The Best Practice Strategies
Today, an operational risk management program and process will consist of many or all of the following components and concepts:[1]
? An enterprise-wide recognition that there is an urgent need, opportunity, and upside in managing operational risk.
? A dedicated and independent risk assessment function by business, and for operational risks at the corporate level, not solely an audit function.
? Use of quantitative analysis for risk assessment at all levels of the organization, applying sophistication appropriate for the organization and its culture.
? Specific firmwide risk assessment and control projects (e.g., e-business, systems integration, merger, and acquisition due diligence).
? Development of operational risk mitigation programs and incentive systems.
? Development of operational risk capital attribution and/or allocation methods for operational risks.
? Focus on strategic reputation management in alliance with public relations (PR) and senior management.
? Linkage with risk and insurance management functions for the mutual benefits of enhanced risk assessment and broader risk financing.
? Enhanced development and dissemination of management information about operational risks (e.g., risk indicators, incident, issue, and loss data), performance measures (e.g., business-risk goals and industry benchmarks) at all levels in the organization.
? Assimilation of all of the above risk functions into a firmwide ideological vision (e.g., quality management efforts like Six Sigma or other programs).
? Recognition that operational risk management is a key component of enterprise-wide risk management, including credit, market, operational, and strategy risks.
Key Building Blocks and 20 Best Practice Strategies
Best practices implies a function that has matured.
I offer six key principles—building blocks that serve as our foundation for the strategies. They are:
I. Enterprise-wide Vision, Culture, and Commitment
II. Organizational Framework and Responsibilities
III. Framing Strategies for operational risk Response
IV. Dynamic Risk Monitoring and Management
V. Financial and Regulatory Management Positioning
VI. operational risk Management Technology
The six building blocks and 20 strategies are outlined below.
I. Enterprise-wide Vision, Culture, and Commitment
Any enterprise-wide program must be evident to stakeholders both internally and externally. The commitment must be as clear to the investment community as it is to the employee and client base. Thus, it is essential to begin with top-level issues of vision, reputation, culture, and definition.
1. Define operational risk for the Organization operational risk must be defined and that definition communicated throughout an organization before it can be measured or managed effectively. It is nearly impossible for a staff at large to be focused on and committed to a topic if the topic is not well defined or understood.
2. Demonstrate a Vision, Mandate, and Objectives The firmwide vision, values, and mandate will be formulated at the highest levels of the organization and communicated outward. It will be communicated at three levels. The first is the company's own ideological vision statement. That sets the stage. The second is a statement on enterprise-wide risk management, of which operational risk will be a recognized part. The third is a specific statement on operational risk management, which will be much more specific as to the key objectives, roles, responsibility, and functional scope. Taken together, the statements will serve as clear evidence of buy-in at both the board and most senior management levels of the organization. They demonstrate not only internally, but also externally, the firm's commitment and also serve as an enhancement to shareholder value.
3. Foster a Culture of Integrity and Risk Management Awareness More often than not corporate culture and ethos are the least recognized components of an operational risk management program but, at the same time, can have the greatest positive or negative impact on an organization's risk profile. A senior level commitment and a risk-aware culture are both essential.
4. Manage the Risk to the Firm's Franchise, Reputation, and Brand The best firms will have a clear understanding of the potential effect of operational risk on their franchise and franchise value. A vision and mandate are not enough. In addition to continued positive reinforcement of the company's franchise and brand, reputation management requires ongoing discipline, a tested strategy, and a plan for managing crises that might impact their reputation and franchise.
II. Organizational Framework and Responsibilities
Without a clear vision, mandate, framework, and responsibilities, operational risk management will fail.[2] Day-to-day management of operational risk is the responsibility of the business units. Corporate management is charged with enterprise-wide policy and standards, supporting and holding the business units accountable.
5. Empower Business Units with Responsibility for Risk Management The framework will delineate risk management roles and responsibilities of the business units. Business units on a local level manage operational risk most effectively. The best firms will support and empower business units and profit centers with responsibility, accountability and authority for management of their own operational risks.
