2. Interest in Enterprise-wide Risk Assessments is
being driven by Financial & Economic Realities
ā¢ Global spotlight on risk and corporate governance
ā Sarbanes-Oxley Act of 2003 & COSO ERM Framework
ā¢ Increased involvement from the Audit Committee of the
Board of Directors with regard to risk management
ā NYSE listing requirements
ā¢ Capital adequacy requirements and the need for efficient
capital allocation
ā Basel Capital Accord
ā¢ Need for alternative risk solutions due to the current
insurance environment
ā¢ Maximizing shareholder value
ā¢ Sustaining a competitive advantage
2
3. Basel Committeeās Definition of Operational Risk
āThe risk of direct or indirect loss resulting from
inadequate or failed internal processes, people and
systems or from external eventsā
Operational risk can result in increased write-offs,
additional expenses or loss of revenue
3
4. Operational Risk Management &
Shareholder Value
Examples of how operational risk management
drives shareholder value?
ā¢ Improving operating efficiency and thus operating margins,
by identifying and prioritising process improvement and derisking opportunities
ā¢ Improving management effectiveness by enhancing the
governance structure
ā¢ Enabling more effective capital usage by introducing
processes to assess exposure & integrate this with an
economic capital model
ā¢ Protecting assets by reducing losses through improved risk
control environment and financing programme
ā¢ Enhanced organizational capabilities & subsequent
competitive positioning through continuous improvement
4
5. How to Reduce Operational Risks?
Understand Risks
ā¢ Benchmarking
ā¢ Scenario Analysis
ā¢ Key Risk Indicatorās (KRI)
De-Risking Operational Procedures
ā¢ Define, Measure, Analyze, Improve, & Control
Risk Finance & Transfer
ā¢ Mapping to Insurance Products
ā¢ Developing New Products
ā¢ Financing Retained Losses
ā¢ Transferring Risk to the Insurance & Capital Markets
5
6. Op Risk/Lean Six Sigma Linkage
Op Risk Needs
Six Sigma Can Provide
Identification of critical
processes and activities
Hierarchical, process view of
a business
Monitoring of key indicators
and warning of potential
problems
Process Management &
Control
Cure problems in existing
processes
Process Improvement via
DMAIC & Lean
Prevention of problems for
new processes
Process Design via DFSS
6
7. Six Sigma Defined
ā¢ A data driven approach to understanding and
eliminating process variation and defects
ā¢ Three, universal, methodologies for process
management
ā¢ A performance target of 3.4 defects per million
opportunities
7
8. Risk Management: How Can Six Sigma Help?
ā¢ Six Sigma provides three powerful methodologies
for:
ā Designing robust processes
ā Fixing broken processes
ā Controlling processes on an ongoing basis (i.e.,
keeping them from decaying and producing errors)
8
9. Risk Management: How Can Six Sigma Help?
ā¢ Designing robust processes:
ā A structured methodology, DFSS (Design for Six
Sigma), assures that:
ā¢ New processes have high capability (satisfy customers
and produce low defects) right from the start
ā¢ New processes are designed to minimize the risk of
failure
9
10. Risk Management: How Can Six Sigma Help?
ā¢ Fixing broken processes:
ā A structured methodology, DMAIC (Define,
Measure, Analyse, Improve, Control):
ā¢ Uses powerful statistical (and non-statistical) tools to
locate and eliminate the root causes of otherwise
intractable problems
ā¢ Focuses on removal and prevention of defects
ā¢ Reduces process variability
10
11. Risk Management: How Can Six Sigma Help?
ā¢ Controlling processes, so that their behavior is
predictable (within limits). Six Sigma provides:
ā Special tools and techniques including a framework:
ā¢ For measuring and judging process variation
ā¢ For detecting special causes
ā¢ To providing early warning of process changes
ā The ability to calculate Process Sigma, an index of
process performance
11
12. Companies Pursue Six Sigma to ā¦
ā¢ Accommodate customer demands
ā¢ Drive out waste, cycle time and variability
ā¢ Direct improvement resource to the most significant
opportunities
ā¢ Establish a standard improvement methodology
ā¢ Develop leaders
ā¢ Reduce risk
ā¢ Grow the top-line
ā¢ Implement business strategy
ā¢ Increase product reliability
ā¢ Initiate cultural change
ā¢ Accelerate improvement
12
13. Sigma is a Measure of
Process Capability
Performance
boundary
Sigma DPMO
1
2
3
4
5
6
680,000
298,000
67,000
6,000
400
3.4
Requirement
4
2
Process
performance
5
6
3
1
Six Sigma is a level of process capability such
that less than 3.4 ādefectsā are produced for
every million opportunities.
