Escolar Documentos
Profissional Documentos
Cultura Documentos
Risk consultant
Workshop on Operational Risk Management Outline I. The purpose the workshop II. The three line of defense a. Roles of the 1st lines of defense b. Roles of the 2nd of defense c. Roles of the 3rd lines of defense III. Understanding Risk management IV. Operational risk management a. Elements of operational risk b. Factors Contributors to operational risks c. Tools for operational risk identification and assessment V. Risk management process
a. Risk identification b. Risk assessment c. Controlling d. Monitoring and reviews
1st Line of Defense: All Processes of the Bank are responsible for managing operational risks within their respective domain.
2nd Line of Defense: The RCMP is responsible for overseeing and ensuring that operational risks are managed in line with the requirement set in ORM framework. 3rd Line of Defense: The Internal Audit Process shall be responsible for providing independent assurance to the BoDs as to the proper management of operational risks.
1.Internal Fraud
Unauthorized Activity. Transactions not reported. Transaction type unauthorized. Mismarking of position. Theft and Fraud. Fraud/credit fraud/worthless deposits. Theft/extortion/embezzlement/robbery. Misappropriation of assets. Forgery. Account take-over/impersonation. Bribes/kickbacks. Insider trading. Money laundering. Willful blindness.
2.External Fraud
Systems Security.
Hacking damage. Theft of information (with monetary loss).
Safe Environment.
General liability (slips and falls). Employee health and safety rules. Workers compensation.
Advisory Activities.
Disputes over performance or advisory activities
Trade Counterparties.
Non-client counterparty misperformance.
The LRRC shall: 1. Approve the operational risk management strategy, policies and appetite of the Bank; 2. Approve the ORMF of the Bank; 3. Ensure the availability of robust operational risk governance structure, process and the implementation of sound operational risk management principles; 4. Review significant operational risk exposure of the Bank; 5. Approve public disclosures on operational risks
2. The RCMP
The RCMP shall: 1. Spearhead the proper implementation of the ORMF ; 2. Develop/review the operational risk management principles, process and methodologies and monitoring their proper application; 3. Advise processes in the implementation of ORM framework and ensure consistency and proper implementation across all processes of the Bank; 4. Conduct enterprise wide risk assessment and aggregate operational risk assessment results of all processes of the Bank; 5. Aggregate the operational risk database of the Bank; 6. Ensure the appropriate reporting of deviations and breaches of threshold to the PC/LRRC; 7. Consolidate risk reports of the Processes of the Bank and escalate up to the Management and Board; 8. Review policies and procedures in light of the operational risk profile of the Bank;
13. Ensure compliance to the approved policies and procedures of the Bank;
XII. Controls/Mitigation of Operational Risk
...continued
The internal control process
a sound internal control process is critical to a banks ability to meet its established goals, and to maintain its financial viability internal control is the responsibility of everyone in a bank Almost all employees produce information used in the internal control system or take other actions needed to effect control the recognition by all employees of the need to carry out their responsibilities effectively and to communicate to the appropriate level of management any problems in operations instances of non-compliance with the code of conduct, or other policy violations or illegal actions that are noticed. It is essential that all personnel within the bank understand the importance of internal control and are actively engaged in the process
...continued
Requirements of effective internal control should be:
an appropriate control structure set up, with control activities defined at every business level; top level reviews; appropriate activity controls for different processes or divisions; physical controls; checking for compliance with exposure limits and follow-up on noncompliance; a system of approvals and authorisations; and, a system of verification and reconciliation; Areas of potential conflicts of interest should be identified, minimised, and subject to careful, independent monitoring.
Information should be reliable, timely, accessible, and provided in a consistent format. effective channels of communication to ensure that all staff fully understand and adhere to policies and procedures affecting their duties and responsibilities and that other relevant information is reaching the appropriate personnel.
XII. Controls/Mitigation of Operational Risk Audit functions an effective internal audit function that independently evaluates the control systems within the organisation part of the ongoing monitoring of the bank's system of internal controls and of its internal capital assessment procedure,????
XII. Controls/Mitigation of Operational Risk ...continued.
Mitigation of risks
For all material operational risks that have been identified, the bank should decide whether to use appropriate procedures to control and/or mitigate the risks, or bear the risks. the decision to retain or self-insure the risk should be transparent within the organisation and should be consistent with the banks overall business strategy and appetite for risk For those risks that cannot be controlled, the bank should decide whether to accept/tolerate these risks, reduce the level of business activity involved, or withdraw/terminate from this activity completely. Risk mitigation tools or programmes can be used to reduce the exposure to, or frequency and/or severity of such events However, we/banks should view risk mitigation tools as complementary to, rather than a replacement for, thorough internal operational risk control.
Terminate
o Stop o Dont start
Transfer
o Insure, hedge, contract out, share (but be careful with this option)
Treat
o Control likelihood, impact or both o Through directive, preventive, detective and corrective controls
Risk assessment findings/results; Control assessment results/finding; Performance/Status on KRIs; Key risk with significant control weaknesses; Breaches and deviations, if any.
Sub process/branch Name Report submitted to: Telephone Detailed description/update Cause
Data of corrective/preventive action taken Details of corrective/preventive action taken/to be taken Date of action Financial Impact in Birr Recovered amount
Telephone
Impact/Consequence
Action owners
Actual loss
Potential loss
Recovered by
Remark
To be completed by ORM team only Operational risk category Logged by (ORM officer-maker) Reviewed by (ORM officer-Checker)
C. External Data Collection and Analysis D. Risk Assessments Risk Self Assessment(RSA) Risk Control Self Assessments (RCSA) Scorecards build on RCSAs Business Process Mapping Risk and Performance Indicators Scenario Analysis and Measurements Comparative Analysis