Risk Assessment Methodology


Published on


1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Risk Assessment Methodology

  1. 1. RISK ASSESSMENT PROCESS RISK ASSESSMENT METHODOLOGY and SELF ASSESSMENT Orlando Moreno omoreno@hotmail.com 408.656.2498
  2. 2. Definition Risk assessment is a step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). Quantitative risk assessment requires calculations of two components of risk: R , the magnitude of the potential loss L , and the probability p , that the loss will occur. Methods may differ whether it is about general financial decisions or environmental or public health risk assessment. 408.656.2498 omoreno@hotmail.com 2
  3. 3. 1. Risk Categories Identified Four types of risk categories have been identified: (i) People ♦ Failure of staff to comply with the procedures whether with the intention to commit fraud, oversight or negligence ♦ Non-familiarity of staff with the set guidelines and procedures ♦ Segregation on access to the computer system not observed or compromising on the staff password (ii) Process ♦ Process failure ♦ Inadequate controls in the operational processes 408.656.2498 omoreno@hotmail.com 3
  4. 4. 1. Risk Categories Identified (iii) System ♦ Failure of application system to meet user requirements. ♦ Absence of in-built control measures in the application system. (iv) External Party / Event ♦ Imposition/changes of policies by government regulatory bodies ♦ Unsatisfactory/Non-performance by out-sourced service providers ♦ Fraud by syndicates or customers ♦ Legal action taken by customers due to Bank’s negligence or fraud committed by internal staff 408.656.2498 omoreno@hotmail.com 4
  5. 5. 2. Assessing the risk in each product • Identify 11 products to be assessed (Cash, ATM, Current Accounts, Savings Account, Multi-Currency Account, Fixed Deposits, ASB Agency, Share Margin Financing, Accounts, Safe Deposit Box and Remittances). • Identify all the operational processes for each 11 SSO products. • Objective: For each operation process, analyse the magnitude of the risk impact (in terms of exposure loss amount) and likelihood (in terms of number of incidents) for each of the 4 risk categories from the GIA’s historical investigation database for the past three years (1998, 1999 and 2000). • The extent of risk impact/likelihood for each risk category is assigned with the magnitude of either High or Low. 408.656.2498 omoreno@hotmail.com 5
  6. 6. 2. Assessing the risk in each product • This is first achieved by averaging out the total loss exposure amount and number of incidents happened for a year to derive at a common median/average for each SSO product. • Secondly, a comparison of each operational processes of exposure loss amount / incident to the median will be done to derive the extent of risk. For e.g., if the exposure amount is higher than the calculated median, then the risk impact for that particular operation process is classify as high. • Similarly for comparison of each risk category can be done for the SSO product. Upon identifying the magnitude/extent of risk impact and likelihood for each risk categories / operational processes, the magnitude of each of the 4 risk categories / operational processes are mapped into a Risk Quadrant Grid. 408.656.2498 omoreno@hotmail.com 6
  7. 7. 3. Risk Quadrant From the risk assessment, the risk categories (e.g. people risk) or the operational processes (e.g. cash receipt/payment over the counter) are mapped into the Risk Quadrant Grid. The Grid is divided into the following four quadrants: Quadrant Risk Assessment (i) Significant Impact and High Likelihood - High Risk (ii) Significant Impact and Low Likelihood - Medium-High Risk (iii) Insignificant Impact and High Likelihood - Medium-Low Risk (iv) Insignificant Impact and Low Likelihood - Low Risk 408.656.2498 omoreno@hotmail.com 7
  8. 8. 3. Risk Quadrant Medium Risk Quadrants Grid Low Risk High Risk Insignificant Impact Significant Impact High Likelihood High Likelihood Insignificant Impact Significant Impact Low Likelihood Low Likelihood Low Risk Medium High Risk 408.656.2498 omoreno@hotmail.com 8
  9. 9. 4. Control Self-Assessment Finally, the Control Self Assessment questionnaires are formulated on the high risk and medium-high risk quadrants. Questions ? 408.656.2498 omoreno@hotmail.com 9
  10. 10. Orlando Moreno omoreno@hotmail.com 408.656.2498 408.656.2498 omoreno@hotmail.com 10