and less burdensome, especially to entrepreneurship; in such a way that improved corporate governance better balances opportunities with risk and common decency; and in such a way to prevent the human and economic misery that comes with major crises NOTES Abigail Moses and Yalman Onaran, “Financial Firms Face $600 Billion of Losses, UBS Says.” Bloomberg.com, February 29, 2008; www.bloomberg.com/apps/news?pid= 20601085&sid=anDZQ703DEn4&refer=europe Carrick Mollenkamp and Mark Whitehouse, “Banks Fear a Deepening of Turmoil.” Wall Street Journal (March 17, 2008): 1, 12 Robert Winnett, “Effort to Halt Financial Crisis Costs Governments Two Trillion Pounds.” Telegraph.com.uk, October 15, 2008; www.telegraph.co.uk/news/3198470/ Effort-to-halt-financial-crisis-costs-governments-two-trillion-pounds.html Anthony Tarantino, Governance, Risk, and Compliance Handbook (Hoboken, NJ: John Wiley & Sons, 2008): 13–15 Ibid., p 919 Wikipedia, “The United States Housing Bubble.” http://en.wikipedia.org/wiki/United States housing bubble Hriskikesh D Vinod, “Fraud and Corruption,” in Tarantino, 2008, p 121 320 RISK MANAGEMENT IN FINANCE Ibid., p 121 David A Carter, Betty J Simkins, and Gary W Simpson, “Corporate Governance, Board Diversity, and Firm Value.” Financial Review (February 1, 2003) 10 Jay Dahya, “One Man, Two Hats—What’s All the Commotion.” City University of New York, CUNY Baruch College, Zicklin School of Business, August 2005; http://papers ssrn.com/sol3/papers.cfm?abstract id=853006 11 Maria Carapeto, Meziane A Lasfer, and Katerina Machera, “Does Duality Destroy Value?” Cass Business School, City University, London, January 12, 2005; http://papers ssrn.com/sol3/papers.cfm?abstract id=686707 12 Ibid 13 Kay Brancato, Matteo Tonello, and Ellen Hexter, “The Role of the U.S Corporate Board of Directors in Enterprise Risk Management.” The Conference Board, Report No 1390, June 6, 2006 14 Ibid 15 Ibid 16 Ibid 17 See note 18 Ibid 19 Randolph Schmid, “Male Hormone Linked to Irrational Risk Taking.” San Francisco Chronicle, April 15, 2008, p D2 20 Judy B Rosener, “Women on Corporate Boards Make Good Business Sense.” Womens Media.com, May 2003; www.womensmedia.com/new/Rosener-corporate-boardwomen.shtml 21 See note 22 See Anthony Tarantino, The Managers Guide to Compliance (Hoboken, NJ: John Wiley & Sons, 2006), 147–152 23 Tim Leech, “COSO—Is It Fit for Purpose?” In Anthony Tarantino, 2008, p 75 24 For a detailed evaluation of the shortcomings in the COSO framework, see Tim Leech, 2008, pp 65–75 25 Rakesh Khurana, Searching for a Corporate Savior: The Irrational Quest for Charismatic CEOs (Princeton, NJ: Princeton University Press, 2002) 26 Ibid., pp 59–60 27 Albert R Hunt, “Letter From Washington: As U.S rich-poor gap grows, so does public outcry,” Bloomberg News, February 18, 2007 28 Heather Landy, “Behind the Big Paydays.” Washington Post, November 15, 2008 29 See note 27 30 Trevor Buck, Alistair Bruce, Brian G M Main, and Henry Udueni, “Long Term Incentive Plans, Executive Pay and UK Company Performance,” Journal of Management Studies, 40(7), September 26, 2003, pp 1709–1727, www3.interscience.wiley.com/ journal/118870450/abstract?CRETRY=1&SRETRY=0 31 Ella Mae Matsumura and Jae Yong Shin, “Corporate Governance Reform and CEO Compensation: Intended and Unintended Consequences.” Department of Accounting and Information Systems, School of Business University of Wisconsin–Madison, January 31, 2005 Index 4P model, 30, 31, 34 A Acid Rain Program, 214, 217 Advanced Measurement Approach (AMA), 99, 107, 108, 234, 235, 236, 255 Agent-based modeling, 113 Ahold scandal, 300 All First Bank, 289 Analytics future technologies, 165 information, 153, 156, 164 methods, 