SlideShare uma empresa Scribd logo

Operational risk: the new frontier

Michel Rochette
Michel Rochette
NegóciosEconomia e finanças
1 de 6
Baixar para ler offline
34 CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 tNEW FRONTIER PERATIONAL RISK MANAGEMENT is becoming a major component of a well-structured corporate governance framework that starts at the board level and drills down to the dif- ferent business units. Like the whole field of risk management, it’s more than a calculation of an economic capital requirement, more than satisfying a regulator, and more than just buying an insurance policy to hedge it. Operational risk management aims at identifying, assessing, and managing risk proactively. Managing risk in this way improves the organization’s transparency and adds shareholder value by increasing operational efficiency, reducing direct and indirect losses, better allocating economic capital, and protecting the firm’s reputation. Recently, the whole financial sector, including many insurance companies, has been subject to enhanced regulatory oversight. Some companies have had to pay huge fines to settle investigations. These fines reflect operational risk incidents that should have been better managed up-front. BY MICHEL ROCHETTE O P E R AT I O N A L R I S K Operational Risk Defined In the past few years, the banking and investment worlds have agreed to define operational risk as the risk of loss resulting from inadequate or failed inter- nal processes, people and systems, or from external events. This definition includes legal and compliance risk, but it excludes the financial consequences of business or strategic decisions. In the insurance world, an agreed-upon defini- tion doesn’t exist yet. A recent paper by the Solvency Working Party of the International Actuarial Associa- tion Insurance Regulation Committee has proposed a definition similar to that used in the banking world but has classified risks somewhat differently. It has created two categories of risks, a more re- strictive operational risk and another category called event risk, including, in particular, legal and disas- ter risks. The committee created these two smaller categories to recognize that while firms can control operational risk, they normally can’t control event risk, though they can hedge against it by using new approaches such as business continuity planning. The Risk Assessment Working Group of the NAIC has devised its own definition, which reads: “Opera- tional problems such as inadequate information sys- tems, breaches in internal controls, fraud, or unfore- seen catastrophes will result in unexpected losses.” Compared with the definitions used in the rest of the financial community, the NAIC’s seems narrower. Thus, though it’s possible to classify operational risk in many different ways, the insurance industry should consider aligning its definition closer to the one used elsewhere. Actuaries would be in a stronger position to develop a common expertise with the rest of the financial community and be able to communicate with other risk professionals on common ground. A New Governance Paradigm To be effective and credible, any operational risk management framework must be independent of the existing business management structure. There must be checks and balances in the framework and clear segregation of duties. The risk governance framework the financial com- munity has implemented to satisfy these requirements is composed of different constituents. First, the board ILLUSTRATIONBYROBJOHNSON O ENTERPRISE RISK AVISORY Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 35 Operational risk is the new frontier in the enterprise risk management framework, and actuaries, individually and as a profession, are well suited to lead the way. of directors sets up an enterprise risk management committee that oversees the risk management process within the organiza- tion. They’re supported daily by a dedicated risk management unit. In larger firms, risk members may also be present within the business units and report to the risk management unit. The audit group, which reports directly to the board, is com- plementary to the risk management framework. It focuses more on the effectiveness of the control environment. A separate com- pliance group centralizes all internal and external compliance matters, such as laws, regulations, and actuarial standards. Contrary to the banking industry, where this framework ex- ists in more than 80 percent of internationally active banks, most insurance companies have not fully implemented this kind of risk management framework. They seem to rely more on ac- tuaries as their de facto risk managers. This can be an effective framework as long as the role of actuaries is well defined and includes a clear segregation of duties between management and risk responsibilities. Above is an example of an operational risk group’s respon- sibilities: Responsibilities of an Operational Risk Group Develop operational risk policies and internal standards. Coordinate risk and control self- assessment by business units. Follow action plans. Describe and model processes: reserving, underwriting, investment. Test scenarios of process failures. Involvement in Sarbanes-Oxley. Evaluate risk from outsourcing operations, reinsurance in the case of insurance. Choose, develop, implement, maintain operational risk technology. Conceive forward-looking key risk indicators and relate to internal losses. Develop and implement a firm- wide operational loss database of operational incidents. Model potential losses by appropriate methods and tools: frequency, severity, recovery. Develop new metrics to value operational risk exposure and effectiveness of controls. Coordinate business continuity planning in case of severe business disruption. Calculate economic capital, risk tolerance, and allocation. Develop/review strategies to hedge operational risk: corporate insurance, public operational hedging programs, risk derivatives, pooling arrangements, captives. Report on exposures, exceptions, financial values. Evaluate the operational risks of new operations, new products, new ventures. Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
38 CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 Operational Risk Tolerance Once a definition has been agreed upon, a governance frame- work has been set up, and roles and responsibilities have been clearly delimited, the organization must define its tolerance to operational risk. The risk tolerance will determine management responses to this risk. An organization should also be transpar- ent about its financial communications. Actuaries, with their financial background, are in a better position than other professionals to help management set an appropriate quantitative operational risk tolerance. They can evaluate different risk profiles in relation to the economic capi- tal of the firm, and propose management responses accordingly. This is similar to an efficient frontier analysis in finance. Other professionals usually limit their analysis to one di- mension, and they express their risk tolerance in qualitative terms. For example, accountants usually talk in terms of rea- sonable assurance or residual risk while Six Sigma professionals target zero defects in processes. Sarbanes-Oxley personnel try to function within the requirements of the remote likelihood of a material misstatement. The following matrix is an example of such an analysis and possible management responses to operational risk. Internal and External Operational Data An integral part of evaluating operational risk is the gather- ing of data from different sources. Data can come from self- assessments by experts, internal or external historic loss data, or scenarios based on other companies’ incidents. In this context, an actuary is well positioned to help the organization gather, interpret, and use these data. Operational Risk Decision Matrix Risk metric Management decisions Low frequency/Low impact Assume Cost of doing business Low frequency/High impact Transfer ®Insurance/catastrophic ins. ®Business continuity plans High frequency/Low impact Control ®Policies, procedures, controls, limits ®Cost/benefit analysis High frequency/High impact Eliminate ®Exit strategy, outsource Distribution of Individual Loss Events by Type Type of level 1 risk Types of level 2 risk % of number of losses % of value of losses Examples for an insurance company Internal fraud Unauthorized activity - theft & fraud 3.31% 7.23% Rogue agent/broker External fraud ® Theft & fraud ® Systems security 41.95% 15.54% Fraudulent insurance claims Employment practices & workplace safety ® Employee relations ® Safe environment ® Diversity & discrimination 8.53% 6.75% Inadequate work conditions (workers’ comp as a hedge) Clients/products/business practices ® Suitability ® Improper business ® Product flaws ® Model flaws ® Advisory activity flaws/ errors 7.17% 13.13% ® Vanishing premium sales illustrations ® Variable annuity mispricing ® Finite reinsurance ® Market timing in VA products Damage to physical assets ® Disasters ® Other events 1.4% 24.28% Natural/man-made catastrophe (cat. insurance as a hedge) Business disruption & system failures ® Systems 1.14% 2.73% ®Y2K ® System spaghetti ® Network Execution, delivery, & process management ® Transaction capture ® Monitor & report ® Trade counterparts ® Process errors ® Vendors & suppliers 35.08% 29.41% ® Underwriting errors ® Policy claims errors ® Reserving ® Reinsurance Source: Operational Risk Data Collection Exercise, Basel Committee on Banking Supervision, 2002 Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
