Your SlideShare is downloading. ×
RISK ASSESSMENT PROCESS


 RISK ASSESSMENT METHODOLOGY
and SELF ASSESSMENT




                     Orlando Moreno
       ...
Definition
Risk assessment is a step in a risk management process.
Risk assessment is the determination of quantitative or...
1. Risk Categories Identified

Four types of risk categories have been identified:

(i) People
     ♦ Failure of staff to ...
1. Risk Categories Identified

(iii) System
      ♦ Failure of application system to meet user requirements.
      ♦ Absen...
2. Assessing the risk in each product


• Identify 11 products to be assessed (Cash, ATM, Current Accounts, Savings
Accoun...
2. Assessing the risk in each product


• This is first achieved by averaging out the total loss exposure amount and
numbe...
3. Risk Quadrant

From the risk assessment, the risk categories (e.g. people risk) or the operational
processes (e.g. cash...
3. Risk Quadrant

                               Medium
Risk Quadrants Grid            Low Risk            High Risk


   ...
4. Control Self-Assessment

Finally, the Control Self Assessment questionnaires are formulated on the
high risk and medium...
Orlando Moreno
               omoreno@hotmail.com
               408.656.2498




408.656.2498       omoreno@hotmail.com  ...
Upcoming SlideShare
Loading in...5
×

Risk Assessment Methodology

3,631

Published on

RISK ASSESSMENT METHODOLOGY
and SELF ASSESSMENT

1 Comment
6 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,631
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
1
Likes
6
Embeds 0
No embeds

No notes for slide

Transcript of "Risk Assessment Methodology"

  1. 1. RISK ASSESSMENT PROCESS RISK ASSESSMENT METHODOLOGY and SELF ASSESSMENT Orlando Moreno omoreno@hotmail.com 408.656.2498
  2. 2. Definition Risk assessment is a step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). Quantitative risk assessment requires calculations of two components of risk: R , the magnitude of the potential loss L , and the probability p , that the loss will occur. Methods may differ whether it is about general financial decisions or environmental or public health risk assessment. 408.656.2498 omoreno@hotmail.com 2
  3. 3. 1. Risk Categories Identified Four types of risk categories have been identified: (i) People ♦ Failure of staff to comply with the procedures whether with the intention to commit fraud, oversight or negligence ♦ Non-familiarity of staff with the set guidelines and procedures ♦ Segregation on access to the computer system not observed or compromising on the staff password (ii) Process ♦ Process failure ♦ Inadequate controls in the operational processes 408.656.2498 omoreno@hotmail.com 3
  4. 4. 1. Risk Categories Identified (iii) System ♦ Failure of application system to meet user requirements. ♦ Absence of in-built control measures in the application system. (iv) External Party / Event ♦ Imposition/changes of policies by government regulatory bodies ♦ Unsatisfactory/Non-performance by out-sourced service providers ♦ Fraud by syndicates or customers ♦ Legal action taken by customers due to Bank’s negligence or fraud committed by internal staff 408.656.2498 omoreno@hotmail.com 4
  5. 5. 2. Assessing the risk in each product • Identify 11 products to be assessed (Cash, ATM, Current Accounts, Savings Account, Multi-Currency Account, Fixed Deposits, ASB Agency, Share Margin Financing, Accounts, Safe Deposit Box and Remittances). • Identify all the operational processes for each 11 SSO products. • Objective: For each operation process, analyse the magnitude of the risk impact (in terms of exposure loss amount) and likelihood (in terms of number of incidents) for each of the 4 risk categories from the GIA’s historical investigation database for the past three years (1998, 1999 and 2000). • The extent of risk impact/likelihood for each risk category is assigned with the magnitude of either High or Low. 408.656.2498 omoreno@hotmail.com 5
  6. 6. 2. Assessing the risk in each product • This is first achieved by averaging out the total loss exposure amount and number of incidents happened for a year to derive at a common median/average for each SSO product. • Secondly, a comparison of each operational processes of exposure loss amount / incident to the median will be done to derive the extent of risk. For e.g., if the exposure amount is higher than the calculated median, then the risk impact for that particular operation process is classify as high. • Similarly for comparison of each risk category can be done for the SSO product. Upon identifying the magnitude/extent of risk impact and likelihood for each risk categories / operational processes, the magnitude of each of the 4 risk categories / operational processes are mapped into a Risk Quadrant Grid. 408.656.2498 omoreno@hotmail.com 6
  7. 7. 3. Risk Quadrant From the risk assessment, the risk categories (e.g. people risk) or the operational processes (e.g. cash receipt/payment over the counter) are mapped into the Risk Quadrant Grid. The Grid is divided into the following four quadrants: Quadrant Risk Assessment (i) Significant Impact and High Likelihood - High Risk (ii) Significant Impact and Low Likelihood - Medium-High Risk (iii) Insignificant Impact and High Likelihood - Medium-Low Risk (iv) Insignificant Impact and Low Likelihood - Low Risk 408.656.2498 omoreno@hotmail.com 7
  8. 8. 3. Risk Quadrant Medium Risk Quadrants Grid Low Risk High Risk Insignificant Impact Significant Impact High Likelihood High Likelihood Insignificant Impact Significant Impact Low Likelihood Low Likelihood Low Risk Medium High Risk 408.656.2498 omoreno@hotmail.com 8
  9. 9. 4. Control Self-Assessment Finally, the Control Self Assessment questionnaires are formulated on the high risk and medium-high risk quadrants. Questions ? 408.656.2498 omoreno@hotmail.com 9
  10. 10. Orlando Moreno omoreno@hotmail.com 408.656.2498 408.656.2498 omoreno@hotmail.com 10

×