13
14. Estimating the Benefits of Six Sigma
Sigma Level
Defects Per Million
Cost of Quality
3
66,807
20-30% of Sales
4
6,210
15-20% of Sales
5
233
10-15% of Sales
6
3.4
< 10% of Sales
Harry, Mikel J., Six Sigma: A Breakthrough Strategy for Profitability, Quality Progress, May 1998
14
15. Process Sigma Advantages
The Sigma Scale provides a common metric for comparison
The Sigma Scale provides a common metric for comparison
that includes the customer requirement and the degree of
that includes the customer requirement and the degree of
variation. Addresses multiple occurrences.
variation. Addresses multiple occurrences.
PROCESS
PERFORMANCE
Call servicing
32 seconds ASA vs goal of 35
Billing
98% accuracy, on time, right location
Accounts Receivable 33 days average aging vs goal of 40
Customer Service
82% rated 4 or 5 responsiveness
15
16. The Antecedents of Six Sigma
ā¢ Six Sigma is the latest and most powerful in a long
line of process management and process
improvement methods, e.g.:
ā
ā
ā
ā
Guilds
The Scientific Method
Quality Circles
TQM
ā¢ Six Sigma has built on these ideas and added
powerful tools
ā¢ It is specially useful for transactional processes
16
17. Sound Practices in
Operational Risk Management
Principle 1
The board of directors should be aware of the major aspects
of the bankās operational risks as a distinct risk category that
should be managed, and it should approve and periodically
review the bankās operational risk management framework.
The framework should provide a firm-wide definition of
operational risk and lay down the principles of how
operational risk is to be identified, assessed, monitored,
and controlled/mitigated.
Source: Sound Practices for the Management & Supervision
of Operational Risk (Basel Committee ā July 2002)
17
18. Sound Practices in
Operational Risk Management
Principle 2
The board of directors should ensure that the bankās
operational risk management framework is subject to
effective and comprehensive internal audit by
operationally independent, appropriately trained and
competent staff. The internal audit function should not be
directly responsible for operational risk management.
Source: Sound Practices for the Management & Supervision
of Operational Risk (Basel Committee ā July 2002)
18
19. Sound Practices in
Operational Risk Management
Principle 3
Senior management should have responsibility for implementing
the operational risk management framework approved by the
board of directors. The framework should be implemented
throughout the whole banking organization, and all levels of staff
should understand their responsibilities with respect to
operational risk management. Senior management should
also have responsibility for developing policies, processes
and procedures for managing operational risk in all of the
bankās products, activities, processes and systems.
Source: Sound Practices for the Management & Supervision
of Operational Risk (Basel Committee ā July 2002)
19
20. Sound Practices in
Operational Risk Management
Principle 4
Banks should identify and assess the operational risk
inherent in all material products, activities, processes
and systems. Banks should also ensure that before
new products, activities, processes and systems are
introduced or undertaken, the operational risk
inherent in them is subject to adequate assessment
procedures.
Source: Sound Practices for the Management & Supervision
of Operational Risk (Basel Committee ā July 2002)
20
21. Sound Practices in
Operational Risk Management
Principle 5
Banks should implement a process to regularly monitor
operational risk profiles and material exposure to
losses. There should be regular reporting of pertinent
information to senior management and the board of
directors that supports the proactive management of
operational risk.