40 CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 Qualitative Methods Methods Applications Limitations Percentage of use by major banks Type of method Risk control self-assessment (RCSA) ®Identify and assess risk ®Determine effectiveness of controls at the business-unit level ®Serve as a basis for future action plans (threshold triggers) ®Emphasize management responsibility ®Robustness of approach is incentive to downplay risk ®Lack of complete objectivity by managers ®Time consuming 65% Bottom-up. A pure risk assessment done by the audit department would be top- down. Process mapping ®Useful to describe processes and their vulnerabilities ®Identify gaps in the processes ®Prerequisite for other approaches such as expert system ®Difficult to make them dynamic, although some engineering software exists but isn’t adapted to financial institutions ®Time consuming 38% Top-down Risk indicators ®Help measure and monitor status and progress of operational risk ®Easily obtainable as long as they remain generic ®Can be used as a means to allocate capital ®Can be used to trigger escalation procedures ®More objective, daily updates ®Difficult to identify suitable indicators in relation to risk ®Risk Management Association has a special project underway for banks and insurance cos. 33% Top-down Risk/Control Score Card ®Obtain a score to evaluate risk and control effectiveness ®Can be tracked over time ®Score based on the assessment of experts ®Can be made more quantitative, like underwriting in insurance 10% Bottom-up Six Sigma/ Quality Methods/ ISO/ COBIT/Insurance Market Place Standards Association (IMSA) ®Useful to improve transactional processes ®Used in project management ®Very concrete in terms of attaining specific improvement in processes ®Can help show value to the organization ®Six Sigma was developed for manufacturing firms; it is more difficult to implement in financial institutions. N/A ®GE Financial/Bank of America have implemented Six Sigma. ®IMSA equivalent to ISO for life, annuity, LTC sales process Bottom-up COSO ®Used to identify and monitor controls in organizations ®One possible framework for Sarbanes-Oxley (Sections 302 and 404) on financial certification ®Similar to RCSA ®Major focus on controls and procedures only ®Has an auditing bias ®COSO II has a risk component. All U.S. firms required to submit public reports to the SEC Bottom-up Actuaries, with their financial background, are in a better position than other professionals to help management set an appropriate quantitative operational risk tolerance . Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 41 Also, data will make management more sensitive to the is- sue of operational risk and motivate staff to implement better controls to reduce risk. Data can also be used to model future losses and allocate economic capital. The previous tables give an indication of the types of internal operational risk incidents that a financial organization can be exposed to. They are based on a study done for the banking industry, and some examples of similar events for an insurance company were added in each category. Also, a summary of the major intercompany operational loss databases is shown above. Assessing and Managing Operational Risk Actuaries are well positioned to contribute positively to the development and implementation of the many qualitative and quantitative operational risk methods. The choice of a particular set of methods and tools will depend on the financial institution’s overall philosophy, the ob- jectives of the operational risk policy, the availability of people to implement them, time, budget, operational constraints, and regulatory requirements. In fact, we observe that a majority of financial institutions are implementing a group of methods within their institutions. Qualitative methods, as the name implies, are based on the knowledge of experts within the organization. Contrary to fi- nancial and insurance risks that are based on observed and somewhat objective values, major aspects of operational risk lie in the heads of the people involved. Even for actuaries who are naturally oriented toward numbers, the U.K. Institute of Actuaries recognized it and phrased it elegantly According to a report of the Operational Risk Working Party of the U.K. Institute of Actuaries, August 2002, “The most con- centrated source of information on operational risk within an organization is likely to be found in the heads of management. External Intercompany Databases Database Level of losses recorded U.K. British Bankers Association $50,000 U.S. retail $100,000 U.S for commercial Italy’s DIPO 5,000 euros Operational Risk Exchange 20,000 euros AON OpBase No minimum Fitch Database $1,000,000 U.S. SAS OpRisk Global Data $1,000,000 U.S. Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
42 CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 It is important to mine this information to provide context and calibration to the more objective loss databases. ... This process can add value in building a consensus on the risks and risk tolerances of the business.” On the quantitative side, financial institutions are enhanc- ing their loss modeling using extreme-value loss distributions and generating scenarios. Some of these methods are listed in the chart below. Conclusion Operational risk is becoming more prevalent in the financial community due to both regulatory requirements and enhanced new corporate governance initiatives. In the banking field, the Basel II Capital Accord has created an incentive to move forward. In the insurance field, similar initiatives are underway, such as the NAIC’s proposed risk regu- latory framework, Europe’s Solvency II project, and the United Kingdom’s Integrated Prudential SourceBook. Financial institutions are also implementing operational risk frameworks in order to benchmark themselves with best practices; to satisfy increased pressure from their shareholders, regulators, and rating agencies; and to re- spond proactively to recent scandals in order to reduce their future recurrence. Actuaries should be part of the development of this new risk management field, in part because of its similarities to insurance expertise. However, contrary to traditional actuarial work, actuaries must be willing to work with a diverse group of people, be imaginative in adapting existing insurance ap- proaches to this new environment, and be willing to learn and enhance their tool set, in particular, the more qualitative operational risk approaches. ● MICHEL ROCHETTE is an actuary specializing in risk management for CDP Capital in Montreal, Quebec, Canada. Quantitative Methods Methods Applications Limitations Percentage of actual/ proposed use by major banks Type of method Parametric loss distributions/EVT distributions ® Can be used for low/high frequency and low/high severity. ® Model economic and regulatory capital ® Risk-adjusted return calculation ® Estimations of hedges ® Can be used to allocate capital ® If bottom-up, double counting, and substantial data required ®Difficult to use with diversification effects ®If top-down, difficult to allocate ®Validation process difficult so far ® More difficult to make it forward-looking ® Need to integrate control and action plans score into the modeling 80% Especially for the implementation of Basel II Advanced Measurement Approach (AMA) Bottom-up Top-down scenarios ® Complement loss distributions ® Forward-looking ® Reflect control environment ® Subjective ® Relies on external events as indications of problems 50% Bottom-up/ top-down Casual network/ system dynamic/ expert system/ fuzzy logic ®Depicts cause-and-effect relationship ® Simulates changes in the business profile ® Helps test mitigation strategies ® Involves internal experts ® Difficult to implement if many processes exist ® Doesn’t work for new business lines ® Doesn’t capture extreme events ® Long set-up time N/A Bottom-up Others: ® Activity-based ® Regression of past losses ® Estimates based on the level of activity ® Simple to calculate ® Objective ® Not a measure of risk ® Need to estimate ratios based on losses ® One of the allowed approaches under Basel II (Basic Indicator and Standardized) Top-down Contrary to traditional actuarial work, actuaries must be willing to work with a diverse group of people, be imaginative in adapting existing insurance approaches to this new environment, and be willing to learn and enhance their tool set. Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).

