The Challenge
- Banks are struggling with the rising cost associated with the adoption of new regulation, new risk frameworks, compliance tools and technology and the boards are forcing banks to go through major modification of their internal control programs.
- When a banks are doing massive amounts of audits, risk assessments, it struggles with the quality of data to assess if their internal controls are effective or not especially if you have manual or redundant processes around risk assessments and measuring the efficacy of your internal controls
- Many banks are learning the hard way that their manual or automated enterprise risk or operational risk management systems are costly in an environment where the margins are razor thin and meeting the quality of efficacy of their internal controls is also challenge through manual processes
The Solution
- Besides cost, there are certain things that humans just can’t do or catch no matter how many people you throw at the problem. The solution involved in using artificial intelligence to automate measurement of “efficacy metrics” based on internal control effectiveness
- Automate the system to take a data feed from other banking systems, calculate the value and assess if the controls are effective or not and make changes to the efficacy of the internal controls through automation.
- Instead of doing audit once a year, you have greater visibility of the effectiveness of internal controls over the course of the year. This way when an examiner walks-in, he/she does not have to do your work in finding out whether the control is effective or not.
Value
- The value in automating the efficacy of internal controls comes from substantial cost savings and quality. Instead of investing in hundreds of people to measure the effectiveness of internal controls, you can invest in the risk and compliance system with automated efficacy of internal controls feature. This would replace and allow you to reallocate risk and compliance resources into other functional departments considering skilled risk and compliance resources are very hard to find.
A Case Study
Challenge
- One banking industry client that we were working with was going through similar challenges mentioned above.
- They were doing massive amounts of audits, risk assessments and struggled with the quality of data to assess if their internal controls are effective or not since most of the process around risk assessments and measuring the efficacy of their controls was manual
- They had to continue to throw more people at their problem (in the hundreds) towards efficacy metrics i.e. to measure controls effectiveness which substantially increased the cost in addition the quality of the efficacy of internal controls was also in question.
Solution
- The predict360 enterprise risk and compliance management system was configured to read internal control data directly through a feed or through a common input interface where no feed was available. This asset level disclosure data was then mapped and processed via a rules engine to determine and then update control efficacy.
- For example, if a control has its efficacy target set on a scale: values 400 – 600 equivalent to efficacy of 0-100% effective, and the input value is 500, then the efficacy for the associated control would be 50%