Source: Sound Practices for the Management & Supervision
of Operational Risk (Basel Committee ā July 2002)
21
22. The 6Ļ Process
Key Risk Indicators
(Dashboards)
Establish
Controls
Operational Risk
Assessment & Analysis
Project
Selection
Measurement
System Validation
SIPOC
New
Process
Capability
New Process
Pilot
Capability
Baseline
IMPROVE
Measurement
System Validation
New Policies
& Procedures
Process
Specifications
Process Risk
Mapping
Confirm
Impact
Correlation
Analysis
Identify Key
Risk Drivers
22
23. Monitoring & Updating
SP
C
An
a
ly
si
s
&
E
&
C
Li
n
es
ļ¼
ļ¼
es
s
Co
nt
Ca
pa
ro
l
bi
lit
y
ss
Ch
ar
ts
pi
ng
ap
M
ļ¼
Pr
oc
e
A
RI
M
Risk Solutions
ļ¼
ļ¼
ļ¼
ļ¼
Operational Risk Definition & Analysis
us
in
Risk Profiling
ļ¼
ļ¼
ļ¼
B
Quantification & Modelling
ļ¼
ļ¼
ļ¼
ļ¼
1
Identification & Risk Mapping
ļ¼
ļ¼
ļ¼
ļ¼
Le
ve
l
Creating Management Awareness
An
al
ys
i
s
Operational Risk
Management
Framework
O
Level 2 & Activity Groups
Mapping 6Ļ to Operational Risk Framework
Natural Linkage to Operational Risk Management Framework
ā¢ā¢Natural Linkage to Operational Risk Management Framework
Operates at Level 1, Level 2 and Activity Group Level (All Business Lines)
ā¢ā¢Operates at Level 1, Level 2 and Activity Group Level (All Business Lines)
Linked to All Products, Activities, Processes, and Systems
ā¢ā¢Linked to All Products, Activities, Processes, and Systems
DMAIC Employed to Improve Existing Policies, Procedures, and
ā¢ā¢DMAIC Employed to Improve Existing Policies, Procedures, and
Processesā¦.DFSS Leveraged to Design New Ones
Processesā¦.DFSS Leveraged to Design New Ones
24. Operational Risk Management Using 6Ļ
Operational Risk Internal Measurement Analysis (ORIMA)
Business Line
Probability
Risk
of Loss
(Exposure
Event (PE)
Indicator - EI)
Loss
Given
Event
Occurs
(LGE)
Expected
Loss (EL)
Potential Risk
Factors
Potential Failure
Effects
Potential
Causes
Current
Controls
1 Corporate Finance
-
-
-
-
0.50
0.10
100
5.00
2
Trading and Sales
-
-
-
-
-
-
-
-
3
Retail Banking
-
-
-
-
-
-
-
-
4
Commercial Banking
-
-
-
-
-
-
-
-
5
Payment and Settlement
-
-
-
-
-
-
6
Agency Services
-
-
-
-
7
Asset Management
-
-
-
-
8
Retail Brokerage
-
-
-
-
Business Line Description
Six Sigma Focus
ā¢ Identify Risks
ā¢ Describe Outcome of Failure
ā¢ Determine Cause & -Effect ā¢ Evaluate Current Controls
ORIMA Drills-Down From Top Level
ORIMA Drills-Down From Top Level
Business Line to the Processes
Business Line to the Processes
Within Each Activity Group
Within Each Activity Group
Expected
Loss Factors
24
25. Operational Risk Management Using 6Ļ
Methods
Operational Risk Internal Measurement Analysis (ORIMA)
Expected
Loss (EL)
0.10
100
5.00
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Potential
Causes
Current
Controls
1 Corporate Finance
-
-
-
-
0.50
2
Trading and Sales
-
-
-
-
3
Retail Banking
-
-
-
-
4
Commercial Banking
-
-
-
5
Payment and Settlement
-
-
6
Agency Services
-
-
7
Asset Management
-
8
Retail Brokerage
-
Business Line Description
Key Risk Indicators
(Dashboards)
Establish
Controls
Operational Risk
Assessment & Analysis
Processor Review
Measurement System
Validation
Disclosures
Application
SIPOC
New Process
Capability
Create approval letter
Capability
Baseline
New Process
Pilot
Fast Loan
Approval
IMPROVE
Measurement
System Validation
# of loan processors
Process Risk
Mapping
Confirm
Internet capability
Identify Key
Impact
Correlation
Process Capability Analysis for Risk Drivers CT_
Approval
Enter in
System
Loan
Approval
Notify Bank &
Customer
Prepare
Documents
Pareto Chart for Loan Amount
120.000
*
LSL
Mean
Sample N
StDev (Within)
StDev (Overall)
Approve Loan
Amount
*
98.126
530
19.2991
19.5817
Within
Disperse
Funds
Regression Plot
30
50
70
90
+ 1327.06 pH**2
Pp
PPU
PPL
Ppk
*
R-Sq(adj)Observed Performance
= 40.0 %
PPM < LSL
*
PPM
Quadratic > UB
Model
*
*
60
200
40
20
0
Cpm PLT.YLD. = 68371.0 -*19042.9 pH
150
300
100
*
*
Overall R-Sq = 42.5 %
Capability
S = 18.7123
80
400
PPM Total
*
133962.26
133962.26
110
130
Exp. "Within" Performance
PPM < LSL
*
PPM > UB
PPM Total
*
*
150
100
I Chart for Approval
170
Exp. "Overall" Performance
PPM < LSL
*
PPM 150
> UB
PPM Total
Individual Value
Enter in
System
PLT.YLD.
