4. Operational Risk
“The risk of loss resulting from
inadequate or failed
internal processes,
people and systems
or from external events.”
Source: Basel Committee
Page 4
5. Areas of Loss
Basel Committee’s
People Processes Systems External Events
Potential Areas of Loss
Internal Fraud Insider trading, employee theft
External Fraud Robbery, computer hacking
Employment Practices Discrimination, violation of organized
and Workplace Safety labor activities, safety violations
Clients, Products, and Negligent failure to meet a
Business Practices professional obligation
Damage to Natural
Physical Assets disaster, terrorism
Business Disruption
Hardware/software failures, utility outages
and System Failures
Execution, Delivery, and Data entry errors, incomplete legal documentation, incorrect
Process Management valuation, exceeding limits or controls , compliance violations
Page 5
6. Cost of Losses
Direct Costs Indirect Costs
Cost to fix: Internal Enhancement of controls
investment or payments to Preventative action
third-parties
System upgrades or
Write-downs: Loss or enhancement
impairment of assets
Process improvement
Resolutions: Correcting the
Lost or forgone revenue
consequences
Brand value loss
Public relations: Cost to
address loss with stakeholders
Page 6
8. Potential Loss – Dodd Frank Impact
The Edison Electric Institute recently
estimated that Dodd-Frank
mandates, which may require electric
utilities to post margin on over-the-
counter transactions, would have a
negative average annual cash flow
impact of $250-$400 million per
utility
Page 8
9. Potential Loss / Expense – Cyber Threats
In January 2012, US FBI director Robert
Mueller testified before the US Senate
Select Committee on Intelligence that
cyber threats, both espionage and
disruption, by both rogue hackers and
foreign governments, would surpass
terrorism as the country’s top concern
Page 9
10. Planning for Risk
Operational
Risk Capability
Requirements &
“Snapshot” Gap Analysis Roadmap
Impact
Page 10
11. Take a “Snapshot”
Requirements Gap
“Snapshot” Roadmap
& Impact Analysis
Accountability and oversight model
Supporting processes
Technology architecture
In-flight efforts
Page 11
12. Qualify the Impact
Requirements Gap
“Snapshot” Roadmap
& Impact Analysis
Business requirements
− Strategy
− Process
− Technology
− Capabilities
Pending regulation or market change
Risks to organization, process, and technology
Page 12
13. Map the Gaps
Gap
“Snapshot” Requirements Roadmap
Analysis
Approximate costs and potential benefits
Identify big opportunities and low hanging fruit
Prioritize gaps
Page 13
14. Plan Ahead
Gap
“Snapshot” Requirements Roadmap
Analysis
Develop enhancement strategy
Estimate budget
Develop business case
Develop implementation plan
Page 14
15. What Will Your Future Look Like?
Regulatory changes
Industry dynamics
Competitive pressures
Market volatility
Page 15
17. Appendix - Case Study Example
Communication Risk Assessment
Situation
The power merchant group within a global energy company
needed an executive-level view of operational
processes, with a focus on key nodes of communication
and potential risks due to outages of those nodes
Outcome
Detailed risk assessment
Risk heat map
Path forward
Page 17