Recomendados

the many hats of a midmarket cfo
the many hats of a midmarket cfothe many hats of a midmarket cfo
the many hats of a midmarket cfo
Megan M. Brooks, ARM
 
Risk Health Check
Risk Health CheckRisk Health Check
Risk Health Check
Ljuba Bogdanovich
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
WolfPAC - Integrated Risk Management
 
McLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalMcLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_final
Vamsi Srinivas
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
alygale
 
Risk Management Frameworks
Risk Management FrameworksRisk Management Frameworks
Risk Management Frameworks
Daniel Kapellmann Zafra
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
Tim Leech
 
CRO Insight
CRO InsightCRO Insight
CRO Insight
Mike Wilkinson
 

Recomendados

the many hats of a midmarket cfo
the many hats of a midmarket cfothe many hats of a midmarket cfo
the many hats of a midmarket cfo
Megan M. Brooks, ARM
 
Risk Health Check
Risk Health CheckRisk Health Check
Risk Health Check
Ljuba Bogdanovich
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
WolfPAC - Integrated Risk Management
 
McLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalMcLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_final
Vamsi Srinivas
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
alygale
 
Risk Management Frameworks
Risk Management FrameworksRisk Management Frameworks
Risk Management Frameworks
Daniel Kapellmann Zafra
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
Tim Leech
 
CRO Insight
CRO InsightCRO Insight
CRO Insight
Mike Wilkinson
 
Risk management
Risk managementRisk management
Risk management
kartikganga
 
Risk management - Alan Bardwell
Risk management - Alan BardwellRisk management - Alan Bardwell
Risk management - Alan Bardwell
Azure Group
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management
QuarterlyEarningsReports2
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
deeptica
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
H Contrex
 
Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for Bankers
David Vu
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
Colleen Beck-Domanico
 
Enterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practiceEnterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practice
Segun Ogunwale
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunningham
David Cunningham
 
Control Risks-ERM-whitepaper
Control Risks-ERM-whitepaperControl Risks-ERM-whitepaper
Control Risks-ERM-whitepaper
Nadav Davidai, CBCP GRCP
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
Anu Damodaran
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
Dion K Hamilton
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
GAURAV SHARMA
 
How to assess risk for a company
How to assess risk for a companyHow to assess risk for a company
How to assess risk for a company
OECDglobal
 
Operation risk management in Private Equity firms
Operation risk management in Private Equity firmsOperation risk management in Private Equity firms
Operation risk management in Private Equity firms
Joseph Kariuki
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
MHM (Mayer Hoffman McCann P.C.)
 
