Management information and ‘conduct risk’
Deloitte has recently published a report entitled Management Information for Conduct Risk – Underpinning Better Decision Making. According to Deloitte ‘conduct risk management information’ covers market propositions, conduct, behaviour, culture, breaches of policies or regulations and the effectiveness of conduct risk mitigants and controls. Now the primary focus of conduct risk is the effective management of financial services market but the principles are, in my view, applicable across all organisations.
The report sets out ten elements of a conduct risk MI and these are
- Linked to strategy, culture and risk management framework
- Outcomes focused
- Holistic and used to support analysis of trends
- Efficient and proportionate
- Accurate and timely
- Measured and reported on at an appropriate frequency
- Comprehensive and traceable
- Supports open communication and challenge
- Acted upon and recorded
That is a very good set of elements for any information management strategy. All too often ‘management information’ is seen as the output from a business intelligence application. This report emphasises the need to integrate data and information, and also the need to have staff with appropriate skill sets. When I speak to senior executives I always ask them how much confidence they have in the reports that they are presented with on organisational performance. The answer is always that they have total confidence but when I probe they often have no knowledge of where the data and information has been sourced from. Many years ago I was working on the intranet of the International Monetary Fund and had an opportunity to look at the documents that were going to the Executive Board. Almost every item of information was tagged with the name of the expert taking responsibility for it. Good intranets take the same approach but many other enterprise reports have no personal accountability stamped on them simply because there is no appropriate field in the database.
New regulations from the Bank of England will require a much higher level of responsibility by managers for the decisions they take and the basis on which those decisions are made. Of course this is at present a specific requirement of the financial services sector but it should also be good practice in all organisations where shareholders increasingly want to know why a particular decision was made. Even if you are not in the financial services sector this 20 page report is well worth reading as a way of starting discussions in your organisation on personal responsibility for information quality. I’m always looking for ways in which I can sell information management to organisations and this is an approach that I can see having some merit.