178 predictive, 171, 172, 173, 180 social media, 153, 155, 156 text, 160, 164 Annotation (annotators), 156, 160, 161, 162, 163, 164, 165 Anti-Kickback Statute, 18, 19 AQR Capital Management, 107 Arthur Andersen, 95, 99, 301 Association of Certified Fraud Examiners, 18 ASX 10 Principles of Board Governance, 307 Audit Standard Number, 5, 142 Automated Filtering and Detection of Anomalies (DAPR), 284 Aviation Safety Reporting System, 112 B Bace, John, 193, 195, 196 Back-Test, 293 Bank for International Settlements (BIS), 1, 54, 233, 255, 288 Bank of America, 28, 283 Bank Secrecy Act, 16 Barings PLC, 104 Basel II, 1, 16, 25, 54, 58–59, 95, 99, 103–108, 115–116, 219, 233–239, 242, 254–255, 288, 301, 304, 314 Pillar One, 233 Pillar Three, 233, 255 Basel Committee on Banking Supervision (BCBS), 103, 111, 116, 233, 234, 255, 288 Basic Indicator Approach (BIA), 237 Bayesian Networks, 3, 111, 143–145, 147, 148–151, 168, 177, 179 BCBS See Basel Committee on Banking Supervision Bear Stearns, 28, 234 Berendt, Adrian, 273, 282 Beta Neutral Portfolio Strategy, 126 Black swans, 282 Board of directors, 43 BPM technology, 142 Breyfogle III, Forest W., 139, 142 Bristol-Myers, 191 Brown, Aaron 107 Business activity monitoring, 175 Business combinations, 99 Business process management, 3, 11, 111–112, 131–142 Business process modeling, 111, 120, 131 C Cadbury Code, 70 Capacity constraints in production, 266 Capital value at risk, 239 Case law AAB Joint Venture, 190, 192 Afros, SpA v Krauss-Maffei Corporation, 192 Alcon International Limited v S A Day Manufacturing Company, 192 321 322 Case law (Continued ) Columbia Pictures v Justin Bunnell, 193 Echostar v The EEOC, 190 EEOC v Target Corporation, 191 Hagemeyer v Gateway Data Services, 191 Mcpeek v Ashcroft, 191 Reino De Espana ˜ v Am Bureau of Shipping, 193 Rowe Entertainment, Inc v William, 189 Sallis v University of Minnesota, 191 Strauss v Credit Lyonnais, S.A, 193 Veeco Instruments, Inc Securities Litigation, 190 Zubulake v UBS Warburg LLC, 189, 190 Case study Ameriprise Financial, 136 Coato, 210 Global commodities firm, 278 LATCO, 83, 84, 85 LMP Company, 79, 80, 81, 82 Puelte Mortgage, 136 Segregation of duties, 223 Causal factors, 241 Cause-and-effect analysis, 33, 147 Chairman of the Board (CoB), 59, 84, 303 Charles Schwab, 29 Chief Executive Officer (CEO), 35, 59, 70–71, 83–84, 94, 195, 303–309, 314–317 Chief Financial Officer (CFO), 38, 70, 226, 308, 316 Chief Operating Officer (COO), 38, 70 Chief Risk Officer (CRO), 132, 308 China, 61, 63, 64, 65, 67, 68, 69, 71, 73, 168, 300, 312 new Basic Standard for Enterprise Internal Control (China SOX), 69 scandals, 64 China Banking Regulatory Commission, 69 China Insurance Regulatory Commission, 69 China Ministry of Finance, 69 INDEX China Securities Regulatory Commission, 69 Chi-Square test, 163 Circle of trust, 197–202 Citigroup, 75, 94, 255, 306 Clawbacks, 190 Clean Air Act Amendments, 214 COBIT, 8, 41, 44, 45, 47, 48, 49, 51 Collateralized debt obligation, 234 Combined Code, UK, 304 Commentarii, Commodity coding tools, 11, 12, 91, 278 Community-Generated Media (CGM), 154–157, 164 Complex event processing, 175 Computer numerical control, 289 Condense interval, 239 Conference board, 308, 310 Constraint Management, Five Focusing Steps, 258, 262, 272 Corporate board diversity, 309 Corruption, 63, 67, 71, 76, 78, 301, 303 COSO, 45, 48–50, 56, 62, 90, 304, 310–313 Countrywide, 28 Credit default swaps, 290 Credit risk, 16, 18, 23, 53, 81, 103–106, 236–237, 240, 242, 246, 290 Credit Suisse, 234 Cross-enterprise predictive models, 250 Cross-enterprise risk management, 244 Customer Relationship Management (CRM), 29 D Data attribute, 21 Data control, 21 Data