SlideShare a Scribd company logo

Rm 11-1

Download as PPTX, PDF
T
tomkacy
BusinessEconomy & Finance
1 of 25
Risk Management University of Economics, Kraków, 2012 Tomasz Aleksandrowicz
operational risk management operational risk tools & techniques ORM in banking
operational risk • risk due to organisation operations • arising from execution of a company's business functions • operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events (Basel II) • it is not used to generate profit • to keep losses within limit (driven by risk appetite)
operational risk management • there is no one size fits all approach • operational risk is much harder to identify than market and credit risk
operational risk categories • broad concept focuses on people, processes and systems and external factors • more detailed approach under Basel II regulations: – Internal Fraud – External Fraud – Employment Practices and Workplace Safety – Clients, Products, & Business Practice – Damage to Physical Assets – Business Disruption & Systems Failures – Execution, Delivery, & Process Management
operational risk categories (II) • people - due to human error, loss of personnel and health and safety issues • process - due to business performance processes or projects as well as capacity and reporting matters • systems/technology - due to technical issues of systems, computers and equipment as well as data quality and security • external events - due to external factors, regulatory environment and natural hazards
ORM exercise choose your company list 2-3 risks with 4 categories: people, process, systems/technology, external events
people risk • Employee collusion/fraud • Employee error • Employee misdeed /crime • Employment law • Health and safety at work • Insufficient or lack of knowledge/skills • Loss of key personnel (key personel risk)
process risk • Accounting error • Capacity risk • Contract risk • Product complexity/ product flaws • Project risk • Reporting error • Settlement/payment error • Transaction error • Valuation error
technology risk • Data quality • Programming errors • Security breach • Strategic risks complexity (platform/suppliers) • System capacity • System compatibility • System delivery • System failure • System suitability
external risk • Legal / Regulatory • Money laundering • Outsourcing • Political • Supplier/Partner risk • Tax • Fire/Natural disaster • Theft/Robbery • Physical security (terrorism, vandalism)
ORM exercise 2 propose a solution for most common risks in each category
ORM tools & techniques • internal controls & audit • training & procedures • key risk indicators (KRI) • strategic diversification/outsourceing • insurance • hazard prevention - emergency management • business continuity planning (BCP)
KRI - Key Risk Indicators • metrics used to monitor identified risk exposures over time • measure used in management to indicate how risky an activity is • differs from a Key Performance Indicator (KPI) which is measure of how well something is being done • give us an early warning to identify potential risky event
KRI management • effective indicator selection: relevance, measurable, predictive • selection process approach: top-down or bottom-up • using composite or index indicators • indicator threshold and limits, escalation triggers • indicator trending and scale (green, amber, red) • reporting: level of reporting, frequency and presentation style
KRI examples • customer complaints volume • product return ratio • volume/value of products breakage • number of caught shoplifter / value of loss due to customer theft • staff turnover • staff sickness days • number of over-time hours utilized • number of data capture errors • number of virus or phishing attacks • number of server restart requested
ORM exercise 3 propose KRI for most common risks in each category
BCP - business continuity planning • is a roadmap for continuing operations under extreme conditions • effective prevention and recovery for the organization • active preparation and planning for emergencies – critical (urgent) organization functions/ activities – non-critical (non-urgent) organization functions/ activities
BCP life-cycle
operational risk management industry example: banking three approaches to ORM
#1 Basic Indicator Approach • simplest operational risk measurement method • banks has to hold capital reserves for operational loss • average income gross income from previous 3 years times given percentage (alpha) • years with negative or zero income excluded • committee alpha percentage – 15% (represents industry average operational risk) 21
#2 Standardized Approach • more complex method of operational risk measurement • banks has to hold capital reserves for operational loss • three-year average across each of the business lines in each year times given percentage (beta) 22
Standardized Approach – beta factor 23
#3 Advanced Measurement Approach • comprehensive method based on bank’s internal operational risk measurement system • quantitative and qualitative criteria • subject of regulatory approval • minimum five-year observation period of internal loss data • external data could be used 24
Advanced Measurement Approach (II) • bank must be able to demonstrate that its approach captures even unlikely events • high-severity events must be subject of scenario analysis and use external data and expert advisory