Customer
Signs
Paperwork
100
500
Overall
Potential (Within) Capability
Cp
*
CPU
*
CPL
Cpk
Environment
UB
Upper Bound
Target
YES
Machine
Analysis
Notify Bank
Manager &
CustomerProcess Data
C oun t
Review
Application
Defect
Count
Percent
Cum %
0
1
<$
60
254
47.9
47.9
,0 0
0
$1
60
100
Mean=98.13
1
0
7.1
7.2
0 -$
164
30.9
78.9
50
pH
,00
UCL=156.0
*
*
50
7.0
# of underwriters
Remote Printing
Credit Score
Process
Specifications
NO
Easy to understand instructions
Loan amount
Manager approval
Project
Selection
New Policies &
Procedures
Receive Loan
Application
Material
-
-
Potential Failure
Effects
100
200
300
400
500
Observation Number
The Discipline and Its Approach,
The Discipline and Its Approach,
Combined With a Rich Set of Analysis
Combined With a Rich Set of Analysis
Tools, Makes Six Sigma a Perfect Fit
Tools, Makes Six Sigma a Perfect Fit
for Operational Risk Management
for Operational Risk Management
LCL=40.23
19
9 ,0
00
$2
,00
00
29
0-$
53
10.0
88.9
9 ,0
01
0
$3
0 ,0
00
-$ 4
38
7.2
96.0
99
,00
2
e rs
Oth
21
4.0
100.0
P ercen t
Loss
Given
Event
Occurs
(LGE)
Business Line
Probability
Risk
of Loss
(Exposure
Event (PE)
Indicator - EI)
Potential Risk
Factors
26. A Way Forward
Outside In or Inside Out
ā¢ Outside In:
1. Review statistics for comparable businesses and identify risk
by type
2. Identify the processes that lie behind the risk (hierarchy)
3. Perform risk analysis on the key processes (FMEA)
4. Identify key measures inside and outside of the process
5. Collect data
6. Monitor, using dashboards and control charts. Search for
signals
7. Take action as required (DMAIC, Lean, DFSS or other)
26
27. A Way Forward
ā¢ Inside Out:
1. Inventory all processes
2. Identify those presenting the greatest risk
3. Identify the sub-processes that lie behind the risk (process
hierarchy)
4. Perform risk analysis on the key processes and subprocesses (FMEA)
5. Identify key measures inside and outside of the process
6. Collect data
7. Monitor, using dashboards and control charts. Search for
signals
8. Take action as required (DMAIC, Lean, DFSS or other)
27
<number>
ERM is becoming a very important issues for a variety of reasons:
It is proven that The Street rewards companies with consistent earning by placing a premium on their stock price.
Corporate governance initiatives are being implemented in virtually every major country
Efficient allocation of capital is one way for companies to improve top and bottom-line growth, thereby, working to maximize shareholder value.
We can use ERM to create a competitive advantage for our clients.
<number>
In the mid-1980ās, Motorola was the initial developer of Six Sigma. Most credit the late Bill Smith, a senior engineer and scientist within Motorola, for inventing Six Sigma. In the past 15 years, Six Sigma has evolved from a focus on process improvement using statistical tools to a comprehensive framework for managing a business. DMAIC (Define, Measure, Analyze, Improve, Control) provides a structure for addressing problems.
<number>
<number>
<number>
Six Sigma provides powerful tools for identifying, assessing, monitoring, & controlling operational risk.
Risk assessment matrices
The Six Sigma approach ensures that procedures are well documented and measurable, providing an environment that facilitates internal audits.
Six Sigmaās rigorous approach enables senior management to develop policies, processes, and procedures that are well-defined, documented, and measurable.
Six Sigma provides powerful tools for identifying, assessing, monitoring, & controlling operational risk for both existing and planned products, activities, processes, and systems.
Six Sigma demands regular monitoring as well as the implementation of process controls to reduce operational risk.