Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment

2,706 views

Published on

NICSA Compliance and Risk Management Committee
April 2009

Published in: Economy & Finance
  • Be the first to comment

  • Be the first to like this

Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment

  1. 1. OPERATIONAL RISK Assessing and Mitigating Operational Risk in a Changing Environment NICSA Compliance and Risk Management Committee April 2009
  2. 2. ABSTRACT The business, legal, technological, and regulatory environment in which the mutual fund industry operates is increasingly dynamic. The identification and mitigation of operational risks in such an environment presents challenges for investment management firms in the industry and their service providers. NICSA’s Compliance and Risk Management Committee attempts to assist by categorizing, analyzing, and recommending the best practices in addressing these risks.
  3. 3. DEFINITION OPERATIONAL RISK The risk of direct or indirect loss resulting from inadequate or failed internal processes, controls, and systems, or from external events
  4. 4. BACKGROUND • The business, legal, technological, and regulatory environment in which the mutual fund industry operates is increasingly dynamic. • Clear articulation of the risks is necessary for the consistent application of risk management techniques across business lines. • Risk is "owned" by all employees of mutual fund investment management firms. • An effective risk management program does not require the elimination or even the exhaustive mitigation of operational risk.
  5. 5. DEFINITION GOAL Foster an environment and a process for the knowledgeable and comprehensive assessment and acceptance of risks posed by the internal processes, people, and systems of any enterprise in the mutual fund industry
  6. 6. DESIGNING AN OPERATIONAL RISK FRAMEWORK A RISK FRAMEWORK • Formalizes the identification, measurement, and reporting of operational risks • Provides an easy‐to‐use system of recording and reporting risk events and trends
  7. 7. IDENTIFYING EMERGING RISKS • Metrics that alert managers to potential risk exposures within a risk category • Must be measurable and well documented • Monitor the results over time Key Risk Indicators • Develop a continuous process to monitor changes in legislation, regulations, and industry practicesEnvironmental Scan • Consider developing consistent practices across the organization to capture and track incidents and events Issue / Incident / Event Tracking
  8. 8. IDENTIFYING EMERGING RISKS • Periodically review the risk assessment results to reflect changes in the organization, business process, and business environment Periodic Review of Risk Assessments • Include senior management in the periodic discussions Periodic Interviews of Management • Involve board members in discussions about risk from multiple perspectives Interaction with the Funds’ Board
  9. 9. RISK CONTROL ASSESSMENTS OF SERVICE PROVIDERS INTERNAL • Internal Audit • Periodic certifications from service providers • Results of due diligence meetings or due diligence questionnaires • Periodic meetings with management and compliance and operational personnel of service providers • Trend reporting regarding critical operational and compliance areas EXTERNAL • SAS-70 (now SSAE 16) Type I: Control assessment • SAS-70 (now SSAE 16) Type II: Control assessment plus testing
  10. 10. OTHER KEY COMPONENTS • Policies specify the requirements and obligations to be addressed • Procedures specify how the requirements are to be fulfilled Policies and Procedures • Standard framework, risk ratings, and common terms • Formal training plan • Communication plan Training and Communication • Periodic audit reviews • Testing Periodic Review
  11. 11. MORE INFORMATION Read the complete white paper on the NICSA website APPENDICES Risk Categories and Definitions Example Tools and Techniques for Risk Assessment Example Risk Assessment Template Risk Convergence
  12. 12. DISCLAIMER Although the techniques, tools, observations, thoughts, and conclusions contained in this white paper represent the best thoughts of the individuals comprising the NICSA Compliance and Risk Management Committee, they do not necessarily reflect the views of the National Investment Company Service Association or any of its member organizations. Similarly, although the matters addressed in this white paper relate to operational risk management within organizations, nothing herein is intended to be or should be construed as legal advice. You should contact your own counsel to get legal advice regarding this or any other matter. ©2009 NICSA – National Investment Company Service Association

×