Integrated Risk Management: Findings and Implementation on Operational & Non-Financial Risk from our Research Project

Companies must be able to identify, analyse and evaluate risks in order to avoid or minimise potential problems. A distinction is made between different types of risks.

• IT and security risks: To implement an effective risk management system, it is important to consider IT and security risks. Companies need to ensure that their IT infrastructure is robust and secure to avoid data loss and cyber-attacks. External risks, such as potential attacks on third-party systems, must also be included in the assessment here.
• Data quality: Another important factor is data quality. Financial ratios are an important indicator of a company's financial health. Insufficient data quality can lead to inaccurate results and affect risk management.
• Processing of new risk-relevant information: Companies must also be able to react quickly to new information at any time and incorporate it into their risk analysis and assessment.
• Timeliness of ratings: Another important factor is the rating age. In order to be able to identify potential risks, companies must ensure that their ratings are up to date.
• Sustainability: Sustainability risks can affect the company's reputation and have long-term financial implications. Only an integrated approach to ESG performance, cash flow assessment and accurate revenue forecasting can provide a deep understanding of sustainability performance of a company.
• IT implementation of processes and methodologies: The IT systems and infrastructure of companies and organisations must be able to manage and analyse data effectively.
   

Key findings from our research projects  

FinAPU has comprehensively dealt with the topic in a research project and, in particular, with measurement and evaluation in depth. 52 participants from companies (banks, insurance companies, asset managers, public sector entities) in six European countries were specifically asked to report on their experiences in the following areas by means of a standardised questionnaire:

• IT & Security in Risk Management Systems (internal & external)
• Data quality in financial ratios (application in rating & early warning procedures)
• New Information: Processing of new risk-relevant information
• Rating Age: Ensuring current ratings (among others, reg. requirement)
• Supplement Information for daily risk management (e.g. sustainability)
• Processes and their IT implementation

In the assessment of the classification of the topic blocks, clear differences emerged both by segment and by OU unit.

• Data quality: was the topic with the highest OP risk for the respondents.
• Data availability: Outdated data was rated as the highest OP risk.
• Systemic implementation of the PO order: Systemic implementation was declared as a rather low OP risk.
• Model implementation: The results show a focus on the topics Data Quality, New Information & Rating Age and, if applicable, consideration of the organisation.

As a consequence of these findings, we have carried out the corresponding IT implementation directly in FinAPU.

OP-Risk integrated directly into the work process

In FinAPU, the topic of OP risk has been directly integrated into the work process. This realises a significant increase in the quality of the processes and can at the same time serve as a basis for the calculation of the OP-risk-related capital adequacy in the sense of the Banking Act and Basel III. Events relevant to OP risk are monitored and evaluated in real time. The user can take ad hoc measures that have a positive effect on both the risk itself and the capital adequacy.

Linking sustainability and credit risks

On the basis of the findings on OP & Non-Financial Risks, we conducted a follow-up project with the Austrian Research Foundation (FFG). The key finding was that social responsibility has an impact on credit risk. Here, too, we immediately implemented innovations in FinAPU based on this finding: the linking of ESG criteria with credit risk.