Recommended

Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized EnvironmentDr. Sushil Bansode
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Rm 11
Rm 11Rm 11
Rm 11tomkacy
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Cissp business continuity planning
Cissp business continuity planning Cissp business continuity planning
Cissp business continuity planning N N
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-PracticesMarco Raposo
 

Recommended

Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized EnvironmentDr. Sushil Bansode
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Rm 11
Rm 11Rm 11
Rm 11tomkacy
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Cissp business continuity planning
Cissp business continuity planning Cissp business continuity planning
Cissp business continuity planning N N
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-PracticesMarco Raposo
 
IT General Controls
IT General ControlsIT General Controls
IT General ControlsCicero Ray Rufino
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
Compliance
ComplianceCompliance
CompliancePriyank Hada
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1Cheng Olayvar
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCPKarthikeyan Dhayalan
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1 Ismail aboulezz
 
Electronics recycling webinar final presentation
Electronics recycling webinar final presentationElectronics recycling webinar final presentation
Electronics recycling webinar final presentationNimonik
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit ViewPLN9 Security Services Pvt. Ltd.
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)Corporate Registers Forum
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Yasir Khan
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Rm 03
Rm 03Rm 03
Rm 03tomkacy
 
Kri Library Proposal India
Kri Library Proposal IndiaKri Library Proposal India
Kri Library Proposal IndiaRahul Bhan (CA, CIA, MBA)
 

More Related Content

What's hot

Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1Cheng Olayvar
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Electronics recycling webinar final presentation
Electronics recycling webinar final presentationElectronics recycling webinar final presentation
Electronics recycling webinar final presentationNimonik
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Yasir Khan
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 

What's hot (20)

IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
Compliance
ComplianceCompliance
Compliance
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCP
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1
 
Electronics recycling webinar final presentation
Electronics recycling webinar final presentationElectronics recycling webinar final presentation
Electronics recycling webinar final presentation
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 

Viewers also liked

Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
创意玩具拆卸报告 胡斌
创意玩具拆卸报告 胡斌创意玩具拆卸报告 胡斌
创意玩具拆卸报告 胡斌zust
 
Rppfiqihkelas7mtskurtilasedisirevisi 141126084558-conversion-gate01
Rppfiqihkelas7mtskurtilasedisirevisi 141126084558-conversion-gate01Rppfiqihkelas7mtskurtilasedisirevisi 141126084558-conversion-gate01
Rppfiqihkelas7mtskurtilasedisirevisi 141126084558-conversion-gate01Andre Milanisti
 
Tech290
Tech290Tech290
Tech290Zac
 
20100706 tanea nbusiness-interview
20100706 tanea nbusiness-interview20100706 tanea nbusiness-interview
20100706 tanea nbusiness-interviewDimitris Tsingos
 
PISA-test
PISA-test PISA-test
PISA-test Grete
 
หลักสูตรการพัฒนาประสิทธิภาพการนำเสนอสินค้า
หลักสูตรการพัฒนาประสิทธิภาพการนำเสนอสินค้าหลักสูตรการพัฒนาประสิทธิภาพการนำเสนอสินค้า
หลักสูตรการพัฒนาประสิทธิภาพการนำเสนอสินค้าPik Lertsavetpong
 
Lezione Informatica Giuridica Avanzata del 18/3/2011
Lezione Informatica Giuridica Avanzata del 18/3/2011Lezione Informatica Giuridica Avanzata del 18/3/2011
Lezione Informatica Giuridica Avanzata del 18/3/2011Council of Europe
 
FDC Ban - What's Right and What's Wrong?
FDC Ban - What's Right and What's Wrong?FDC Ban - What's Right and What's Wrong?
FDC Ban - What's Right and What's Wrong?Anup Soans
 