governance center of excellence, 6–7 Data governance maturity model, Data mining, 153, 155, 157, 177 Data quality scorecard, 22, 24 Data quality tools, 11, 12 Data ambient, 186 backup, 186 counterparty, 18 credit risk, 18 Index disparate, 193 distributed, 186 flawed, 15, 19 high-quality, 15, 294 legacy, 186 migrated, 186 personal, 21 source, 178 structured, 154 system, 186 unstructured, 154, 177 Data-driven analysis, 113 Data-driven decision, Decision trees, 177, 179 Defects per Million Opportunities (DPMO), 33, 34 Defects per Unit (DPU), 33, 34 Deloitte and Touche, 68, 74 Department of Defense Guidelines on Data Quality, 17 Detection of anomalies, 284 Diamond, Jared, 285 Discriminant analysis, 110 DMAIC, Six Sigma Methodology, 32, 33, 34, 44, 137, 139, 283, 290, 292 Dow Jones Industrial Average, 109, 306 Dynamic Anomaly and Pattern Response (DAPR), 282, 284, 288 E East Asian financial crisis, 300 Economic capital, 236, 237, 238, 240 models, 239 Eikington, Matt, 63 Electronic discovery, 184 Electronically Stored Information (ESI), 188–190, 194 Embedded predictive analytics, 3, 171, 173, 175, 177, 179, 181 Emission trading, 214, 217 Employment practices and workplace safety, Engineering Process Control (EPC), 3, 117–130 Enron scandal, 2, 62, 94, 95, 99, 206, 219, 299, 301, 303, 312 323 Enterprise Content Management (ECM), 5, 193 Enterprise Resource Planning (ERP), 221 Enterprise Risk Management (ERM), 15, 43, 45, 48–50, 99, 236, 241, 242, 244, 254, 308, 311 Enterprise Risk Unit (ERU), 240, 242–245, 249–254 Environmental best practices, Environmentally desirable changes, 204, 210 European Union, 61, 64, 67, 87–91, 100, 183, 192–193, 215, 217, 300–301, 310–314, 317, 319 EuroSox, 219 Event-driven architectures, 175 Executive compensation, 316 Executive succession, 314, 317 Expected losses, 238 External fraud, 1, 54 External loss data, 250 F Failure Mode and Effects Analysis (FMEA), 33, 34, 44, 113, 114 Fannie Mae, 115 Fault Tree Analysis (FTA), 147 Federal Deposit Insurance Corporation (FDIC), 28, 256 Federal Rules of Civil Procedure (FRCP), 184, 187–189 Rule 16(B), 188 Rule 26(B)(5)(B, 188 Rule 26(A)(1), 188 Rule 33, 188 Rule 34, 188 Rule 37, 189 Federation of Content, 11, 194 Financial Accounting Standards Board (FASB), 89, 95, 140 Financial Stability Forum, 95 First-Pass Yield (FPY), 33 Fishbone diagrams, 144, 147 Fitch (Rating Agency), 57 FMEA See Failure Mode and Effects Analysis Ford, Henry, 31, 34, 134, 295, 306, 307 324 Framework for Internal Control Systems in Banking Organizations, 103 Fraud, 188, 198, 219–220, 222–225, 229–238, 301–302, 312 Fraud, submaterial, 222 Freddie Mac, 115 Fulbright and Jaworski, 183 G Garside, Tom, 107 General Electric, 75 General Motors, 75 Generally Accepted Accounting Principles (GAAP), 62, 87–101 Genetic algorithms, 180 Gilbreth, Lillian, 133 Gilbreth, Frank, 133 Global financial crisis, 2, 299 Goldratt, Eliyahu, 257–261, 265, 270, 272 Governance, Risk, and Compliance Handbook, 73–74, 87, 93, 101, 318 Graham-Leach-Bliley Act, 17, 224 Great Depression, 67, 195, 272, 300 Greed, 81, 191, 201, 301, 303 H Health Insurance Portability and Accountability Act (HIPAA), 224 Holt, Graham, 91, 101 Hong Kong, 64, 68, 72, 89 Housing price bubble, HSBC, 299 HTML, Hussey and Ong, 88, 101 I IBM, 10, 51, 61, 73, 125, 129, 153, 168, 272 India, 61, 63–64, 67–68, 70, 73–74, 89 Clause, 49, 70 Indonesia, 62, 64, 67, 71 Information analytics, 3, 153, 156, 164 Information discovery, 177 Information Technology Infrastructure Library (ITIL), 8, 41, 45, 47, 48, 49, 51 INDEX Information technology risk, Institute of Management Accountants (IMA), 312 Internal audit, 7, 111, 220, 309 Internal fraud, 1, 54, 105 Internal loss data, 250–251 