TJOresume01142017
TJOresume01142017TJOresume01142017
TJOresume01142017
Tom O'Dowd
 
The U_S_ Federal Crop Insurance Program
The U_S_ Federal Crop Insurance ProgramThe U_S_ Federal Crop Insurance Program
The U_S_ Federal Crop Insurance Program
James Callan
 
MLF2016-17 Profile book
MLF2016-17 Profile bookMLF2016-17 Profile book
MLF2016-17 Profile book
Theodora Koutentaki
 
Tdt disaster recovery
Tdt disaster recoveryTdt disaster recovery
Tdt disaster recovery
Pungky6
 

Mais conteúdo relacionado

Mais procurados

Risk management - Alan Bardwell
Risk management - Alan BardwellRisk management - Alan Bardwell
Risk management - Alan Bardwell
Azure Group
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management
QuarterlyEarningsReports2
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
deeptica
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunningham
David Cunningham
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
Anu Damodaran
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
Dion K Hamilton
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
GAURAV SHARMA
 

Mais procurados (18)

Risk management
Risk managementRisk management
Risk management
 
Risk management - Alan Bardwell
Risk management - Alan BardwellRisk management - Alan Bardwell
Risk management - Alan Bardwell
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
 
Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for Bankers
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
 
Enterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practiceEnterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practice
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunningham
 
Control Risks-ERM-whitepaper
Control Risks-ERM-whitepaperControl Risks-ERM-whitepaper
Control Risks-ERM-whitepaper
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
How to assess risk for a company
How to assess risk for a companyHow to assess risk for a company
How to assess risk for a company
 
Operation risk management in Private Equity firms
Operation risk management in Private Equity firmsOperation risk management in Private Equity firms
Operation risk management in Private Equity firms
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
 

Destaque

TJOresume01142017
TJOresume01142017TJOresume01142017
TJOresume01142017
Tom O'Dowd
 
The U_S_ Federal Crop Insurance Program
The U_S_ Federal Crop Insurance ProgramThe U_S_ Federal Crop Insurance Program
The U_S_ Federal Crop Insurance Program
James Callan
 
Tdt disaster recovery
Tdt disaster recoveryTdt disaster recovery
Tdt disaster recovery
Pungky6
 
Portfolio - Dorthy Pautz Landscape Architect
Portfolio - Dorthy Pautz Landscape ArchitectPortfolio - Dorthy Pautz Landscape Architect
Portfolio - Dorthy Pautz Landscape Architect
Dorthy Pautz
 
Deutsche Telekom Q1/13 Results
Deutsche Telekom Q1/13 ResultsDeutsche Telekom Q1/13 Results
Deutsche Telekom Q1/13 Results
Deutsche Telekom
 
YOUTH SAFETY ON A LIVING INTERNET
YOUTH SAFETY ON A LIVING INTERNETYOUTH SAFETY ON A LIVING INTERNET
YOUTH SAFETY ON A LIVING INTERNET
Boni
 
Jan 2017 Newsletter
Jan 2017 NewsletterJan 2017 Newsletter
Jan 2017 Newsletter
Lou LoFranco
 
Resume for Accountant - CPA
Resume for Accountant - CPAResume for Accountant - CPA
Resume for Accountant - CPA
Saju Thomas
 
Deutsche Telekom Q3/13 Results
Deutsche Telekom Q3/13 ResultsDeutsche Telekom Q3/13 Results
Deutsche Telekom Q3/13 Results
Deutsche Telekom
 
CMW - Dec14JanFeb15
CMW - Dec14JanFeb15CMW - Dec14JanFeb15
CMW - Dec14JanFeb15
Crystal Nutt
 
Howard Bolnick Resume - short
Howard Bolnick Resume - shortHoward Bolnick Resume - short
Howard Bolnick Resume - short
Howard Bolnick
 
Rhytidectomy (face lift) surgery
Rhytidectomy (face lift) surgeryRhytidectomy (face lift) surgery
Rhytidectomy (face lift) surgery
Jacob Bensen
 

Destaque (20)

TJOresume01142017
TJOresume01142017TJOresume01142017
TJOresume01142017
 
The U_S_ Federal Crop Insurance Program
The U_S_ Federal Crop Insurance ProgramThe U_S_ Federal Crop Insurance Program
The U_S_ Federal Crop Insurance Program
 
MLF2016-17 Profile book
MLF2016-17 Profile bookMLF2016-17 Profile book
MLF2016-17 Profile book
 
Tdt disaster recovery
Tdt disaster recoveryTdt disaster recovery
Tdt disaster recovery
 
Portfolio - Dorthy Pautz Landscape Architect
Portfolio - Dorthy Pautz Landscape ArchitectPortfolio - Dorthy Pautz Landscape Architect
Portfolio - Dorthy Pautz Landscape Architect
 
Chinese Tourist Facilitators, Interpreters & Escorts
Chinese Tourist Facilitators, Interpreters & EscortsChinese Tourist Facilitators, Interpreters & Escorts
Chinese Tourist Facilitators, Interpreters & Escorts
 
Doctors are consumers too
Doctors are consumers tooDoctors are consumers too
Doctors are consumers too
 
Deutsche Telekom Q1/13 Results
Deutsche Telekom Q1/13 ResultsDeutsche Telekom Q1/13 Results
Deutsche Telekom Q1/13 Results
 
Tort Reform
Tort ReformTort Reform
Tort Reform
 
New Mexico 2014 Organic Farming Conference
New Mexico 2014 Organic Farming ConferenceNew Mexico 2014 Organic Farming Conference
New Mexico 2014 Organic Farming Conference
 
YOUTH SAFETY ON A LIVING INTERNET
YOUTH SAFETY ON A LIVING INTERNETYOUTH SAFETY ON A LIVING INTERNET
YOUTH SAFETY ON A LIVING INTERNET
 