Six degrees of separation
Six degrees of separationSix degrees of separation
Six degrees of separationJennifer Marten
 

Viewers also liked (20)

Rm 03
Rm 03Rm 03
Rm 03
 
Kri Library Proposal India
Kri Library Proposal IndiaKri Library Proposal India
Kri Library Proposal India
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Areas
AreasAreas
Areas
 
创意玩具拆卸报告 胡斌
创意玩具拆卸报告 胡斌创意玩具拆卸报告 胡斌
创意玩具拆卸报告 胡斌
 
Rppfiqihkelas7mtskurtilasedisirevisi 141126084558-conversion-gate01
Rppfiqihkelas7mtskurtilasedisirevisi 141126084558-conversion-gate01Rppfiqihkelas7mtskurtilasedisirevisi 141126084558-conversion-gate01
Rppfiqihkelas7mtskurtilasedisirevisi 141126084558-conversion-gate01
 
Tech290
Tech290Tech290
Tech290
 
Smart Service@KKU Library
Smart Service@KKU LibrarySmart Service@KKU Library
Smart Service@KKU Library
 
Rails Security
Rails SecurityRails Security
Rails Security
 
Re emphasizing awareness & education
Re emphasizing awareness & educationRe emphasizing awareness & education
Re emphasizing awareness & education
 
G20 YES2011 Communique
G20 YES2011 Communique G20 YES2011 Communique
G20 YES2011 Communique
 
20100706 tanea nbusiness-interview
20100706 tanea nbusiness-interview20100706 tanea nbusiness-interview
20100706 tanea nbusiness-interview
 
PISA-test
PISA-test PISA-test
PISA-test
 
หลักสูตรการพัฒนาประสิทธิภาพการนำเสนอสินค้า
หลักสูตรการพัฒนาประสิทธิภาพการนำเสนอสินค้าหลักสูตรการพัฒนาประสิทธิภาพการนำเสนอสินค้า
หลักสูตรการพัฒนาประสิทธิภาพการนำเสนอสินค้า
 
元件、實體和元件庫
元件、實體和元件庫元件、實體和元件庫
元件、實體和元件庫
 
Brand blog
Brand blogBrand blog
Brand blog
 
Lezione Informatica Giuridica Avanzata del 18/3/2011
Lezione Informatica Giuridica Avanzata del 18/3/2011Lezione Informatica Giuridica Avanzata del 18/3/2011
Lezione Informatica Giuridica Avanzata del 18/3/2011
 
FDC Ban - What's Right and What's Wrong?
FDC Ban - What's Right and What's Wrong?FDC Ban - What's Right and What's Wrong?
FDC Ban - What's Right and What's Wrong?
 
Six degrees of separation
Six degrees of separationSix degrees of separation
Six degrees of separation
 

Similar to Rm 11-1

Information Security Risk Management and Compliance.pptx
Information Security Risk Management and Compliance.pptxInformation Security Risk Management and Compliance.pptx
Information Security Risk Management and Compliance.pptxAbraraw Zerfu
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionMichael Marshall, PE
 
Operational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasOperational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasTreat Risk
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptxdotco
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileVijayananda Mohire
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)Sam Bowne
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientAccenture Operations
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2 Jayant Dalvi
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
Risk mgmt key to security certifications v2
Risk mgmt key to security certifications v2Risk mgmt key to security certifications v2
Risk mgmt key to security certifications v2Jorge Sebastiao
 
CNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk ManagementCNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk ManagementSam Bowne
 
CNIT 160 4b: Security Program Management (Part 2)
CNIT 160 4b: Security Program Management (Part 2)CNIT 160 4b: Security Program Management (Part 2)
CNIT 160 4b: Security Program Management (Part 2)Sam Bowne
 
Ch 3a: Risk Management Concepts
Ch 3a: Risk Management ConceptsCh 3a: Risk Management Concepts
Ch 3a: Risk Management ConceptsSam Bowne
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideAstalapulosListestos
 

Similar to Rm 11-1 (20)

