Six can fix it


THERE is little doubt about it, Six Sigma is sexy. While it may seem a bit of a stretch to equate a process improvement framework with Brad Pitt or Angelina Jolie, some operational risk executives get visibly animated when discussing the subject.

But just how much implementation of Six Sigma by operational risk mangers is being done? The new OR&C Intelligence survey on the subject - conducted in partnership with London-based risk-management solutions provider Chase Cooper - shows that little is being done to integrate Six Sigma into firms' operational risk framework.

When asked whether they thought process improvement was an integral part of the operational risk cycle, 79% of respondents answered either "4" or "5", with "5" being "extremely integral".

Additionally, 33% of respondents said they thought a methodology such as Six Sigma could be implemented in the financial services industry "extensively", while another 64% said it could be implemented "to some extent".

Also, 28% said they believed Six Sigma or other data-driven process improvement methodologies could lead to regulatory benefits, such as a lack of enforcement actions for process failures. Another 65% said such methodologies would produce "some benefits".

And yet, in spite of general excitement about Six Sigma and other such methodologies, most firms are doing little in the Six Sigma space. Some 49% of respondents said their current risk technology doesn't support Six Sigma or other process improvement methodologies "at all", while another 42% said the technology supported it "to some extent". Only 9% of respondents said their technology could support business process improvement "extensively".

Perhaps part of the reason why op risk executives aren't flocking to implement Six Sigma or other similar methodologies is that they don't currently see business process improvement as part of their remit. When asked how the value of an operational risk department should be measured, most respondents answered in very risk quantification-orientated terms.

For example, one respondent writes that op risk value should be measured "by conducting awareness trainings, collecting and compiling information, and creating MIS reports". Another writes: "by the UL [unexpected loss] decrease as well as the amounts of the loss". A third writes: "based on value creation, either from risk reduction/mitigation or from opportunity creation through risk acceptance and leveraging".

Another respondent says op risk value can be measured by "an ability to engage with the business to manage risk. By an ability to create a sustainable process for risk management that can be used by all staff. By measurable improvements in the risk profile that reflect intended (ie planned) and unintended (ie byproduct) outcomes. By measurable improvements in the risk culture of the organisation - this is the key to sustainability".

In fact, the majority of the respondents mentioned phrases such as "loss reduction", "loss avoidance" and saving on regulatory or economic capital. Some mentioned benchmarking against industry practice as a means of improving performance, while others discuss building a "risk culture".

This contrasts with the business process improvement approach being increasingly advocated by some thought-leaders in the industry. "I see Six Sigma as enabling senior management, operations management, business heads and operational risk management to align their efforts under a common objective - the satisfaction of customer requirements, with ORM as the hub around which this process can evolve," says John Kiddy, chief executive of Chase Cooper. "We have long seen op risk as a key resource for helping to maximise shareholder value, as a facilitator, enabler or catalyst (depending on your point of view) in creating the conditions whereby profits can be generated in a sustainable and ethical way."

Part of the disconnect between process improvement and traditional op risk may lie in the fact that many op risk executives hail from market and credit risk backgrounds. Still others come from audit. This results in a focus on "loss reduction", but many firms are struggling with how to accomplish this when it comes to unexpected losses.

"The focus on losses is not really surprising, since it is something everyone in the organisation can relate to," says Kiddy. "I think there are positive as well as negative impacts to this. On the positive side, it focuses op risk departments, business heads and senior management on the measurable benefits of an effective ORM programme. The negative is if the reduction of losses is seen as the primary measure of success. This misses the point of many of the enormous business benefits of ORM. Firms need ORM to also focus on reducing the risk of large unexpected losses happening - the danger is if the focus becomes centred on the reduction of relatively immaterial expected losses."

Many respondents saw the logic in this. Some 84% said op risk technology should support Six Sigma or any other data-driven methodology for process improvement. Another 19% said they believed business process methodologies can be used by the op risk group to communicate the value of the op risk framework "extensively" within the organisation. Another 74% said it could be used "to some extent".

But it isn't all bad news. Many op risk executives believe the data they are collecting at the moment can be useful for driving business process improvement. Some 33% of respondents are collecting loss data, risk control self-assessments (RCSA) and key risk indicators (KRI). Another 31% are collecting these elements, plus causal data. And 73% of respondents rated the data they collect at the moment as a "4" or "5", with "5" being rated as "extremely useful".

But even if they have the data, can they use it for process improvement work? "It seems to me there are three aspects to this," says Kiddy. "First, the technology must enable the user to collect and analyse the data required, so in addition to the functionality we normally see, the technology must enable Risk Events to be linked to Cause, Risk, Control and Key Indicator. We also believe it should maximise the benefit of RCSA data by integrating with modelling tools that give more financial meaning to this data and enable what-if scenarios, risk sensitivity and control failure simulations to be performed.

"Second, the technology must have a transparent data model and open architecture that enables it to readily integrate with process mapping and document management systems typically used in the industry.

"Third, and to my mind most importantly, the technology must have the flexibility to support different views of risk. A Six Sigma programme will require views of risk to be redefined, for example to incorporate a process-driven view - the risk of a process failing.

"The technology must allow current risk definitions and measures to recalibrated for some parts of the business, while at the same time supporting the existing risk definitions under the same set of data and linking up to common objectives. This is crucial in enabling a Six Sigma implementation to utilise the OR programme in place, rather than re-inventing what has gone before."

Certainly, it seems that Six Sigma, and process improvement methodologies in general, are being strongly considered by the operational risk industry as one way in which they can use the information they are harvesting to add value back into their organisation. The challenge will lie in how successful op risk executives are in convincing senior management and boards of directors to adopt Six Sigma-style projects, and then how far they will be able to drive implementation. OR&C

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

Investment banks: the future of risk control

This survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

Op risk outlook 2022: the legal perspective

Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…

Emerging trends in op risk

Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…

Moving targets: the new rules of conduct risk

How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…

Building resilience into ESG risk management

Risk and resilience continue to play an important role in the navigation of an increasingly uncertain world. Fusion Risk Management explores why it is equally crucial for technology to support organisations in addressing pertinent environmental, social…

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here