Jan 2017 Newsletter
Jan 2017 NewsletterJan 2017 Newsletter
Jan 2017 Newsletter
 
Agricultural subsidies
Agricultural subsidiesAgricultural subsidies
Agricultural subsidies
 
Resume for Accountant - CPA
Resume for Accountant - CPAResume for Accountant - CPA
Resume for Accountant - CPA
 
Deutsche Telekom Q3/13 Results
Deutsche Telekom Q3/13 ResultsDeutsche Telekom Q3/13 Results
Deutsche Telekom Q3/13 Results
 
Jon A Cohn - CTO / VP / Sr Director - joncohn@comcast.net
Jon A Cohn - CTO / VP / Sr Director - joncohn@comcast.netJon A Cohn - CTO / VP / Sr Director - joncohn@comcast.net
Jon A Cohn - CTO / VP / Sr Director - joncohn@comcast.net
 
CMW - Dec14JanFeb15
CMW - Dec14JanFeb15CMW - Dec14JanFeb15
CMW - Dec14JanFeb15
 
molcv
molcvmolcv
molcv
 
Howard Bolnick Resume - short
Howard Bolnick Resume - shortHoward Bolnick Resume - short
Howard Bolnick Resume - short
 
Rhytidectomy (face lift) surgery
Rhytidectomy (face lift) surgeryRhytidectomy (face lift) surgery
Rhytidectomy (face lift) surgery
 

Semelhante a Operational risk: the new frontier

Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
Anu Damodaran
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
Andrew Smart
 
Financial risk management
Financial risk managementFinancial risk management
Financial risk management
Yusef Hamayel
 
Testing value creation through erm maturity
Testing value creation through erm maturityTesting value creation through erm maturity
Testing value creation through erm maturity
Mbuthiac Mbuthiac
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White Paper
Shadowlit Ndou Sidija
 
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadRISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
Alexei Sidorenko, CRMP
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
Anthony Chiusano
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paper
Greg Cybulski, CBCP, ARM
 

Semelhante a Operational risk: the new frontier (20)

An approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiAn approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
 
Risk management
Risk managementRisk management
Risk management
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Energy Risk Management
Energy Risk Management Energy Risk Management
Energy Risk Management
 
51_operational_risk
51_operational_risk51_operational_risk
51_operational_risk
 
Dr haluk f gursel fraud examination rises to distinction article grcj 2010 1_v3_
Dr haluk f gursel fraud examination rises to distinction article grcj 2010 1_v3_Dr haluk f gursel fraud examination rises to distinction article grcj 2010 1_v3_
Dr haluk f gursel fraud examination rises to distinction article grcj 2010 1_v3_
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk management
 
MRM: PwC Top Issues
MRM: PwC Top Issues MRM: PwC Top Issues
MRM: PwC Top Issues
 
Total Cost Of Risk
Total Cost Of RiskTotal Cost Of Risk
Total Cost Of Risk
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
 
Financial risk management
Financial risk managementFinancial risk management
Financial risk management
 
Performing Strategic Risk Management with simulation models
Performing Strategic Risk Management with simulation modelsPerforming Strategic Risk Management with simulation models
Performing Strategic Risk Management with simulation models
 
Testing value creation through erm maturity
Testing value creation through erm maturityTesting value creation through erm maturity
Testing value creation through erm maturity
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White Paper
 
Chartered Accountant’s Role in an Enterprise Risk Management
Chartered Accountant’s Role in an Enterprise Risk ManagementChartered Accountant’s Role in an Enterprise Risk Management
Chartered Accountant’s Role in an Enterprise Risk Management
 
Holistic risk management
Holistic risk managementHolistic risk management
Holistic risk management
 
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadRISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
 
insurance-busines.pdf
insurance-busines.pdfinsurance-busines.pdf
insurance-busines.pdf
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paper
 

Mais de Michel Rochette

3ceapaffichecommunication2016MR
3ceapaffichecommunication2016MR3ceapaffichecommunication2016MR
3ceapaffichecommunication2016MR
Michel Rochette
 
Operational and reputational risk: Essential components of ERM
Operational and reputational risk: Essential components of ERMOperational and reputational risk: Essential components of ERM
Operational and reputational risk: Essential components of ERM
Michel Rochette
 
Introduction to economic capital
Introduction to economic capitalIntroduction to economic capital
Introduction to economic capital
Michel Rochette
 
Advanced Economic Capital
Advanced Economic CapitalAdvanced Economic Capital
Advanced Economic Capital
Michel Rochette
 
Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk Officer
Michel Rochette
 

Mais de Michel Rochette (20)

3ceapaffichecommunication2016MR
3ceapaffichecommunication2016MR3ceapaffichecommunication2016MR
3ceapaffichecommunication2016MR
 
Gestion du risque du compte du fond des changes
Gestion du risque du compte du fond des changesGestion du risque du compte du fond des changes
Gestion du risque du compte du fond des changes
 
Proposition de la création d'un fond de capital de risque pour l'industrie to...
Proposition de la création d'un fond de capital de risque pour l'industrie to...Proposition de la création d'un fond de capital de risque pour l'industrie to...
Proposition de la création d'un fond de capital de risque pour l'industrie to...
 