Information Security Risk Management and Compliance.pptx
Information Security Risk Management and Compliance.pptxInformation Security Risk Management and Compliance.pptx
Information Security Risk Management and Compliance.pptx
 
Rm 12
Rm 12Rm 12
Rm 12
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss Prevention
 
Operational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasOperational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvas
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk Management
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobile
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2
 
File000170
File000170File000170
File000170
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Risk mgmt key to security certifications v2
Risk mgmt key to security certifications v2Risk mgmt key to security certifications v2
Risk mgmt key to security certifications v2
 
CNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk ManagementCNIT 160: Ch 3d: Operational Risk Management
CNIT 160: Ch 3d: Operational Risk Management
 
CNIT 160 4b: Security Program Management (Part 2)
CNIT 160 4b: Security Program Management (Part 2)CNIT 160 4b: Security Program Management (Part 2)
CNIT 160 4b: Security Program Management (Part 2)
 
Ch 3a: Risk Management Concepts
Ch 3a: Risk Management ConceptsCh 3a: Risk Management Concepts
Ch 3a: Risk Management Concepts
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
 

More from tomkacy

Rm 09-v1
Rm 09-v1Rm 09-v1
Rm 09-v1tomkacy
 
Rm 07-v1
Rm 07-v1Rm 07-v1
Rm 07-v1tomkacy
 
Rm 07-v1
Rm 07-v1Rm 07-v1
Rm 07-v1tomkacy
 
Rm 06-v2
Rm 06-v2Rm 06-v2
Rm 06-v2tomkacy
 
Rm 05-v2
Rm 05-v2Rm 05-v2
Rm 05-v2tomkacy
 
Rm 03-v1
Rm 03-v1Rm 03-v1
Rm 03-v1tomkacy
 
Rm 02 v2
Rm 02 v2Rm 02 v2
Rm 02 v2tomkacy
 
Rm 01-last
Rm 01-lastRm 01-last
Rm 01-lasttomkacy
 
Rm 01-last
Rm 01-lastRm 01-last
Rm 01-lasttomkacy
 

More from tomkacy (18)

Rm 10-2
Rm 10-2Rm 10-2
Rm 10-2
 
Rm 10
Rm 10Rm 10
Rm 10
 
Rm 09-v1
Rm 09-v1Rm 09-v1
Rm 09-v1
 
Rm 09
Rm 09Rm 09
Rm 09
 
Rm 8-1
Rm 8-1Rm 8-1
Rm 8-1
 
Rm 8
Rm 8Rm 8
Rm 8
 
Rm 07-v1
Rm 07-v1Rm 07-v1
Rm 07-v1
 
Rm 07-v1
Rm 07-v1Rm 07-v1
Rm 07-v1
 
Rm 06-v2
Rm 06-v2Rm 06-v2
Rm 06-v2
 
Rm 06
Rm 06Rm 06
Rm 06
 
Rm 05-v2
Rm 05-v2Rm 05-v2
Rm 05-v2
 
Rm 05
Rm 05Rm 05
Rm 05
 
Rm 03-v1
Rm 03-v1Rm 03-v1
Rm 03-v1
 
Rm 02 v2
Rm 02 v2Rm 02 v2
Rm 02 v2
 
Rm 02
Rm 02Rm 02
Rm 02
 
Rm 01-last
Rm 01-lastRm 01-last
Rm 01-last
 
Rm 01-last
Rm 01-lastRm 01-last
Rm 01-last
 
Rm 01
Rm 01Rm 01
Rm 01
 

Recently uploaded

8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedKaiNexus
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...lizamodels9
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 

Recently uploaded (20)

