Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Rm 11-1


Published on

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

Rm 11-1

  1. 1. Risk ManagementUniversity of Economics, Kraków, 2012 Tomasz Aleksandrowicz
  2. 2. operational risk management operational risk tools & techniques ORM in banking
  3. 3. operational risk• risk due to organisation operations• arising from execution of a companys business functions• operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events (Basel II)• it is not used to generate profit• to keep losses within limit (driven by risk appetite)
  4. 4. operational risk management• there is no one size fits all approach• operational risk is much harder to identify than market and credit risk
  5. 5. operational risk categories• broad concept focuses on people, processes and systems and external factors• more detailed approach under Basel II regulations: – Internal Fraud – External Fraud – Employment Practices and Workplace Safety – Clients, Products, & Business Practice – Damage to Physical Assets – Business Disruption & Systems Failures – Execution, Delivery, & Process Management
  6. 6. operational risk categories (II)• people - due to human error, loss of personnel and health and safety issues• process - due to business performance processes or projects as well as capacity and reporting matters• systems/technology - due to technical issues of systems, computers and equipment as well as data quality and security• external events - due to external factors, regulatory environment and natural hazards
  7. 7. ORM exercise choose your company list 2-3 risks with 4 categories:people, process, systems/technology, external events
  8. 8. people risk• Employee collusion/fraud• Employee error• Employee misdeed /crime• Employment law• Health and safety at work• Insufficient or lack of knowledge/skills• Loss of key personnel (key personel risk)
  9. 9. process risk• Accounting error• Capacity risk• Contract risk• Product complexity/ product flaws• Project risk• Reporting error• Settlement/payment error• Transaction error• Valuation error
  10. 10. technology risk• Data quality• Programming errors• Security breach• Strategic risks complexity (platform/suppliers)• System capacity• System compatibility• System delivery• System failure• System suitability
  11. 11. external risk• Legal / Regulatory• Money laundering• Outsourcing• Political• Supplier/Partner risk• Tax• Fire/Natural disaster• Theft/Robbery• Physical security (terrorism, vandalism)
  12. 12. ORM exercise 2 propose a solution formost common risks in each category
  13. 13. ORM tools & techniques• internal controls & audit• training & procedures• key risk indicators (KRI)• strategic diversification/outsourceing• insurance• hazard prevention - emergency management• business continuity planning (BCP)
  14. 14. KRI - Key Risk Indicators• metrics used to monitor identified risk exposures over time• measure used in management to indicate how risky an activity is• differs from a Key Performance Indicator (KPI) which is measure of how well something is being done• give us an early warning to identify potential risky event
  15. 15. KRI management• effective indicator selection: relevance, measurable, predictive• selection process approach: top-down or bottom-up• using composite or index indicators• indicator threshold and limits, escalation triggers• indicator trending and scale (green, amber, red)• reporting: level of reporting, frequency and presentation style
  16. 16. KRI examples• customer complaints volume• product return ratio• volume/value of products breakage• number of caught shoplifter / value of loss due to customer theft• staff turnover• staff sickness days• number of over-time hours utilized• number of data capture errors• number of virus or phishing attacks• number of server restart requested
  17. 17. ORM exercise 3 propose KRIfor most common risks in each category
  18. 18. BCP - business continuity planning• is a roadmap for continuing operations under extreme conditions• effective prevention and recovery for the organization• active preparation and planning for emergencies – critical (urgent) organization functions/ activities – non-critical (non-urgent) organization functions/ activities
  19. 19. BCP life-cycle
  20. 20. operational risk management industry example: banking three approaches to ORM
  21. 21. #1 Basic Indicator Approach• simplest operational risk measurement method• banks has to hold capital reserves for operational loss• average income gross income from previous 3 years times given percentage (alpha)• years with negative or zero income excluded• committee alpha percentage – 15% (represents industry average operational risk) 21
  22. 22. #2 Standardized Approach• more complex method of operational risk measurement• banks has to hold capital reserves for operational loss• three-year average across each of the business lines in each year times given percentage (beta) 22
  23. 23. Standardized Approach – beta factor 23
  24. 24. #3 Advanced Measurement Approach• comprehensive method based on bank’s internal operational risk measurement system• quantitative and qualitative criteria• subject of regulatory approval• minimum five-year observation period of internal loss data• external data could be used 24
  25. 25. Advanced Measurement Approach (II)• bank must be able to demonstrate that its approach captures even unlikely events• high-severity events must be subject of scenario analysis and use external data and expert advisory