Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Risk Assessment Methodology


Published on


Risk Assessment Methodology

  2. 2. Definition Risk assessment is a step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). Quantitative risk assessment requires calculations of two components of risk: R , the magnitude of the potential loss L , and the probability p , that the loss will occur. Methods may differ whether it is about general financial decisions or environmental or public health risk assessment. 408.656.2498 2
  3. 3. 1. Risk Categories Identified Four types of risk categories have been identified: (i) People ♦ Failure of staff to comply with the procedures whether with the intention to commit fraud, oversight or negligence ♦ Non-familiarity of staff with the set guidelines and procedures ♦ Segregation on access to the computer system not observed or compromising on the staff password (ii) Process ♦ Process failure ♦ Inadequate controls in the operational processes 408.656.2498 3
  4. 4. 1. Risk Categories Identified (iii) System ♦ Failure of application system to meet user requirements. ♦ Absence of in-built control measures in the application system. (iv) External Party / Event ♦ Imposition/changes of policies by government regulatory bodies ♦ Unsatisfactory/Non-performance by out-sourced service providers ♦ Fraud by syndicates or customers ♦ Legal action taken by customers due to Bank’s negligence or fraud committed by internal staff 408.656.2498 4
  5. 5. 2. Assessing the risk in each product • Identify 11 products to be assessed (Cash, ATM, Current Accounts, Savings Account, Multi-Currency Account, Fixed Deposits, ASB Agency, Share Margin Financing, Accounts, Safe Deposit Box and Remittances). • Identify all the operational processes for each 11 SSO products. • Objective: For each operation process, analyse the magnitude of the risk impact (in terms of exposure loss amount) and likelihood (in terms of number of incidents) for each of the 4 risk categories from the GIA’s historical investigation database for the past three years (1998, 1999 and 2000). • The extent of risk impact/likelihood for each risk category is assigned with the magnitude of either High or Low. 408.656.2498 5
  6. 6. 2. Assessing the risk in each product • This is first achieved by averaging out the total loss exposure amount and number of incidents happened for a year to derive at a common median/average for each SSO product. • Secondly, a comparison of each operational processes of exposure loss amount / incident to the median will be done to derive the extent of risk. For e.g., if the exposure amount is higher than the calculated median, then the risk impact for that particular operation process is classify as high. • Similarly for comparison of each risk category can be done for the SSO product. Upon identifying the magnitude/extent of risk impact and likelihood for each risk categories / operational processes, the magnitude of each of the 4 risk categories / operational processes are mapped into a Risk Quadrant Grid. 408.656.2498 6
  7. 7. 3. Risk Quadrant From the risk assessment, the risk categories (e.g. people risk) or the operational processes (e.g. cash receipt/payment over the counter) are mapped into the Risk Quadrant Grid. The Grid is divided into the following four quadrants: Quadrant Risk Assessment (i) Significant Impact and High Likelihood - High Risk (ii) Significant Impact and Low Likelihood - Medium-High Risk (iii) Insignificant Impact and High Likelihood - Medium-Low Risk (iv) Insignificant Impact and Low Likelihood - Low Risk 408.656.2498 7
  8. 8. 3. Risk Quadrant Medium Risk Quadrants Grid Low Risk High Risk Insignificant Impact Significant Impact High Likelihood High Likelihood Insignificant Impact Significant Impact Low Likelihood Low Likelihood Low Risk Medium High Risk 408.656.2498 8
  9. 9. 4. Control Self-Assessment Finally, the Control Self Assessment questionnaires are formulated on the high risk and medium-high risk quadrants. Questions ? 408.656.2498 9
  10. 10. Orlando Moreno 408.656.2498 408.656.2498 10