Six Sigma is a mindset that ensures problems are approached with rationality and based on a scientific procedure. So why do some credit risk managers resist Six Sigma, even in organizations that embrace the methodology?

Arguments Against the Methodology in Risk

Here are the six most common concerns risk managers voice about Six Sigma and responses to them.

1. Six Sigma Adds Work to Projects: It is easy to assume that a project is required and so the Six Sigma methodology must be followed. But, not every decision is a Six Sigma project. For example, a decision has to be made about modifications to the credit bureau link due to regulatory changes. If there is only one option, then there is no point in going through the methodology. If there is no problem to solve, the methodology need not be used.

2. There’s Enough Analysis Going on: But is there paralysis of analysis? Credit risk analysis has never been better. However, much of what is produced is data rather than real information. It is natural to want to measure as much as possible. But, most times, less is more. Six Sigma helps risk managers discover the critical metrics. More about this later, in the examination of where Six Sigma fits into what the risk department does.

3. There Isn’t a Problem: Don’t wait for a problem, find one. At GE, employees are trained to not accept things the way they are, but to consider how they should be. For example, collections performance may be acceptable, but it can always be improved. This is not like the old “if it ain’t broke, don’t fix it” principle. The challenge is to find ways to improve the processes and solve the problems that have the biggest impact on the bottom line.

4. Six Sigma Requires a Cumbersome Project Team: Companies that have a Six Sigma program have a quality team comprised of Six Sigma experts known as Black Belts and Master Black Belts. Sometimes companies can mistakenly become more wrapped up in the structure rather than the methodology. The philosophy can be applied to everything risk managers do without the need for a formal structure involving quality experts outside the function. Credit risk people should have a scientific rigor to what they do. The principles of Six Sigma should be a natural part of their work.

5. The Concepts of Defects and DPMO Don’t Apply to Credit Risk: The term “Six Sigma” is derived from six standard deviations (sigma) from the mean. The normal probability of being further from the mean than Six Sigma is 0.0003 percent. In other words, the chance of an occurrence beyond this point is 300 times in a million outcomes, or, in Six Sigma terminology, 3.4 defects per million opportunities (DPMO). Not every problem involves errors and hence DPMO. However, it would be a mistake to assume that Six Sigma does not apply because of this.

6. Six Sigma Is Just About Improving Quality: While Six Sigma is primarily about improving the quality perceived by a customer from a process, this does not mean that the principles cannot be applied to improving credit quality or profitability. More generally, this could be re-labeled “critical to achieving our goal.” Rather than get hung up on Six Sigma terms like critical to quality (CTQ), think of them as mere labels that provide a common language.

Six Sigma in Credit Risk Management

Everything risk managers do can be viewed as being part of a Six Sigma project. This may be obvious for general projects, but it equally applies to scorecard tracking and portfolio monitoring. To demonstrate the stages of DMAIC (Define, Measure, Analyze, Improve, Control), here is a simple project: The risk manager has been asked to review underwriting with a view to improving the manual decisioning.

In the Define phase, the risk manager may gain agreement to the objective by defining the problem. The definition decided upon is: “To reduce the delinquency associated with manually underwritten applications.” At this stage, he also will determine what is within the scope of the project and what is outside the scope. For example: Which products are to be reviewed? Which systems? Can terms and conditions be changed? What parts of the system can be changed?

He next determines what can be measured and the source of data. An important part of this Measure phase is whether external data and information are available. He maps the process at a high level. In quality process terms, this is called COPIS analysis (customer, output, process, input, supplier). In this example, the supplier may be a retailer or dealer submitting the application form. In risk terms, the supplier may be the new business department which keys the applications.

The Input is the data received for the decision making and the Output is the decision made by the underwriter. The customer is the business – the objective of optimized profitability through high acceptance and low delinquency. Looking at the process followed by the underwriters – assessing the information, reviewing bureau records, requesting additional information, validating and checking information – provides the risk manager with an appreciation of the factors that are critical to the underwriter’s decision.

The additional information required is the subsequent performance of accounts to assess the quality of decisions. He also may request a bureau record (“credit referencing”) to infer the performance of rejected applications.

