In recent years the financial industry has evolved significantly with the creation of new products, formulation of trading strategies, development of theoretical tools and growing sophistication of customers. Accordingly control functions such as internal audit have evolved to keep pace. One of the outcomes is the emergence of a new function of risk analysts within internal audit.
The primary role of internal audit is to evaluate controls against risk exposures. As one would expect, the nature of the controls depends on the nature of the underlying business. Changing nature of the business and growing stress on corporate governance where control functions are expected to examine a broader set of areas has created the need for additional skills to evaluate controls.
Risk analysts work within audit groups and have quantitative and analytical backgrounds, but like their auditing colleagues are control conscious as well. As such they perform several control related functions of a more technical nature. Additionally, depending on their experience and background, the risk analysts can be engaged in other forms of projects as well.
In order to perform their tasks effectively, the analysts should have a basic understanding of financial methodologies and how the methodologies capture various facets of business such as risks and market movements. They should be knowledgeable about the financial products and the financial management process and the role they play in the overall functioning of a business. Additionally they should be perceptive in nature keeping an eye on developments both within the organization and on outside industry events.
Soft skills are also critical. Relationship building skills are required since risk analysts need to interact with professionals at various levels throughout the organization. Also, both written and verbal communication skills are important, especially the ability to present technical concepts in a relatively non-technical language.
Below are some of the functions that the risk analysts may perform:
*Increase the efficacy of financial models
The role of financial models in the business continues to grow. Consequently the ability of a model to serve the intended business purpose is crucial. Capital allocation models should motivate the desired behavior, business decision models should perform the analysis relevant to the firm's strategic goals and trading models should provide information pertinent to products and desks.
For a financial model to be successful, several pieces should fall in place: (a) objectives should be clearly defined, (b) underlying theory should be conceptually robust, (c) implementation should be well tested, (d) input data should be identified and updated in a timely manner, (e) outputs such as reports should provide relevant information, (f) appropriate maintenance measures including documentation and security should be in place, (g) there should be periodic validation process and (h) the model should conform to applicable regulatory or legal requirements.
The risk analysts evaluate the robustness of the above-mentioned items or play a consulting role during the development of a model keeping in perspective the ultimate business goal. Whenever feasible the analysts study the individual items in detail or else examine the measures taken to ensure robustness.
*Serve as analytical partners in operational audits
A large part of internal audit projects evaluate controls around potential operational risks. Not surprisingly operations are often designed around underlying products or financial models. Risk analysts work in partnership with internal auditors in understanding this inter-relationship and in identifying potential areas of operational risks.
This collaboration can be applied to a wide range of audits such as those covering trading operations, valuation processes, systems flows and reporting procedures. The growing sophistication of financial products and increasing role of quantitative models are expected to provide continuing impetus to a partnership of this nature.
*Facilitate in risk management process
The risk analysts may serve as internal examiners or partners to the areas managing quantifiable forms of risks, such as market risk and credit risk.
The risk analysts could work with the relevant functions in ensuring that the risk management process has a defined goal, supports the organizational strategy and has adequate measures in place to accomplish the intended goals. During periodic reviews of businesses the risk analysts should look to identify risks that are not getting captured in the risk management framework or identify areas where the risk management process could be enhanced. Also, since the regulators often look to internal audit to examine the risk management procedures, the analysts may work with the respective functions in ensuring that the regulatory expectations are addressed.
*Perform projects requiring an integrated understanding
of the organization
By the virtue of being in the audit group, risk analysts work with different groups within the organization. This provides an opportunity to learn how different pieces of an organization integrate together and the role financial models play in the overall functioning. This puts risk analysts in a position to perform projects that require broad-based understanding of the organization.
For Example:
1 The analyst can help increase the effectiveness of management policies, especially the ones where models play an important role such as capital allocation process or performance measurement metric. The risk analysts could study if these policies are indeed having the desired effect, and if not, identify the reasons and recommend the corrective measures. To accomplish this, the analysts would study how the management policies are formulated in quantitative models and identify what part of the models could be working against the desired results.
2 Highlight cross-business issues by identifying instances where it makes sense to view things in aggregate manner or to create cross-business partnerships. This aspect becomes even more relevant with the growing emergence of hybrid products with multiple forms of underlyings such as equity, credit and commodity. This could result in a particular desk offering products involving risks outside its core area which leads to lower demarcation of risk exposures between different desks.
3 Study management decisions, industry events and other developments that involve quantitative concepts, identify operational/infrastructure and risk implications, and facilitate action steps to address the issues or to institute controls against them.
*Generating ideas outside risk realm
While as awkward as it may sound, risk analysts in an audit function may also use their broad based exposure to generate ideas outside risk realm.
Along these lines, a previous article showed how increased capabilities in the financial industry may be utilized beyond conventional financial purposes to meet broader business management goals (DW, 09/25/00). For instance, wide ranging abilities of financial products may be used to transfer risks or to create motivations in order to push forward a business initiative. The article also discussed the potential of financial markets as a source of business information as the amount of available market information increases with the growth in products.
This week's Risk Management Focus was written by Udayan Srivastava, v.p. risk analysis & audit at JPMorgan Chase in New York. The author thanks Alexander Hatzopoulos, v.p. general audit, for his comments.