8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 

Rm 11-1

  • 1. Risk Management University of Economics, Kraków, 2012 Tomasz Aleksandrowicz
  • 2. operational risk management operational risk tools & techniques ORM in banking
  • 3. operational risk • risk due to organisation operations • arising from execution of a company's business functions • operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events (Basel II) • it is not used to generate profit • to keep losses within limit (driven by risk appetite)
  • 4. operational risk management • there is no one size fits all approach • operational risk is much harder to identify than market and credit risk
  • 5. operational risk categories • broad concept focuses on people, processes and systems and external factors • more detailed approach under Basel II regulations: – Internal Fraud – External Fraud – Employment Practices and Workplace Safety – Clients, Products, & Business Practice – Damage to Physical Assets – Business Disruption & Systems Failures – Execution, Delivery, & Process Management
  • 6. operational risk categories (II) • people - due to human error, loss of personnel and health and safety issues • process - due to business performance processes or projects as well as capacity and reporting matters • systems/technology - due to technical issues of systems, computers and equipment as well as data quality and security • external events - due to external factors, regulatory environment and natural hazards
  • 7. ORM exercise choose your company list 2-3 risks with 4 categories: people, process, systems/technology, external events
  • 8. people risk • Employee collusion/fraud • Employee error • Employee misdeed /crime • Employment law • Health and safety at work • Insufficient or lack of knowledge/skills • Loss of key personnel (key personel risk)
  • 9. process risk • Accounting error • Capacity risk • Contract risk • Product complexity/ product flaws • Project risk • Reporting error • Settlement/payment error • Transaction error • Valuation error
  • 10. technology risk • Data quality • Programming errors • Security breach • Strategic risks complexity (platform/suppliers) • System capacity • System compatibility • System delivery • System failure • System suitability
  • 11. external risk • Legal / Regulatory • Money laundering • Outsourcing • Political • Supplier/Partner risk • Tax • Fire/Natural disaster • Theft/Robbery • Physical security (terrorism, vandalism)
  • 12. ORM exercise 2 propose a solution for most common risks in each category
  • 13. ORM tools & techniques • internal controls & audit • training & procedures • key risk indicators (KRI) • strategic diversification/outsourceing • insurance • hazard prevention - emergency management • business continuity planning (BCP)
  • 14. KRI - Key Risk Indicators • metrics used to monitor identified risk exposures over time • measure used in management to indicate how risky an activity is • differs from a Key Performance Indicator (KPI) which is measure of how well something is being done • give us an early warning to identify potential risky event
  • 15. KRI management • effective indicator selection: relevance, measurable, predictive • selection process approach: top-down or bottom-up • using composite or index indicators • indicator threshold and limits, escalation triggers • indicator trending and scale (green, amber, red) • reporting: level of reporting, frequency and presentation style
  • 16. KRI examples • customer complaints volume • product return ratio • volume/value of products breakage • number of caught shoplifter / value of loss due to customer theft • staff turnover • staff sickness days • number of over-time hours utilized • number of data capture errors • number of virus or phishing attacks • number of server restart requested
  • 17. ORM exercise 3 propose KRI for most common risks in each category
  • 18. BCP - business continuity planning • is a roadmap for continuing operations under extreme conditions • effective prevention and recovery for the organization • active preparation and planning for emergencies – critical (urgent) organization functions/ activities – non-critical (non-urgent) organization functions/ activities
  • 20. operational risk management industry example: banking three approaches to ORM
  • 21. #1 Basic Indicator Approach • simplest operational risk measurement method • banks has to hold capital reserves for operational loss • average income gross income from previous 3 years times given percentage (alpha) • years with negative or zero income excluded • committee alpha percentage – 15% (represents industry average operational risk) 21
  • 22. #2 Standardized Approach • more complex method of operational risk measurement • banks has to hold capital reserves for operational loss • three-year average across each of the business lines in each year times given percentage (beta) 22
  • 23. Standardized Approach – beta factor 23
  • 24. #3 Advanced Measurement Approach • comprehensive method based on bank’s internal operational risk measurement system • quantitative and qualitative criteria • subject of regulatory approval • minimum five-year observation period of internal loss data • external data could be used 24
  • 25. Advanced Measurement Approach (II) • bank must be able to demonstrate that its approach captures even unlikely events • high-severity events must be subject of scenario analysis and use external data and expert advisory