Data-driven operational risk management: an improved understanding of the effect of causal factors

Student thesis: Doctoral Thesis

Abstract

The internal and external operating environments of organisations globally are evolving and becoming more complex, interconnected and volatile. This is leading to greater operational uncertainty and the risk of inadequate or failed internal processes, systems and people. Without effective management of these operational risks, substantial financial, regulatory and reputational ramifications can result.

Current operational risk management (ORM) processes are manual and qualitative in nature, resulting in subjective and backward-looking assessments at static and infrequent points in time. These assessments are incongruent with the dynamically changing and technologically integrated operating environments of organisations, and of concern, are reactively informing important and costly mitigation decisions.

Recognising these limitations, practitioners, regulators and researchers are calling for more quantitative, real-time approaches driven by data. Unfortunately, due to the complexity of the problem, regulators are struggling to offer prescriptive guidance on effective data-driven ORM methodologies, and instead are challenging organisations to improve their approaches themselves. With organisations’ focus on reducing costs, limited access to necessary capabilities and commitments to maintaining business continuity and compliance, there is a need to improve collective understanding and develop generalisable innovative analytics applications to modernise ORM.

This thesis makes four main contributions in this regard. First, the field of research applying data analytics to ORM across various industries is systematically reviewed. In synthesising the existing knowledge using a newly developed multi-layered classification framework, five core themes are identified, summarising how different analytics techniques and data can be leveraged in a risk context. These outputs provide a much-needed meaningful structure to improve researchers’ and practitioners’ understanding of the breadth of opportunities with and value of data-driven ORM. Not only does this promote future research with the intention of advancing the practice in a purposeful manner, but importantly, the industry comparisons serve to facilitate those with less mature ORM practices to transition to an improved and modern approach.

With causal factors analysis (CFA) emerging as a key area within the literature, as well as foundational to risk management theory, the focus of the thesis shifts toward developing a novel quantitative CFA model. Representing the second main contribution, a systems-based approach underpinned by Bayesian network modelling is evaluated in a real-world case study in insurance. Powered by raw operational data streams in the organisation, it not only identifies what factors cause loss events, but provides in depth insights into how causal factors influence the probability of a loss or incident across an operational risk environment. Understanding the critical individual and collective effects of factors is strategically valuable in facilitating more proactive and efficient mitigation, in turn reducing losses.

Thirdly, acknowledging the different dynamics of factors, the importance of temporal dependencies in monitoring operational risks and their causes over time is considered. Such temporal effects between losses and causal factors have not been explored in previous literature. Yet, further to the individual and collective effects of causal factors, time presents another valuable mechanism to better understand the evolution of operational risk profiles. This is investigated through a case study in aviation by extending the earlier time-independent CFA model to a time-dependent variation.

Finally, to address the lack of guidance on how organisations can operationalise data-driven CFA, a principles-based modelling framework is developed. It consolidates the learnings from the two real-world case studies to provide a practicable and generalised approach. While directly extending the frontier of CFA, the thesis introduces a mechanism to support broader analyses across all five core themes identified in the literature, ultimately enabling an integrated analytical approach to ORM.

The key stakeholders to benefit from this research are risk professionals – risk managers within organisations looking to enhance their ORM function; consultants advising on best practice; and regulators setting legislative requirements to protect consumers and employees and prevent market failure. Implementing such a data-driven approach to operational risk CFA in an organisation will enable a deeper, more objective and up-to-date understanding of the complex drivers and interconnections of operational risks. Ultimately, by informing proactive and targeted mitigation, it seeks to efficiently reduce the occurrence of financially, physically and reputationally costly losses.
Date of Award5 Oct 2023
Original languageEnglish
SponsorsKPMG
SupervisorAdrian Gepp (Supervisor), Christopher Bilson (Supervisor), Steven Stern (Supervisor) & Bruce Vanstone (Supervisor)

Cite this

'