7/30/2019 Managing Frameworks-Risk Management

1/15

Standards based approach to Ops ri

Qualifying (General) criteria

In order to qualify for use of the Standardisedor AMA a bank must satisfy its supervisor that, at a minimu

m..It has a risk management system that is conceptually sound and is implemented with integrity

The New Accord

7/30/2019 Managing Frameworks-Risk Management

2/15

Standards based approach to Ops ri

There are mature frameworks from other industries upon which the processes of Operational Risk Managementcould be based.

In particular, there are two risk management standards

AS/NZS 4360/2004 and COSO-

that, alone or in combination, could satisfy the requirements of Basel II for systems that are conceptually sound;and

The adoption of operational risk management processes that are based on proven, practical and usable standards,should reduce the overall costs to the industry of complying with Basel II.

7/30/2019 Managing Frameworks-Risk Management

3/15

Standards based approach to Ops ri

The AS/NZS 4360: 2004 Framework

7/30/2019 Managing Frameworks-Risk Management

4/15

Standards based approach to Ops riThe AS/NZS 4360: 2004 Risk Management Process se

ven main elements:

-Establish the Context: for strategic, organizational and risk management and the criteria against which business risks

will be evaluated.- Identify Risks:

that could prevent, degrade, delay or enhancethe achievement of an organization's business and strategic objectives.

- Analyze Risks:consider the range of potential consequences and the likelihoo

d that those consequences could occur. - Evaluate Risks:compare risks against the firms preestablished criteria and consider the balance between potential benefits and adverse outcomes.

d d

7/30/2019 Managing Frameworks-Risk Management

5/15

Standards based approach to Ops riThe AS/NZS 4360: 2004 Risk Management Process se

ven main elements:

- Treat Risks:develop and implement plans for increasing potential benefits and reducing potential costs of those risks identified as requiring to be treated.

- Monitor and Review: the performance and cost

effectiveness of the entire risk management system and the progress of risk treatment plans with a view to continuous improvement through learning from performance failures and deficiencies.

-Communicate and Consult:

with internal and externalstakeholders at each stage of the risk management process.

d d

7/30/2019 Managing Frameworks-Risk Management

6/15

Standards based approach to Ops ri

The COSO ERM Framework

- The COSO/ERM Framework consists of eight componentsorganized by four objectives: Strategic; Operations; Reporting; and Compliance.

-The third dimension of this ERM matrix/cube is organizational: Subsidiary; Business Unit; Division, and Entity

d d b d h

7/30/2019 Managing Frameworks-Risk Management

7/15

Standards based approach to Ops riThe COSO ERM Framework

S d d b d h

7/30/2019 Managing Frameworks-Risk Management

8/15

Standards based approach to Ops ri The eight components of the COSO framework are;

- Internal Environment: establishing the tone

of an organization, including risk management philosophy

and risk appetite, integrity and ethical values, organizational structure, assignment of authorities and responsibilitiesand the environment in which they operate.

- Objective Setting:Ensuring that management has in place a process to setobjectives and that the chosen objectives support and align with the entitys mission and are consistent with its riskappetite.

- Event Identification:

Identifying internal and external events that could impact the achievement of a firms objectives (both positively andnegatively).

- Risk Assessment: Analysingrisks considering likelihood and impact, as a basis fordetermining how they should be managed.

S d d b d h i

7/30/2019 Managing Frameworks-Risk Management

9/15

Standards based approach to Ops ri The eight components of the COSO framework are;

- Risk Response: Selecting risk responses

and developing a set of actions to align risks with the entitys risk tolerances and risk appetite.

- Control Activities:Establishing and implementing policies and procedures tohelp ensure the risk responses are effectively carried out.

this includes; Approvals, Authorizations, Verifications, Reconciliations, Reviews of operating performance, Security ofassets, Segregation duties etc.

- Information and Communication:Identifying, capturing and communicating information that is relevant in a form and timeframe that enable people tocarry out their responsibilities.

- Monitoring:Monitor the risk management process itself, modifying

it as necessary.

St d d b d h O i

7/30/2019 Managing Frameworks-Risk Management

10/15

Standards based approach to Ops ri

Basel II and the standard frameworks

-Basel II identifies the responsibilities of the independent Operational Risk Management function as developing strategi

es to identify, assess, monitor and control/ mitigateoperational risk. These responsibilities map directly onto the AS/NZS 4360 and COSO frameworks as shown in the table in the next slide.

St d d b d h O i

7/30/2019 Managing Frameworks-Risk Management

11/15

Standards based approach to Ops ri

Basel II and the standard frameworks

St d d b d h O i

7/30/2019 Managing Frameworks-Risk Management

12/15

Standards based approach to Ops ri Combining Basel II with the AS/NZS & COSO

Elements of the Primary ORM Components and ToolsAS/NZS & COSO Responsibilities

Framework

Establish the Board and Senior Risk Appetite: Products, Markets andContext Management Limits/TolerancesInternal (supported by Risk Regime: Philosophy, Responsibilities,Environment plus Strategic Policies and ProceduresObjective Setting Analysts) Risk Organization: Oversight, SegregationImplied in Basel and AccountabilitiesII Policies on Ethics, Risk/Reward Incentives

and Whistle Blowing

Business and Operational Strategiesand Objectives SWOT Analysis

Communications Plan

Budget Allocations for riskrel

ated Resources and Training

St d d b d h t O i

7/30/2019 Managing Frameworks-Risk Management

13/15

Standards based approach to Ops riCombining Basel II with the AS/NZS & COSO

Elements of the Primary ORM Components and Tools

AS/NZS&COSO ResponsibilitiesIdentify Risks Business Units, Questionnaires, Interviews and StructuredEvent (supported by ORM WorkshopsIdentification and outside Control Risk Self Assessment (CRSA)

experts) Brainstorming/Delphi Techniques/Affinity Maps Process Maps/Flow Charts

Risk Register organized by People, Processes, Systems and ExternalExpert Judgment

Scenario AnalysisAnalyse Risks Business Units, Risk Classification (Likelihood and Impact)

Risk Assessment ORM and outside Risk Heat Mapsexperts Loss Events Database Pareto Charts

Failure Mode and Effect Analysis (FMEA)

Cause and Effect (Fishbone) Charts Sensitivity Analysis Critical Incidents Analysis Industry and Organisational Benchmarking

St d d b d h t O i

7/30/2019 Managing Frameworks-Risk Management

14/15

Standards based approach to Ops riCombining Basel II with the AS/NZS & COSO

Elements of the Primary ORM Components and Tools

4360 Framework ResponsibilitiesEvaluate Risks Business Units, Risk Assessment, Quantification andRisk Assessment ORM and outside Prioritisation

experts Loss Distribution Analysis such as Extreme ValTheory (EVT)

Monte Carlo Simulation Sensitivity Analysis Bayesian Belief Networks Causal ModelingCalculation and Allocation of Capital Charges Identification of Key Risk Indicators (KRIs) Stress Testing

Treat Risks Business Units, Risk Treatment Options (Avoid, Reduce, ShareRisk Response ORM and outside or Retain/Accept)

experts Cost/Benefit Analysis of Risk Treatments

Risk Treatment Planning, Resourcing an

d Cost/Benefit TrackingRisk Treatment Communications Plan

St d d b d h t O i

7/30/2019 Managing Frameworks-Risk Management

15/15

Standards based approach to Ops ri

Advantages of adopting a Standards Based Framework

Cost SavingsRisk Reduction

Training and Education Resources

Independent Expertise

IT SystemsOutsourcing