Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

February 2009

Prev Month( 1th ) Next Month( 3th )

Take a Valentine Risk Assessment

Posted on February 14, 2009 3:12 pm by Caroline Ramsey-Hamilton Comment

I think they should make people do a risk assessment on their proposal relationship and turn it into the city office when they go to get a marriage license — I thought it would be appropriate to introduce it on Valentine’s Day!

So to design our risk assessment, first we need to create a list of assets — joint assets.  How about the 2 houses, the 2 cars, the children from the former marriage, the inlaws — actually all the relatives on both sides, and pets (dogs, horses, etc.) any cash including stocks, bonds and salaries.  Probably also insurance policies, household goods, jewelry, musical instruments and collections.

Now we can model the potential losses we could suffer if the relationship fails:  Death or personal injury, divorce, alienation of affection, compromise and loss of assets.    Now we can add in the threats that could cause one of the projected losses to occur.  Threats could include things like:   children, relatives, job loss, illness, death, affairs, theft, business travel, alienation, depression, substance abuse. 

Next are the vulnerabilites in the relationship that could sabotage the whole thing — here are some of the questions we might make the prospective marital participants ask:

Do you work out of town more than 1 month a year?

Do you have more than four children?

Will one spouse be staying at home?

Do you have two incomes?

Does each partner have a healthy asset to debt ratio?

Do the partners have the same religion?

Do the partners have more than two common interests?

Are the partners equal in education?

Are the partners equal in life experience?

Is there a history of mental illness in your family?

Is there  family history of major medical problems, i.e.,
       diabetes, cancer, respiratory problems, cardiac issues, etc.

Do the partners have the same political parties?

Do the partners have a shared vision for the future?

So once the questions are all answered — and possibly weighted for importance — for example, I would put higher weight on questions about family medical history and financial health.  

We link the elements together according to a pre-set algorithm and then we give the couple risk rating:

80 – 100% – chance for a healthy relationship

50 – 79%    – possibility of healthy relationship if vulnerabilities are fixed

30- 49%      – possibility of healthy relationship is doubtful

1 – 29%        – healthy relationship unlikely to be successful.

The answer would also indicate outstanding vulnerabilities (think of a
vulnerability as a window of opportunity for a threat to materialize),
for example, health, financial assets, illness, mental illness, alcohol abuse, drug abuse, obsessive compulsive disorder, responsibility, accountability, policies, romance, weight control etc.

Based on the outcome of the assessments — say the score comes in at
70%, then counteracting controls are recommended such as:

Start Exercise Program
See psychologist for extensive analysis
Schedule a date night once a week
Hire a financial counselor
Take yoga classes
Reduce stress
Quit your second job
Take a real vacation once a year

I think that using quantitative tools at the beginning of a marriage or serious relationship might be a great idea!  The city could charge another $20 for rating the assessment so it would not only save relationships but serve as a revenue generator for city and county government!

That’s your risk assessment for Valentine’s Day.  Please let me know if you’d like to fill out one of my prototype questionnaires, or maybe contribute to the model.   Enjoy the day!



Accountability and the Link to Senior Management Salaries – Can it be measured or assessed?

Posted on February 12, 2009 2:12 pm by Caroline Ramsey-Hamilton Comment

The recent Stimulus Bill passed in February 2009 called bank presidents up to Capital Hill to report how much they made and whether they took bonuses or not.  Most reported they made one million dollars a year and took no bonuses.   Of course, we might suspect that this was slight underreporting.

Is there a link we can assess between performance and compensation?  In a factory, where people are paid by piece work, that is, ten cents for each piece sewn, there is a direct correlation and you could probably provide other examples of direct pay for direct work.

Another place to look is sales compensation.  Again, salespeople are incentivized by commissions so there is the correlation — work harder, get paid more.  

But the farther you go up management food chain, the harder it is to see the relationship between production and/or success of the enterprise and the salary of senior management. 

A recent study by the Health Services Research found that doctors who were paid more for higher quality care did improve their performance. It examined whether patients seeing physicians participating in a “pay-for-performance” incentive program receive better care than those who saw non-participating physicians. The health plan that was examined reimburses physicians based on the quality of care they provide. 

What about in other industries?  In another study, they analyzed the 100 largest technology companies finds that those with the highest-paid CEOs in 2005 had the worst returns.    DolmatConnell & Partners, an executive compensation consulting firm based in Waltham, Mass., found there was an inverse correlation between tech CEO pay and shareholder returns over a one-year period.    Companies analyzed in the study included Cisco Systems, Dell, EMC, Google, Hewlett-Packard, IBM,  and Oracle, as well as telecommunications providers, technology services companies and products distributors.

