Upload
anam-ali
View
220
Download
0
Embed Size (px)
Citation preview
7/30/2019 Managing Frameworks-Risk Management
1/15
Standards based approach to Ops ri
Qualifying (General) criteria
In order to qualify for use of the Standardisedor AMA a bank must satisfy its supervisor that, at a minimu
m..It has a risk management system that is conceptually sound and is implemented with integrity
The New Accord
7/30/2019 Managing Frameworks-Risk Management
2/15
Standards based approach to Ops ri
There are mature frameworks from other industries upon which the processes of Operational Risk Managementcould be based.
In particular, there are two risk management standards
AS/NZS 4360/2004 and COSO-
that, alone or in combination, could satisfy the requirements of Basel II for systems that are conceptually sound;and
The adoption of operational risk management processes that are based on proven, practical and usable standards,should reduce the overall costs to the industry of complying with Basel II.
7/30/2019 Managing Frameworks-Risk Management
3/15
Standards based approach to Ops ri
The AS/NZS 4360: 2004 Framework
7/30/2019 Managing Frameworks-Risk Management
4/15
Standards based approach to Ops riThe AS/NZS 4360: 2004 Risk Management Process se
ven main elements:
-Establish the Context: for strategic, organizational and risk management and the criteria against which business risks
will be evaluated.- Identify Risks:
that could prevent, degrade, delay or enhancethe achievement of an organization's business and strategic objectives.
- Analyze Risks:consider the range of potential consequences and the likelihoo
d that those consequences could occur. - Evaluate Risks:compare risks against the firms preestablished criteria and consider the balance between potential benefits and adverse outcomes.
d d
7/30/2019 Managing Frameworks-Risk Management
5/15
Standards based approach to Ops riThe AS/NZS 4360: 2004 Risk Management Process se
ven main elements:
- Treat Risks:develop and implement plans for increasing potential benefits and reducing potential costs of those risks identified as requiring to be treated.
- Monitor and Review: the performance and cost
effectiveness of the entire risk management system and the progress of risk treatment plans with a view to continuous improvement through learning from performance failures and deficiencies.
-Communicate and Consult:
with internal and externalstakeholders at each stage of the risk management process.
d d
7/30/2019 Managing Frameworks-Risk Management
6/15
Standards based approach to Ops ri
The COSO ERM Framework
- The COSO/ERM Framework consists of eight componentsorganized by four objectives: Strategic; Operations; Reporting; and Compliance.
-The third dimension of this ERM matrix/cube is organizational: Subsidiary; Business Unit; Division, and Entity
d d b d h
7/30/2019 Managing Frameworks-Risk Management
7/15
Standards based approach to Ops riThe COSO ERM Framework
S d d b d h
7/30/2019 Managing Frameworks-Risk Management
8/15
Standards based approach to Ops ri The eight components of the COSO framework are;
- Internal Environment: establishing the tone
of an organization, including risk management philosophy
and risk appetite, integrity and ethical values, organizational structure, assignment of authorities and responsibilitiesand the environment in which they operate.
- Objective Setting:Ensuring that management has in place a process to setobjectives and that the chosen objectives support and align with the entitys mission and are consistent with its riskappetite.
- Event Identification:
Identifying internal and external events that could impact the achievement of a firms objectives (both positively andnegatively).
- Risk Assessment: Analysingrisks considering likelihood and impact, as a basis fordetermining how they should be managed.
S d d b d h i
7/30/2019 Managing Frameworks-Risk Management
9/15
Standards based approach to Ops ri The eight components of the COSO framework are;
- Risk Response: Selecting risk responses
and developing a set of actions to align risks with the entitys risk tolerances and risk appetite.
- Control Activities:Establishing and implementing policies and procedures tohelp ensure the risk responses are effectively carried out.
this includes; Approvals, Authorizations, Verifications, Reconciliations, Reviews of operating performance, Security ofassets, Segregation duties etc.
- Information and Communication:Identifying, capturing and communicating information that is relevant in a form and timeframe that enable people tocarry out their responsibilities.
- Monitoring:Monitor the risk management process itself, modifying
it as necessary.
St d d b d h O i
7/30/2019 Managing Frameworks-Risk Management
10/15
Standards based approach to Ops ri
Basel II and the standard frameworks
-Basel II identifies the responsibilities of the independent Operational Risk Management function as developing strategi
es to identify, assess, monitor and control/ mitigateoperational risk. These responsibilities map directly onto the AS/NZS 4360 and COSO frameworks as shown in the table in the next slide.
St d d b d h O i
7/30/2019 Managing Frameworks-Risk Management
11/15
Standards based approach to Ops ri
Basel II and the standard frameworks
St d d b d h O i
7/30/2019 Managing Frameworks-Risk Management
12/15
Standards based approach to Ops ri Combining Basel II with the AS/NZS & COSO
Elements of the Primary ORM Components and ToolsAS/NZS & COSO Responsibilities
Framework
Establish the Board and Senior Risk Appetite: Products, Markets andContext Management Limits/TolerancesInternal (supported by Risk Regime: Philosophy, Responsibilities,Environment plus Strategic Policies and ProceduresObjective Setting Analysts) Risk Organization: Oversight, SegregationImplied in Basel and AccountabilitiesII Policies on Ethics, Risk/Reward Incentives
and Whistle Blowing
Business and Operational Strategiesand Objectives SWOT Analysis
Communications Plan
Budget Allocations for riskrel
ated Resources and Training
St d d b d h t O i
7/30/2019 Managing Frameworks-Risk Management
13/15
Standards based approach to Ops riCombining Basel II with the AS/NZS & COSO
Elements of the Primary ORM Components and Tools
AS/NZS&COSO ResponsibilitiesIdentify Risks Business Units, Questionnaires, Interviews and StructuredEvent (supported by ORM WorkshopsIdentification and outside Control Risk Self Assessment (CRSA)
experts) Brainstorming/Delphi Techniques/Affinity Maps Process Maps/Flow Charts
Risk Register organized by People, Processes, Systems and ExternalExpert Judgment
Scenario AnalysisAnalyse Risks Business Units, Risk Classification (Likelihood and Impact)
Risk Assessment ORM and outside Risk Heat Mapsexperts Loss Events Database Pareto Charts
Failure Mode and Effect Analysis (FMEA)
Cause and Effect (Fishbone) Charts Sensitivity Analysis Critical Incidents Analysis Industry and Organisational Benchmarking
St d d b d h t O i
7/30/2019 Managing Frameworks-Risk Management
14/15
Standards based approach to Ops riCombining Basel II with the AS/NZS & COSO
Elements of the Primary ORM Components and Tools
4360 Framework ResponsibilitiesEvaluate Risks Business Units, Risk Assessment, Quantification andRisk Assessment ORM and outside Prioritisation
experts Loss Distribution Analysis such as Extreme ValTheory (EVT)
Monte Carlo Simulation Sensitivity Analysis Bayesian Belief Networks Causal ModelingCalculation and Allocation of Capital Charges Identification of Key Risk Indicators (KRIs) Stress Testing
Treat Risks Business Units, Risk Treatment Options (Avoid, Reduce, ShareRisk Response ORM and outside or Retain/Accept)
experts Cost/Benefit Analysis of Risk Treatments
Risk Treatment Planning, Resourcing an
d Cost/Benefit TrackingRisk Treatment Communications Plan
St d d b d h t O i
7/30/2019 Managing Frameworks-Risk Management
15/15
Standards based approach to Ops ri
Advantages of adopting a Standards Based Framework
Cost SavingsRisk Reduction
Training and Education Resources
Independent Expertise
IT SystemsOutsourcing