Transcript Slide 1
Operational Risk Management & Compliance Officers Where are we now? Where are we going? Risk Management Framework (example) Governance Key indicators Identify risk and control indicators Specify risk appetite Action plans Risk & Control Assessment Identify risk Identify control and owner and owner Assess Assess design likelihood and and impact performance Action plans Modelling Reporting Losses Identify and Analyse loss capture internal and causes external losses Action plans Risk Management Framework (example) Governance Key indicators Identify risk and control indicators Specify risk appetite Action plans Risk & Control Assessment Identify risk Identify control and owner and owner Assess Assess design likelihood and and impact performance Action plans Modelling Reporting Losses Identify and Analyse loss capture internal and causes external losses Action plans Operational risk governance • • • • • • • A policy: to have or not to have? Who approves it? How do you disseminate it? Committees: Separate RM or ORM? What role does internal audit play? And the other control functions? And the business units? Risk and Control Assessment What are the main contents of a RCA? • Gross risk (likelihood and impact) • Owners of risks and controls • Controls (design and performance) • Action plans to enhance/add controls RCA (client example) Risk Factor Control Factor KRI Dashboard Risk Performance (client example) Current Level Performance Appetite Overall Risk Event Impact Prob. Actual KRI Trend Target KRI Better / (Worse) Actions / Summary Major Technology Infrastructure Failure H L No. of weeks free from severity 1 Failure = 7 +3 10 free weeks during year +3 No action required Breach of confidentiality M M Complaints received from Customers re alleged breach = 0 0 Zero material breaches of VIP customers’ / major corporate customers’ confidentiality 0 High potential for risk occurrence due to customer / client base Employee processing error L M Error reporting: -5 events -£4,000 loss +2 +1000 No more than 10 errors per quarter. No single event > £10,000 +5 (8000) No action required Internal Fraud M H No. of frauds over £10,000 Detected: 7 No. of these frauds committed: 4 Potential Loss: $300,000 Actual Loss: £65,000 +2 +2 +50000 Not more than 1 a month £10,000 acceptable (6) Action required, retrain staff, redesign processes *Chair of the Committee decides on overall rating for each risk event Rating* . Risk Management Framework (example) Governance Key indicators Identify risk and control indicators Specify risk appetite Action plans Risk & Control Assessment Identify risk Identify control and owner and owner Assess Assess design likelihood and and impact performance Action plans Modelling Reporting Losses Identify and Analyse loss capture internal and causes external losses Action plans Contact details Tony Blunden, Director, Head of Consulting Tel: +44 (0) 207 017 3086 Fax: +44 (0) 207 253 2516 Mob: +44 (0) 770 325 7480 E-mail: [email protected] www.chasecooper.com