Internal loss event, 251 International Accounting Standard (IAS) IAS 2, Inventories, 88 IAS 10, Events after Balance Sheet, 88 IAS 11, Construction Contracts, 88 IAS 18, Revenue, 88–92 IAS 20, Accounting for Government Grants and Assistance, 88 IAS 28, Investment in Associates, 88 International Financial Reporting Standards (IFRS), 3, 62, 87–101, 301, 313, 317–318 International Monetary Fund, 79 International Standards of Audit (ISA), 69, 142 International Standards Organization (ISO) 9000, IT Governance Institute, 45, 48, 49, 50 J J P Morgan Case, 107, 283 Japan, 2, 34, 61, 64, 67–70, 74, 87, 219, 301, 314 Financial Instruments and Exchange Law, 69 GAAP, 62 Institute of Certified Public Accountants, 70 SOX (JSOX), 70, 219 Just-in-Time (JIT), 34, 64, 133 K Kaizen, 296 Kanebo scandal, 70, 219 Kano, Noriaki, 29 model, 28, 29 Kealey, Nicole, 136, 142 Key Performance Indicators (KPIs), 10, 28, 109, 245, 280 Key Risk Category, 245–246, 248, 250 Key Risk Indicators (KRIs), 109, 236, 241, 245, 251–254, 277–278, 280, 282, 285–287 Index 325 KPMG, 88, 91, 92, 101 Kuznets Environmental Curve, 204, 205 Near-miss data, 113 Net Present Value (NPV), 75, 257, 264 Non financial risk, 237 L Latin America, 63, 75, 76, 77, 79, 81, 82, 83, 85 Lean manufacturing, 132, 134, 273 Lean Six Sigma, 2, 139 Legal discovery, 3, 183, 185, 187, 189, 191, 193, 195 Linear regression, 179 Liquidity risk, 240 Litigation, 3, 183, 185, 187, 189, 191, 193, 194, 195 Logistic regression, 179 London Stock Exchange (FTSE), 67, 68, 306 Long Term Capital Management, 289 O Occam’s Razor, 274 OECD Principles, 82 Off-balance-sheet arrangements, 95 OLAP Technologies, 156–157, 160 Oliver Wyman, 107 Online Analytical Processing (OLAP), 156 On-off controllers, 122 Open-loop control, 124 Operational loss event, 235, 236 Operational risk, 1, 103, 105, 235, 239, 240 modeling, 58 Operational risk categories Clients, Products, and Business Practice, Damage to Physical Assets, 2, 55 Execution, Delivery, and Process Management, Operational Risk Exchange (ORX), 104 Operational Value at Risk (OpVar), 108, 113, 252 OpVar See Operational Value at Risk Oracle, 221, 232 M Machine learning, 177, 179 Madoff, Bernard, 303 Malaysia, 62, 64, 67, 71, 89 Management’s Discussion and Analysis (MD&A), 70 Manager’s Guide to Compliance, 62, 88, 94, 100, 101 Market risk, 103, 105, 106, 107, 236, 237, 239, 240, 290 Mark-to-market, 240 Markov models, 109, 162 Maslow’s Theory of Motivation, 205 Metadata, 5, 10, 11, 17, 135, 176, 184–187, 189–195 Monitor performance, 291, 295 Monte Carlo Simulation, 108, 276 Moody’s Rating Agency, 57 Most Probable Explanation, 147, 150, 151 Motorola, 32, 44, 48, 51, 134, 292 N National Academy of Engineering Program Office, 112 National Institute of Standards and Technology, 8, 50 Natural Language Processing (NLP), 156 P Pareto charts, 119 Pareto principle, 134 Parmalat scandal, 300 Patient Safety Reporting System (PSRS), 113 PATRIOT Act, 16 Pattern recognition, 177, 179 Payback period, 257, 264 Pollution abatement initiatives, 214 Popper, Karl, 274 Porter hypothesis, 204 Predictive Key Risk Indicators To/From Loss/Incidents Prediction (PKRILI), 278–279, 282, 286 Predictive modeling, 174, 178 Predictive risk models, 250 Press Council of India, 63 326 Process Control, 117, 143 Public Company Accounting Oversight Board (PCAOB), 69 Q Quality circles, 134 Quantitative operational risk methods, R Rakesh Khurana, 314 RCSA See Risk and Control Self-Assessment RDBMS See Relational Database Management Systems Reduction of variation, 289 Relational Database Management Systems (RDBMS), 155, 157 Reputational risk, 103, 153, 239, 308 Residual data, 186 Revenue recognition, 90 Risk accounting