This document defines risk as the effect of uncertainty on objectives. It discusses the likelihood and impact of risks and how risks can be adverse, positive, or related to technical problems. It then discusses enterprise risk management in the context of a banking industry, covering strategic risks, operational risks, financial risks, compliance risks, and provides an example of evaluating the risk of an IT system failure at a Jordanian bank.
7. In a Banking Industry
Bank
Strategy
Operations
ReputationCompliance
Financial
8. Strategic Risks
is risk related to the Business long term plan
(strategic plan) implementation and to obtaining
the high-level goals that are aligned with it in
supporting the organization's objectives.
• Competition; Uncertainty about identifying potential
future markets
• Regulatory and political trends; uncertainty about
regulatory changes, political instability; Terrorism , War,
Strikes
9. In a Banking Industry
Bank
Strategy
Operations
ReputationCompliance
Financial
10. operational Risks
“the risk of loss resulting from inadequate or
failed business processes, people and systems or
from external events”
• Business operations (e.g. human resources, product
development, supply chain).
• Empowerment (e.g. leadership, change readiness).
• Information technology (e.g. relevance, availability).
• information/ Business reporting (eg budgeting and
planning, accounting information,etc)
11. In a Banking Industry
Bank
Strategy
Operations
ReputationCompliance
Financial
12. Financial Risks
• Credit Risk “the risk that there will be a failure by customer/client to
repay the principal and/or interest on a loan or other outstanding
debt in a timely manner, or at all”
• Market Risk “the risk that the value of investments may decline
over a period, simply because of economic changes or other events
that impact large portions of the market”
• Price (e.g. asset value, foreign exchange)
• related to how the company monitors the credits and debtors
and how they determine the credit period.
• Inflation/Purchasing power
13. In a Banking Industry
Bank
Strategy
Operations
ReputationCompliance
Financial
14. Compliance Risk
• Legal or Compliance Risks are those risks of
loss because of legal compliance issues.
• company‘s violations to other companies‘
rights
• fulfilling contracts legal requirements
• meeting legislation and compliance
requirements.
15.
16. Banking IT System failure
• Origin of risk: Operational Risk
• Type of Risk: Hazard ( Pure ) risk
• Risk Evaluation:
Risk = Impact * Likelihood
17. IT System failure likelihood
• Likelihood: Evaluation (when dealing with objective risk) or judgment
(when dealing with subjective risk), regarding the chances of a risk
materializing, sometimes referred to as ‘probability.
• The likelihood of a total IT system failure risk to materialize in a Jordanian
bank industry is very low; for it never happened in the last 10 years ….
• So according to the following it can be evaluated as degree 1 likelihood
risk
18. IT System failure likelihood
Estimation Description Indicators
High = 3
(Probable)
Likely to occur each year or
more than 25% chance of
occurrence
Potential of it occurring several
times within the time period (eg
10 years). Has occurred recently
Medium = 2
(Possible)
Likely to occur in a 10 year
time period of less than 25%
chance of occurrence
Could occur more than once
within the time period (eg - 10
years). Could be difficult to
control due to some external
influences. Is there a history of
occurrence?
Low = 1
(Remote)
Not likely to occur in a 10 year
period of less than 2% chance
of occurrence
Has not occurred.
Unlikely to occur.
19. Banking IT System failure
• Origin of risk: Operational Risk
• Type of Risk: Hazard ( Pure ) risk
• Risk Evaluation:
– Low probability risk = 1
– ?? Impact
Risk = Impact * Likelihood
20. IT System failure Impact
• Impact: The degree of the risk consequences severity expressed in
– social, economic, political or environmental aspects.
– Operational, strategic, financial, legal and stakeholders disruption
• The Impact of a total IT system failure risk if materialized is:
total banking Operational disruption
Stakeholders anxiety
Reputational Risk
• Such impact is most suitable to a Medium impact level as shown in the
table next ….
21. IT System failure impact
High = 3 Financial impact on the organisation is likely to exceed £1,000,000
Significant impact on the organisation’s strategy or operational activities
Significant stakeholder concern
Medium
= 2
Financial impact on the organisation is likely to be between £1,000,000 and £
100,000
Moderate impact on the organisation’s strategy or operational activities
Moderate stakeholder concern
Low =1 Financial impact on the organisation is likely to be less than £100,000
Low impact on the organisation’s strategy or operational activities
Low stakeholder concern
22. Banking IT System failure
• Origin of risk: Operational Risk
• Type of Risk: Hazard ( Pure ) risk
• Risk Evaluation:
– Low probability risk = 1
– Meduim Impact = 2
Risk = Impact * Likelihood
R = 2 * 1
25. Risks of Banking IT System failure
• According to the previously explained
evaluation of total IT system failure risk. Such
risk can be described as unacceptable risk
(4/9) that needs to be controlled and treated
within the in house organizational resources
(House keeping risk).