Enhancements to IBM OpenPages Model Risk Governance
IBM® OpenPages® Model Risk Governance includes numerous enhancements to all aspects of the solution.
IBM OpenPages Model Risk Governance supports organizations in organizing and centralizing their Model Inventory.
As a solution IBM OpenPages Model Risk Governance provides a configurable and customizable platform, allowing firms to:
- Organize, document, and maintain an enterprise-wide inventory of models and their usages
- Document and track issues that are associated with models in a central location
- Record Model Change management governance activities
- Schedule, track, and manage Model Reviews and Validations
- Conduct periodic model attestations and model risk assessments
- Assign appropriate roles and responsibilities for model ownership and model risk management
- Monitor performance and status of their Model Risk Management program
- View the relationships between their Model Inventory and the relevant aspects of their Policy and Compliance obligations
MRG object model and schema
Model Scorecard and Model Attestation object types were added to MRG, and the relationship between Model and Usage was reversed. The Model object type is a now a parent of the Usage object type as shown in Figure 1. The reversal reflects the typical requirement to document the model and then identify its uses.
- Model Attestation
- Model Attestation allows an organization to request a regular sign off or attestation of a Model. The MRG administrator periodically creates a set of blank Model Attestations, which are assigned to the respective Model Owners. Each Model Owner answers a set of questions about the Model and submits their Model Attestation.
- Model Scorecard
- Model risk assessments are performed during the development and documentation phase of a Model. They are also typically performed periodically after a Model is in production. The Model Scorecard object is used to conduct this risk assessment. The user answers a number of questions about the Model. Model Scorecard triggers calculate a risk score and determine the Model tier.
The following graphic is the MRG object model.
The existing Model Report, Report Section, and Documentation object types were removed.
Fields and field values have been added to many of the MRG object types to facilitate ownership and status tracking and operations in MRG workflows.
Triggers, dashboards, views, and workflows are dependent upon the object model and schema.
MRG profiles
Triggers, dashboards, views, and workflows are dependent upon key elements of the profiles.
MRG includes three profiles:
- OpenPages MRG Master
- MRG Model Owner
- MRG Model Validation
The profiles are the same except for what is included in each of their dashboards in the Task Focused UI. The OpenPages MRG Master profile dashboard in the Task Focused UI is a superset of content included in the other two dashboards.
The following example dashboard can display for a user who is assigned to the OpenPages MRG Master profile.
MRG role templates
Triggers, dashboards, views, and workflows are dependent upon key elements of the role templates.
MRG includes the following role templates:
|
Name |
Description |
|---|---|
| MRG - All Data - Limited Admin | Full R/W/D/A access to all default MRG objects. Limited admin rights. |
| MRG - All Permissions | Full R/W/D/A access to all default MRG objects. Full admin rights. |
| MRG - Model Developer Owner | Used by model owners and developers. This role template is similar to the Model Risk Management role template except that no write access is granted to the Review object. Most admin application permissions are not granted. |
| MRG - Model Risk Management | Used by model risk managers (second line of defense). Read, write, and associate access rights are granted to MRG object types. Write access is denied to shared object types, Preference, and Business Entity. Most admin application permissions are not granted. Delete access is not granted to any object types. |
| MRG - Model Validation | Used by model validation users. Read, write, and associate access rights are granted to a subset of MRG object types including Model, Register, Review, Change Request, and Challenge. Write access is denied to other MRG object types. Write access is denied to shared object types, Preference and Business Entity. Most admin application permissions are not granted. Delete access is not granted to any object types. |
Views for MRG in the Task Focused UI
Enhancements have been made to most views for MRG in the Task Focused UI. Some of the changes are to align the views with the sample workflows, some are to take advantage of new capabilities in task views, and some are to use the existing capabilities to enhance the user experience with these views. New views have also been added.
Views for the object types that are specific to MRG are shared by all MRG users. There are MRG-specific views on the shared object types Business Entity and Preference that are available only to users of one of the three MRG profiles. MRG users share views with other users for other shared object types such as Issue and Action Item.
The following examples show task views for a Business Entity. Users of any one of the MRG profiles get an MRG-specific organization view.
A Business Entity also shows information about Validations/Reviews and Issues.
MRG workflows
Nine new sample workflows are provided to facilitate various MRG use cases.
If you have configurable life cycle or custom triggers on these object types, disable the workflows, life cycles or triggers when you decide which elements you will use.
- Model Candidate workflow
This workflow allows a user to add a Model object to the inventory as a candidate. The Model candidate is submitted for Approval as either a Model or a Non Model. The approver can perform an override of the candidate proposal. After a model candidate has been confirmed as a Model, the Model Development and Documentation process can begin.
- Model Development and Documentation workflowThis workflow takes a model from the completion of the candidate process through to approval for deployment. It consists of four stages and multiple sub-workflows that involve various stakeholders:
- Definition and planning (model owner)
- Development and documentation (model developer)
- Pre-implementation review (model validation)
- Approval (head of model development)
- Model Tier Scorecard workflow
This workflow performs a model tier assessment on the model, the results of which are used to assign a tier to the model. The Model Scorecard triggers and the values in Preference records are used to compute scores and tier. At the end of the workflow the scores and tier are copied up to the parent Model.
- Pre-implementation Review workflow
This workflow is performed at the completion of the model development and documentation workflow. The Review Planning team that is identified on a Preference object is responsible for completing this review. This workflow is also used for conducting reviews after the model is in production.
- Model Attestation workflow
This workflow is typically started by an MRG administrator and records a model owner's response to a request for attestation.
- Challenges workflow
This workflow is started against a Model, one of its Usages, or a Review. The result can be no action or changes to a Model or Usage.
- Change Requests workflow
This workflow provides governance for changes to Models. A workflow can be based upon changes in the business or to the data and other inputs to a Model. Users can accept, approve, or reject the change and decide whether it is material or not.
- Metric Value workflow
This workflow automates the Breach Status calculation and facilitates performance monitoring of deployed models. This is critical to the ability to proactively decide to make changes to the model or its usages or to remove a model from production. Typically, an MRG administrator creates Metric Value objects, a Metric Capturer provides the latest data for the Metric, and the Metric Owner reviews and approves it. The workflow calculates breach status for the Metric and copies the most recent Metric Value information to the Metric.
- Model Decommission workflow
This workflow is used to remove a Model from production and retire it.
MRG triggers
MRG includes triggers on the Model Scorecard that are evaluated if a Model Scorecard is created or if any of its scoring input fields are updated. The triggers calculate scores and weighted scores for each input, and calculate a score and a weighted score for each input category. The triggers also calculate an overall score and assign a Tier to the Model based on the overall score. The triggers are configured in registry settings and through weights and other values on Preference records of Type MRG. The triggers work in combination with the Model Tier Scorecard workflow to populate a summary of the most recent scorecard data on the parent Model.
To complete the assessment, the user answers questions about the model. The questions are in the categories of Regulatory, Operational, Complexity, and Materiality. Each customer determines the questions that are asked, the score and weighting assigned to each response, and the weighting assigned to each category. For three of the categories Yes/No questions are asked, for example: Does this model serve as an input to another model? For the Materiality category, the user enters a number based on your guidance.