system, 244 Risk-adjusted return, 238 Risk and Control Self-Assessment (RCSA), 251, 252 Risk appetite, 241 Risk capital calculation, 107, 238 Risk management in Asia, 3, 61, 63, 65, 67, 69, 71, 73 Risk management in Latin America, Risk monitoring, 241 Risk tables, 245 Risk, market, 103, 105, 106, 107, 236, 237, 239, 240, 290 Risk, operational, 1, 103, 105, 235, 239, 240 Root cause analysis, 3, 111, 143, 145, 147, 149, 151 Rules-based predictors, 179 S SAP, 221, 230, 253 Sarbanes-Oxley Act of 2002, 56, 61, 62, 69, 70, 88, 90, 93, 94, 223, 300, 301, 304, 311, 312 Comply-or-go-to-jail approach, 301 Section 302, 16, 100 Section 404, 56, 94, 312 INDEX Securities and Exchange Commission (SEC), 88, 90, 216, 218, 302 Securities Exchange Board of India, 70 Sedona Conference R 184, 185, 195 Segregation of Duties (SOD), 3, 219, 220, 222–227, 229–231 Semistructured data, 177 Service-level agreements, 15, 22 Service-oriented architecture (SOA), 41, 174 Shanghai Index, 68 Sharpe ratio, 117, 124 Shewhart, Walter, charts, 126 control chart, 127 Simon Kuznets, 205 Simon, Herbert A., 286, 288 Simon, Kerri, 138, 142 SIPOC See Suppliers, Inputs, Processes, Outputs, and Customers Six Sigma Black Belt, SOA See Service-oriented architecture Social network analytics, 153 Soci´et´e G´en´erale, 233, 289 Solvency II, 54, 58, 59, 99, 115, 219, 301 South Korea, 61, 64, 67, 71 Southeast Asia, 71, 74 Spanyi, Andrew, 132 Staff Accounting Bulletin (SAB), 88, 90 Standard & Poor’s (S&P) Rating Agency, 57 Statistical Process Control (SPC), 3, 117–120, 126–130, 291, 294, 296 Statistical Quality Control, 134 Strathern, Marilyn, 282 Structured Query Language (SQL), 221, 224 Stupidity, 303, 319 Subprime mortgage market, 304 Suppliers, Inputs, Processes, Outputs, and Customers (SIPOC), 33, 34, 44, 114, 116, 137, 138, 139, 140, 142 T Taiichi Ohno, 2, 134 Taiwan, 64, 67, 71 327 Index Taxonomies, 5, 160, 162, 163, 164, 165, 168 Taxonomy, content-driven, 162 Taylor, Winslow, 133, 273 Text mining, 153, 158, 160 Thailand, 64, 71 Theory of Constraints, 257, 259, 264, 270, 272 Throughput accounting, 3, 257–272 Throughput per Constraint Unit (T/CU), 266–271 Tobin Quotient, 310 TOC See Theory of Constraints Total Quality Management (TQM), 2, 3, 27–31, 33–36, 134, 209, 273 TQM See Total Quality Management Toyota, 2, 7, 31, 58, 64, 133, 134, 306, 307 Truly Variable Cost, 38, 221, 222, 255, 260, 261, 271, 272 Tulip mania, U Unexpected losses, 238–239 United Nations Standard Products and Services, 12 User access controls, 220, 224, 231 V Val IT, 45, 47, 49, 51 Value at Risk (VaR), 107–108, 234, 237–239, 242, 245, 276, 289 Value table, 245, 252 Visualization, 157, 163, 168, 177 Voice of the customer, 198 W Wall Street Journal, 299 Web-mining technologies, 153 Whewell, William, 274 World Bank, 2, 13, 25, 61–68, 71–79, 83, 85, 88, 216, 288, 300, 304, 306 Reports on the Observance of Standards and Codes (ROSC), 79 World Commission on Environment and Development, 205, 216 World Trade Organization, 61 WorldCom scandal, 206, 219 WORM technology, 11 X XML tags, 158 Z Z/Yen, 276, 286, 287 Zero defects, 32, 134 ... philosophies 8 RISK MANAGEMENT IN FINANCE DG CoE Training and Documentation Coordinator promotes education and training in DG procedures and guidelines This includes maintaining and communicating the... compliance, and operational risk management Risk Management in Finance: Six Sigma and Other Next- Generation Techniques focuses exclusively on next- generation techniques to improve operational risk management. . .Risk Management in Finance Six Sigma and Other Next- Generation Techniques ANTHONY TARANTINO DEBORAH CERNAUSKAS John Wiley & Sons, Inc Risk Management in Finance Founded in 1807, John