Proposition d'une liste électorale informatisée
Proposition d'une liste électorale informatiséeProposition d'une liste électorale informatisée
Proposition d'une liste électorale informatisée
 
L'intérêt public: Étalon de la gouvernance étatique
L'intérêt public: Étalon de la gouvernance étatiqueL'intérêt public: Étalon de la gouvernance étatique
L'intérêt public: Étalon de la gouvernance étatique
 
Assurance-chômage au Canada: propositions de réforme
Assurance-chômage au Canada: propositions de réformeAssurance-chômage au Canada: propositions de réforme
Assurance-chômage au Canada: propositions de réforme
 
Unemployment Insurance in Canada: proposals for reform
Unemployment Insurance in Canada: proposals for reformUnemployment Insurance in Canada: proposals for reform
Unemployment Insurance in Canada: proposals for reform
 
Operational and reputation risk: Essential components of ERM-Mandarin
Operational and reputation risk: Essential components of ERM-MandarinOperational and reputation risk: Essential components of ERM-Mandarin
Operational and reputation risk: Essential components of ERM-Mandarin
 
Operational risk in IT project
Operational risk in IT projectOperational risk in IT project
Operational risk in IT project
 
Emergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer functionEmergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer function
 
Operational and reputational risk: Essential components of ERM
Operational and reputational risk: Essential components of ERMOperational and reputational risk: Essential components of ERM
Operational and reputational risk: Essential components of ERM
 
From Risk to ERM
From Risk to ERMFrom Risk to ERM
From Risk to ERM
 
1er colloque étudiant en administration publique
1er colloque étudiant en administration publique 1er colloque étudiant en administration publique
1er colloque étudiant en administration publique
 
Risk Treatment Standard-ASB
Risk Treatment Standard-ASBRisk Treatment Standard-ASB
Risk Treatment Standard-ASB
 
Introduction to economic capital
Introduction to economic capitalIntroduction to economic capital
Introduction to economic capital
 
PPP: Risky proposition?
PPP: Risky proposition?PPP: Risky proposition?
PPP: Risky proposition?
 
Advanced Economic Capital
Advanced Economic CapitalAdvanced Economic Capital
Advanced Economic Capital
 
Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk Officer
 
RISK MANAGEMENT OF FX RESERVES
RISK MANAGEMENT OF FX RESERVESRISK MANAGEMENT OF FX RESERVES
RISK MANAGEMENT OF FX RESERVES
 
Environmental Risk
Environmental RiskEnvironmental Risk
Environmental Risk
 

Último

Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
Nauman Safdar
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
instagramfab782445
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdf
laloo_007
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' Slideshare
Workforce Group
 

Último (20)

PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Buy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From Seosmmearth
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Power point presentation on enterprise performance management
Power point presentation on enterprise performance managementPower point presentation on enterprise performance management
Power point presentation on enterprise performance management
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdf
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' Slideshare
 

