Challenged to deliver higher returns on its capital investments, and understanding that this goes hand in hand with greater risk, Corporate One Federal Credit Union officials decided to institute a more proactive risk-management strategy. "The traditional risk-management way is compliance," says Joseph Ghammashi, chief risk officer at the Columbus, Ohio-based institution. But, "Compliance is really looking backward," he adds. "A risk-based approach is looking forward, asking, 'Are you in a position to be safe?'"
According to Ghammashi, the search for an enterprise risk management (ERM) platform began in late 2005. Corporate One considered three vendors, including Boston-based LogicManager. "We wanted an enterprisewide framework in which we manage risk -- whatever kind of risk it is," Ghammashi explains. Though he declines to name the other vendors, Ghammashi says their solutions did not fit either the credit union's budget, size or in-house technical skills.
After speaking with LogicManager about Corporate One's needs, Ghammashi says, he decided not to request proposals from other suppliers. "They were willing to listen and to implement the suggestions that we felt strongly about, such as incorporating the COSO Enterprise Risk Management Framework," Ghammashi relates.
So in April 2006, Corporate One (more than $4.1 billion in assets) purchased version 2.0 of LogicManager's LogicERM software. The credit union installed the software on a Hewlett-Packard (Palo Alto, Calif.) server, which it purchased for the project, in May. "The software was easy to install," says Ghammashi, who notes that Corporate One has chosen at this time not to utilize the software's ability to interface with other enterprise systems. The credit union also purchased three large desktop screens for the risk-management staff.
Corporate One risk managers trained eight middle managers to use the software, Ghammashi relates. "Eventually, the goal is that every manager for a process should be able to use the software to do a risk-management assessment," he says. At that point, he explains, he and his staff would shift to more of a "consultant's role" on assessments, rather than compiling them.
The software plays a number of roles in Corporate One's new risk-management environment, Ghammashi relates. It warehouses data, performs a gap analysis between industry best practices and the credit union's practices, and monitors Corporate One's progress on the risk-mitigation gaps that it has identified. The system also serves as a reporting tool and risk-management dashboard.
Following the deployment, Corporate One conducted a two-month analysis to identify the most critical processes and prioritize which needed a risk-management assessment first. According to Ghammashi, the number of processes on which the credit union is able to perform risk assessments has risen from 15 to 59 -- with the same number of staff. He notes that LogicERM creates a standard way of measuring risk. "If we say, 'This risk is moderate,' it should have the same meaning no matter what the risk," Ghammashi says.
To date, the credit union has identified 80 key processes that it plans to add to the risk-assessment process. "This is like peeling an onion -- every process has a lot of subprocesses beneath it," Ghammashi says. And over time, the number of processes at Corporate One will grow, he continues, which is why he wants to get more managers throughout the company to use the software. The risk-management staff, Ghammashi says, "can only do so much." * --Judy Ward
** Institution: Corporate One Federal Credit Union (Columbus, Ohio).
** Assets: More than $4.1 billion.
** Business Challenge: Implement a more proactive risk-management system.
** Solution: LogicManager's (Boston) LogicERM software.