# Operational risk spending increases

The recent operational risk management (ORM) technology survey conducted by Operational Risk & Compliance and Protiviti indicates technology costs have increased for more than 70% of survey respondents over the past two years and are expected to continue to climb through 2006. Survey responses were submitted by risk management and financial services professionals, representing the full spectrum of financial services firms, both in terms of size and business activity. While the majority of organisations surveyed appear to be well on their way toward implementing Basel II operational risk management practices, it appears that most organisations are still seeking the right enabling technology solutions to support their operational risk management programmes, particularly with respect to the capture of self-assessment, internal loss, and KRI data.

Increased operational risk technology spending

Op risk technology expenditure has increased for more than 60% of the survey respondents. And nearly 30% of respondents surveyed indicated technology expenditures have increased by 10% or more over the previous two years. Respondents were also asked to estimate the change in technology costs related to op risk over the next 12 months. When comparing ORM technology expenditures of the last 24 months with the anticipated change in ORM technology expenditures for the next 12 months, 73% of respondents expect their firms to see further increases in technology costs.

There is a clear trend toward increased technology investment, and that trend is likely to continue for the foreseeable future.

Internal loss database (60%), self-assessment (51%), internal op risk reporting (45%) and KRIs (38%) have been implemented by roughly half of respondents. While use was slightly higher at larger institutions, institutions from virtually all asset sizes have widely implemented these tools. Even the majority of firms with less than $1 billion in total assets are creating operational loss databases. In examining the trend for introduction of ORM tools, internal loss databases and self-assessment tools are the first tools implemented by op risk programmes, and this trend is seen across all geographic regions and size of firm. Internal reporting and KRIs are the focus of tool implementation currently under way. With acquisition of data and assessment information, it is logical that ORM managers are now turning to more predictive risk metrics and reporting vehicles. Historical barriers to implementing vendor solutions Uncertainty regarding the evolution of op risk management in conjunction with the perception that appropriate software tools do not currently exist to hit this moving target appears to be the main barrier to investing in a vendor-based solution, comprising 48% of responses. Conversely, only 20% of respondents cited a belief that internally developed applications are either less expensive or superior as their top reasons for not considering a vendor-based solution. Larger banks that have traditionally developed their own op risk solutions are now reconsidering this strategy and focus as 57% of organisations with more than$50 billion in total assets are now considering or are implementing a second-generation tool for self-assessment, internal loss database, internal reporting and KRIs. While there are a handful of established technology providers, this area is relatively young and growing to include more than 20 different operational risk solutions that were considered by respondents during the past year.

Replacement of existing software solutions

It is clear that firms are not shy of replacing current solutions. When asked about replacing existing op risk software solutions, of the respondents surveyed that are at or beyond the midway point of their op risk management implementation, more than half are considering or implementing second-generation technology solutions for self-assessment (70%), internal loss database (58%), internal reporting (56%) and KRIs (50%). The op risk software market continues to evolve. To be considered a viable alternative, software vendors must develop flexible solutions that can meet changing op risk management methodologies as well as adapt to unique customer requirements. The challenge for these vendors will be to demonstrate that they can provide a comprehensive solution that spans multiple disciplines – including self-assessment, loss collection, internal reporting and KRI monitoring – at a lower cost of total ownership and with equal or better responsiveness to unique client requirements as internal application development groups.

Conclusion

This year's survey on op risk technology offers clear insights into the trends and areas of technology investment. Many are now considering and making strategic investments in op risk technologies as the number of vendor offerings continues to expand and their respective solutions mature.

Protiviti (www.protiviti.com) is a leading provider of independent risk consulting and internal audit services. It provides consulting and advisory services to help clients identify, assess, measure and manage financial, operational and technology-related risks encountered in their industries, and assists in the implementation of the processes and controls to enable their continued monitoring. Protiviti also offers a full spectrum of internal audit services to assist management and directors with their internal audit functions.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.