Operational risk: the new frontier

  • 1. 34 CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 tNEW FRONTIER PERATIONAL RISK MANAGEMENT is becoming a major component of a well-structured corporate governance framework that starts at the board level and drills down to the dif- ferent business units. Like the whole field of risk management, it’s more than a calculation of an economic capital requirement, more than satisfying a regulator, and more than just buying an insurance policy to hedge it. Operational risk management aims at identifying, assessing, and managing risk proactively. Managing risk in this way improves the organization’s transparency and adds shareholder value by increasing operational efficiency, reducing direct and indirect losses, better allocating economic capital, and protecting the firm’s reputation. Recently, the whole financial sector, including many insurance companies, has been subject to enhanced regulatory oversight. Some companies have had to pay huge fines to settle investigations. These fines reflect operational risk incidents that should have been better managed up-front. BY MICHEL ROCHETTE O P E R AT I O N A L R I S K Operational Risk Defined In the past few years, the banking and investment worlds have agreed to define operational risk as the risk of loss resulting from inadequate or failed inter- nal processes, people and systems, or from external events. This definition includes legal and compliance risk, but it excludes the financial consequences of business or strategic decisions. In the insurance world, an agreed-upon defini- tion doesn’t exist yet. A recent paper by the Solvency Working Party of the International Actuarial Associa- tion Insurance Regulation Committee has proposed a definition similar to that used in the banking world but has classified risks somewhat differently. It has created two categories of risks, a more re- strictive operational risk and another category called event risk, including, in particular, legal and disas- ter risks. The committee created these two smaller categories to recognize that while firms can control operational risk, they normally can’t control event risk, though they can hedge against it by using new approaches such as business continuity planning. The Risk Assessment Working Group of the NAIC has devised its own definition, which reads: “Opera- tional problems such as inadequate information sys- tems, breaches in internal controls, fraud, or unfore- seen catastrophes will result in unexpected losses.” Compared with the definitions used in the rest of the financial community, the NAIC’s seems narrower. Thus, though it’s possible to classify operational risk in many different ways, the insurance industry should consider aligning its definition closer to the one used elsewhere. Actuaries would be in a stronger position to develop a common expertise with the rest of the financial community and be able to communicate with other risk professionals on common ground. A New Governance Paradigm To be effective and credible, any operational risk management framework must be independent of the existing business management structure. There must be checks and balances in the framework and clear segregation of duties. The risk governance framework the financial com- munity has implemented to satisfy these requirements is composed of different constituents. First, the board ILLUSTRATIONBYROBJOHNSON O ENTERPRISE RISK AVISORY Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
  • 2. CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 35 Operational risk is the new frontier in the enterprise risk management framework, and actuaries, individually and as a profession, are well suited to lead the way. of directors sets up an enterprise risk management committee that oversees the risk management process within the organiza- tion. They’re supported daily by a dedicated risk management unit. In larger firms, risk members may also be present within the business units and report to the risk management unit. The audit group, which reports directly to the board, is com- plementary to the risk management framework. It focuses more on the effectiveness of the control environment. A separate com- pliance group centralizes all internal and external compliance matters, such as laws, regulations, and actuarial standards. Contrary to the banking industry, where this framework ex- ists in more than 80 percent of internationally active banks, most insurance companies have not fully implemented this kind of risk management framework. They seem to rely more on ac- tuaries as their de facto risk managers. This can be an effective framework as long as the role of actuaries is well defined and includes a clear segregation of duties between management and risk responsibilities. Above is an example of an operational risk group’s respon- sibilities: Responsibilities of an Operational Risk Group Develop operational risk policies and internal standards. Coordinate risk and control self- assessment by business units. Follow action plans. Describe and model processes: reserving, underwriting, investment. Test scenarios of process failures. Involvement in Sarbanes-Oxley. Evaluate risk from outsourcing operations, reinsurance in the case of insurance. Choose, develop, implement, maintain operational risk technology. Conceive forward-looking key risk indicators and relate to internal losses. Develop and implement a firm- wide operational loss database of operational incidents. Model potential losses by appropriate methods and tools: frequency, severity, recovery. Develop new metrics to value operational risk exposure and effectiveness of controls. Coordinate business continuity planning in case of severe business disruption. Calculate economic capital, risk tolerance, and allocation. Develop/review strategies to hedge operational risk: corporate insurance, public operational hedging programs, risk derivatives, pooling arrangements, captives. Report on exposures, exceptions, financial values. Evaluate the operational risks of new operations, new products, new ventures. Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
  • 3. 38 CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 Operational Risk Tolerance Once a definition has been agreed upon, a governance frame- work has been set up, and roles and responsibilities have been clearly delimited, the organization must define its tolerance to operational risk. The risk tolerance will determine management responses to this risk. An organization should also be transpar- ent about its financial communications. Actuaries, with their financial background, are in a better position than other professionals to help management set an appropriate quantitative operational risk tolerance. They can evaluate different risk profiles in relation to the economic capi- tal of the firm, and propose management responses accordingly. This is similar to an efficient frontier analysis in finance. Other professionals usually limit their analysis to one di- mension, and they express their risk tolerance in qualitative terms. For example, accountants usually talk in terms of rea- sonable assurance or residual risk while Six Sigma professionals target zero defects in processes. Sarbanes-Oxley personnel try to function within the requirements of the remote likelihood of a material misstatement. The following matrix is an example of such an analysis and possible management responses to operational risk. Internal and External Operational Data An integral part of evaluating operational risk is the gather- ing of data from different sources. Data can come from self- assessments by experts, internal or external historic loss data, or scenarios based on other companies’ incidents. In this context, an actuary is well positioned to help the organization gather, interpret, and use these data. Operational Risk Decision Matrix Risk metric Management decisions Low frequency/Low impact Assume Cost of doing business Low frequency/High impact Transfer ®Insurance/catastrophic ins. ®Business continuity plans High frequency/Low impact Control ®Policies, procedures, controls, limits ®Cost/benefit analysis High frequency/High impact Eliminate ®Exit strategy, outsource Distribution of Individual Loss Events by Type Type of level 1 risk Types of level 2 risk % of number of losses % of value of losses Examples for an insurance company Internal fraud Unauthorized activity - theft & fraud 3.31% 7.23% Rogue agent/broker External fraud ® Theft & fraud ® Systems security 41.95% 15.54% Fraudulent insurance claims Employment practices & workplace safety ® Employee relations ® Safe environment ® Diversity & discrimination 8.53% 6.75% Inadequate work conditions (workers’ comp as a hedge) Clients/products/business practices ® Suitability ® Improper business ® Product flaws ® Model flaws ® Advisory activity flaws/ errors 7.17% 13.13% ® Vanishing premium sales illustrations ® Variable annuity mispricing ® Finite reinsurance ® Market timing in VA products Damage to physical assets ® Disasters ® Other events 1.4% 24.28% Natural/man-made catastrophe (cat. insurance as a hedge) Business disruption & system failures ® Systems 1.14% 2.73% ®Y2K ® System spaghetti ® Network Execution, delivery, & process management ® Transaction capture ® Monitor & report ® Trade counterparts ® Process errors ® Vendors & suppliers 35.08% 29.41% ® Underwriting errors ® Policy claims errors ® Reserving ® Reinsurance Source: Operational Risk Data Collection Exercise, Basel Committee on Banking Supervision, 2002 Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