Perhaps the answer lies in the amount of PERSONAL ACCOUNTABILITY the senior managers have in the success of the organization.  If high paid managers are isolated and insulated from the operations of the company, they may not be in a position to directly affect its success, whether you define success as higher stock price, profitability, improved EBITA or some less quantitative standard, such as, are the employees happier?

Organizations where management stays involved with the day to day operations and can use their influence and wisdom to influence the progress, might be able to make a bigger impact on success of the organization.



Credit Unions and NCUA regulators

Posted on February 9, 2009 5:26 pm by Caroline Ramsey-Hamilton Comment

According to several companies that track such things — the number one thing that NCUA regulators are asking credit unions for this year is a copy of their risk assessment.

With fifty-five new regulators planned for 2009, the NCUA also announced it’s plan to move to a twelve-month examination cycle.  This is in contrast to the previous 18-24 month examination cycle, and has prompted a written complaint by the Credit Union National Association (CUNA) which objects to adding new regulators, as well as objecting to the new examination cycle.

In fact, CUNA wrote, “We find this draconian and believe there is a more cooperative way in which NCUA and the state regulators can discuss this issue …”.   It may turn out to be more prudent than draconian, because these risk areas, which should be detailed in the risk assessment, are areas that many credit unions have ignored, or have managed to ‘get by’ with a homemade spreadsheet, which does little to identify or quantify risk.

In a risk adverse environment with regulator issues on television every day, CUNA did state that  “given the economic crisis and the need for NCUA to be able to continue reporting to Congress that it is handling problems well, CUNA is not opposing this change [the 12-month cycle]”, and continued, “Even so, we strongly support a reasonable phase-in period that focuses on problems and risk first.”

Looking at this, it seems that part of the problem is a disconnect between the financial regulators and the credit union senior management.  Management and the Board looks at these requirements as annoyances that have to be completed and keep them from more important work — like getting new members or new loans, instead of looking at the risk assessment as a support to their business process.

When viewed as an integral part of a business process, it is clear that the risk assessment supports management by providing a quantitative view of the entire IT program, or the entire operational processes of the credit union.   It supports management decisions directly by providing real justification for the controls that management and the Board need to implement; and by giving the NCUA regulators visibility into those decision processes.

It shows the logic of the decision process, i.e., why management decided to use biometrics on their laptops; or why they need to shift some of the security controls to their outsourced vendors and making the vendors more directly responsible for security.   This allows the regulators to give better advice, and support to the credit union, because there is a rational process that can be discussed and examined, to the overall benefit of improved operations for the credit union.

The intent of increased regulation is not always to aggrevate or criticize the credit union management, but can be positive force which allows the credit union to advance, gain new members and be more profitable.



TARP Risk

Posted on February 6, 2009 8:45 pm by Caroline Ramsey-Hamilton Comment

What is the risk associated with taking TARP money from the federal government?   If the government is going to create difficult milestones and lots of requirements — like limiting of CEO salaries and banning bonuses — it might not be the bonanza everyone seems to think.

We recently were contacted by a company that is turning into a bank just to get their share of the TARP and Stimulus dollars.  Of course, they may not understand the downside of being a bank which would include heavy regulatory compliance AND the ‘mark to market’ problems.

Thinking about a risk assessment for the TARP took another direction — what kind of formal risk process could be used by feds to judge whether a particular bank or company was TARP-worthy.   After you throw out all the joke lines — e.g., do they own corporate Gulfsteam jets?, then what would you look for?   Here’s a list of possible factors:

Value of company to overall economy
Ratio of bonuses to overall revenue
Ratio of CEO pay compared to overall revenue
Number of ‘retreats’ taken annually
Growth potential
Analysis of potentially impacting threats

These would be all mapped against the perceived value of the company in terms of dependencies, i.e., is the company the sole industry in its community or region?  

Is the company a critical element in the military industrial complex — does it have Defense implications?

Does it represent an underrepresented or endangered industry?

Past record for regulatory compliance.  It might be interesting to see how compliant the company was with previous regulations, as an indicator as to whether they would comply with all TARP/Stimulus bill requirements.

Obviously there might be a subjective edge to these ratings and the Government Accountability Office (GAO) would have to be the agency to administer these risk assessments.

Probably the hardest part would be ensuring that the recommendations made by GAO would be honored by the legislators.   But I like the risk model applied to the TARP.




top

Prev Month( 1th ) Next Month( 3th )