The Analysis phase is standard fare for the risk manager: What are the predictive variables? What are the correlations? Based on the analysis, the risk manager should be able to identify the factors that, when adjusted, produce the impact on the underwriting delinquency he is looking for.

Then, in the Improve phase, he considers a range of potential solutions and evaluates which will produce the best fit to the desired result. In this example, he identifies that the solution is to provide score boundaries and limits which the underwriters must operate within.

The solution is implemented in the Control phase. The risk manager also implements a feedback process – reports that monitor adherence to the rules and performance of the underwriters. However, this is where Six Sigma in credit risk differs. The risk manager will usually maintain a control environment where certain, randomly selected deals are underwritten “blind” of the score and rules. Solutions in risk management are rarely static, and risk managers strive to find the optimal solution. In total quality management (TQM) terminology, this is called continuous improvement. In Six Sigma, the concentration is on the Improve and Control phases

Figure 1 is how DMAIC is typically illustrated – a process from Define to Control. Figure 2 illustrates how risk management solutions rarely stop at Control. They continuously loop through the application of challenger solutions or strategies to Improve.

Of course the solution may uncover a further issue (e.g., the depth of the bureau records is not a fair reflection of an applicant’s liabilities). In that case, a new DMAIC process could be initiated.

Figure 1: The DMAIC Process
Figure 1: The DMAIC Process
Figure 2: The DMAIC Process for Risk Management
Figure 2: The DMAIC Process for Risk Management

Doing the Day-to-Day Job

If any of the things a risk manager does regularly do not fit into the pattern of a Six Sigma process, he should seriously ask himself why he is doing them.

Scorecard development is a straightforward project. However, before a risk manager starts the development, he should be asking what the objective is. Is it to increase automation, drive sales, drive balance growth, or reduce bad debts? In other words, the Define phase. Is there a problem or an entitlement issue? If there is not, the risk manager should question why he is planning to build a scorecard. The scorecard may be part of a solution. If the organization has a rolling scorecard development plan, the risk manager should ask himself what the benefits of a redevelopment will be. There could be better things to which resources could be applied. Not all new scorecards turn out to be better than their predecessors.

Champion/challenger testing is core to much of what risk managers do. This is part of the feedback loop between Control and Improve. Here the risk manager should be designing tests that will drive bottom line benefits. Quantify the potential impact. Use Pareto analysis to determine the most appropriate. Some lenders pride themselves on the number of challenger strategies they are running. However, high numbers of challengers usually means a lack of focus on what will be most significant. This is the solution stage where the objective is the benefits from the critical factors.

Portfolio monitoring is the feedback on a portfolio. Doing it in isolation of Six Sigma means a lack of focus; it can turn into reporting for the sake of reporting. The problem is that something might happen or be happening, and without a benchmark and understanding of the goal and the implications, an opportunity may be missed. Or worse, a looming disaster may not be identified.

So monitoring requires determination of the CTQ metric. Set a benchmark and identify significant variation. If a risk manager is monitoring something that is not a CTQ of a process, he is wasting time.


Six Sigma is a way of working. It brings rigor to problem-solving and insures that the business is focused on the processes and issues that drive the big benefits. While its origins and terminology are about delivering quality and customer focus, the methodology applies to all elements of business, none more so than in credit risk management. An organization that embraces Six Sigma relies on objectivity rather than subjectivity, statistics rather than gut-feel. Since credit risk management is primarily a science that relies on data, facts and analysis, Six Sigma is a perfect fit.

It is human nature to jump to conclusions and to find solutions before the problem is adequately identified. This can be true for risk managers who think they are working on the critical projects and analysis, but are not. Six Sigma insures that the right problem is addressed, the root cause is identified and the best solution is found and implemented. A risk manager who understands where he is in the Six Sigma process can eliminate unnecessary reporting and focus analysis on the critical factors and drivers that matter. He also can ensure that challenger strategies are appropriate – ones that will deliver the benefits rather than tweak insignificant edges.

Not only does Six Sigma provide a rigorous framework, it optimizes the use of those precious analytical resources in portfolio management, risk systems and processes, and credit policy and controls.

About the Author