  • 4. 40 CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 Qualitative Methods Methods Applications Limitations Percentage of use by major banks Type of method Risk control self-assessment (RCSA) ®Identify and assess risk ®Determine effectiveness of controls at the business-unit level ®Serve as a basis for future action plans (threshold triggers) ®Emphasize management responsibility ®Robustness of approach is incentive to downplay risk ®Lack of complete objectivity by managers ®Time consuming 65% Bottom-up. A pure risk assessment done by the audit department would be top- down. Process mapping ®Useful to describe processes and their vulnerabilities ®Identify gaps in the processes ®Prerequisite for other approaches such as expert system ®Difficult to make them dynamic, although some engineering software exists but isn’t adapted to financial institutions ®Time consuming 38% Top-down Risk indicators ®Help measure and monitor status and progress of operational risk ®Easily obtainable as long as they remain generic ®Can be used as a means to allocate capital ®Can be used to trigger escalation procedures ®More objective, daily updates ®Difficult to identify suitable indicators in relation to risk ®Risk Management Association has a special project underway for banks and insurance cos. 33% Top-down Risk/Control Score Card ®Obtain a score to evaluate risk and control effectiveness ®Can be tracked over time ®Score based on the assessment of experts ®Can be made more quantitative, like underwriting in insurance 10% Bottom-up Six Sigma/ Quality Methods/ ISO/ COBIT/Insurance Market Place Standards Association (IMSA) ®Useful to improve transactional processes ®Used in project management ®Very concrete in terms of attaining specific improvement in processes ®Can help show value to the organization ®Six Sigma was developed for manufacturing firms; it is more difficult to implement in financial institutions. N/A ®GE Financial/Bank of America have implemented Six Sigma. ®IMSA equivalent to ISO for life, annuity, LTC sales process Bottom-up COSO ®Used to identify and monitor controls in organizations ®One possible framework for Sarbanes-Oxley (Sections 302 and 404) on financial certification ®Similar to RCSA ®Major focus on controls and procedures only ®Has an auditing bias ®COSO II has a risk component. All U.S. firms required to submit public reports to the SEC Bottom-up Actuaries, with their financial background, are in a better position than other professionals to help management set an appropriate quantitative operational risk tolerance . Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
  • 5. CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 41 Also, data will make management more sensitive to the is- sue of operational risk and motivate staff to implement better controls to reduce risk. Data can also be used to model future losses and allocate economic capital. The previous tables give an indication of the types of internal operational risk incidents that a financial organization can be exposed to. They are based on a study done for the banking industry, and some examples of similar events for an insurance company were added in each category. Also, a summary of the major intercompany operational loss databases is shown above. Assessing and Managing Operational Risk Actuaries are well positioned to contribute positively to the development and implementation of the many qualitative and quantitative operational risk methods. The choice of a particular set of methods and tools will depend on the financial institution’s overall philosophy, the ob- jectives of the operational risk policy, the availability of people to implement them, time, budget, operational constraints, and regulatory requirements. In fact, we observe that a majority of financial institutions are implementing a group of methods within their institutions. Qualitative methods, as the name implies, are based on the knowledge of experts within the organization. Contrary to fi- nancial and insurance risks that are based on observed and somewhat objective values, major aspects of operational risk lie in the heads of the people involved. Even for actuaries who are naturally oriented toward numbers, the U.K. Institute of Actuaries recognized it and phrased it elegantly According to a report of the Operational Risk Working Party of the U.K. Institute of Actuaries, August 2002, “The most con- centrated source of information on operational risk within an organization is likely to be found in the heads of management. External Intercompany Databases Database Level of losses recorded U.K. British Bankers Association $50,000 U.S. retail $100,000 U.S for commercial Italy’s DIPO 5,000 euros Operational Risk Exchange 20,000 euros AON OpBase No minimum Fitch Database $1,000,000 U.S. SAS OpRisk Global Data $1,000,000 U.S. Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).
  • 6. 42 CO N T I N G E N C I E S NOVEMBER/DECEMBER 2005 It is important to mine this information to provide context and calibration to the more objective loss databases. ... This process can add value in building a consensus on the risks and risk tolerances of the business.” On the quantitative side, financial institutions are enhanc- ing their loss modeling using extreme-value loss distributions and generating scenarios. Some of these methods are listed in the chart below. Conclusion Operational risk is becoming more prevalent in the financial community due to both regulatory requirements and enhanced new corporate governance initiatives. In the banking field, the Basel II Capital Accord has created an incentive to move forward. In the insurance field, similar initiatives are underway, such as the NAIC’s proposed risk regu- latory framework, Europe’s Solvency II project, and the United Kingdom’s Integrated Prudential SourceBook. Financial institutions are also implementing operational risk frameworks in order to benchmark themselves with best practices; to satisfy increased pressure from their shareholders, regulators, and rating agencies; and to re- spond proactively to recent scandals in order to reduce their future recurrence. Actuaries should be part of the development of this new risk management field, in part because of its similarities to insurance expertise. However, contrary to traditional actuarial work, actuaries must be willing to work with a diverse group of people, be imaginative in adapting existing insurance ap- proaches to this new environment, and be willing to learn and enhance their tool set, in particular, the more qualitative operational risk approaches. ● MICHEL ROCHETTE is an actuary specializing in risk management for CDP Capital in Montreal, Quebec, Canada. Quantitative Methods Methods Applications Limitations Percentage of actual/ proposed use by major banks Type of method Parametric loss distributions/EVT distributions ® Can be used for low/high frequency and low/high severity. ® Model economic and regulatory capital ® Risk-adjusted return calculation ® Estimations of hedges ® Can be used to allocate capital ® If bottom-up, double counting, and substantial data required ®Difficult to use with diversification effects ®If top-down, difficult to allocate ®Validation process difficult so far ® More difficult to make it forward-looking ® Need to integrate control and action plans score into the modeling 80% Especially for the implementation of Basel II Advanced Measurement Approach (AMA) Bottom-up Top-down scenarios ® Complement loss distributions ® Forward-looking ® Reflect control environment ® Subjective ® Relies on external events as indications of problems 50% Bottom-up/ top-down Casual network/ system dynamic/ expert system/ fuzzy logic ®Depicts cause-and-effect relationship ® Simulates changes in the business profile ® Helps test mitigation strategies ® Involves internal experts ® Difficult to implement if many processes exist ® Doesn’t work for new business lines ® Doesn’t capture extreme events ® Long set-up time N/A Bottom-up Others: ® Activity-based ® Regression of past losses ® Estimates based on the level of activity ® Simple to calculate ® Objective ® Not a measure of risk ® Need to estimate ratios based on losses ® One of the allowed approaches under Basel II (Basic Indicator and Standardized) Top-down Contrary to traditional actuarial work, actuaries must be willing to work with a diverse group of people, be imaginative in adapting existing insurance approaches to this new environment, and be willing to learn and enhance their tool set. Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com). Changed with the DEMO VERSION of CAD-KAS PDF-Editor (http://www.cadkas.com).