6. Support and Leverage Corporate Units' Capabilities and Contributions Define roles and responsibilities of corporate units firmwide. Structure operational risk management programs such that they reinforce key aspects of existing control and risk management programs, including but not limited to those of Control Self-Assessment, Internal Audit, Compliance, Legal, Security, and other risk management functions. Support and leverage their contribution. Avoid redundancy of effort. A mission statement and objectives will be set for those units contributing to the firmwide function, not limited to the group operational risk management unit.
7. Designate an operational risk Management Unit to Serve as a Facilitator Form a coordinating unit for operational risk management headed by a senior manager and staffed with top talent to coordinate operational risk management efforts firmwide. In some firms the manager will head operational risk exclusively. In others, the individual may also serve as Chief Risk Officer. In any event, business units will direct their own operational risk efforts, but a separate corporate operational risk function will support and monitor their activities. In some industries (e.g., financial services), the function will be separate from Internal Audit.
III. operational risk Response Framework
Although arguably all of our efforts are or will be geared toward mitigating or optimizing risk, there are several strategies that will be identified as providing an overall framework for risk mitigation efforts firmwide. We refer to these as the risk mitigation framing strategies. They consist of strategies that must emanate from the corporate organization in support, reinforcement, and scrutiny of the business unit efforts.
9. Disseminate Useful Management Information and Reports Provide clear, useful, and actionable information about operational risks, losses, and the status of risk response and control efforts such that business unit managers and staff firmwide are in a position to manage them on a day-to-day basis.
10. Use Incentives and Disincentives in Managing operational risk Use incentives and disincentive systems as a means to balance strategic risk and reward. For instance, use risk-adjusted performance measures (RAPM), such as risk-based economic capital allocation or attribution processes, to highlight operational risk intensive businesses. Provide both incentives and disincentives for management of risk. Use capital as a means to optimize risk and reward.
Far too often, risk management only focuses on negatives, and thus risk managers fall in the trap of penalizing staff and units for risks identified, poor performance, and loss results. The most effective programs balance this with a system of rewards for productive risk management behavior and investment by both business and corporate units and staff alike. Some examples might include reduction of risk through upgrades in systems or manual processes, enhanced issue tracking systems, and timely clearance of self-identified risk issues or issues identified by Internal Audit.
Focus attention beyond organizational units to individual behavior. Build operational risk considerations into incentive-based compensation plans (e.g., bonuses, stock options, deferred compensation) in order to assure that staff members are focused on mitigating and optimizing operational risk on a day-to-day basis.
Develop a program of benchmarking and goal setting to track progress on a consistent basis over time and relative to peers on a unit-by-unit basis and firmwide (e.g., peer comparisons, incident and loss results over time, cost-of-operational risk analyses and reporting).
11. Employ Segregation and Diversification Strategies Pursue high-level diversification techniques to combat the potentially catastrophic effects of process. Reinforce diversification and segregation of duties in critical processes. Balance risk and reward in diversification of physical asset concentrations.
12. Leverage Firmwide Defenses for Business Continuity A key aspect of operational risk management will be to assure the smooth continuity of business operations. Enhance and leverage strategic business continuity efforts beyond traditional areas of focus, such as physical hazard risk. Address the vulnerabilities such as risk to key revenue streams, reputation, stakeholder and regulatory standing, and one-time risk of loss. Include strategic investments in systems and processes. Seek opportunities to showcase business continuity as a competitive advantage.
IV. Dynamic Risk Monitoring and Management
Understanding the risk profile of the organization is an essential first step in managing it. Use of data and metrics is essential for making the subject more tangible and retaining management and staff attention to the issues at large.
Traditionally, risk management had been viewed as consisting of separate and distinct elements. They have been recognized to include risk identification, assessment and/or measurement, and mitigation or control. Although the process has always been continuous, it was often viewed to require formal and orderly risk identification reviews, followed by analysis, then a focus ..s. Today, rates of change in technology and business processes have accelerated to such a point that separate analyses are too often out of date before they are even completed. Thus, the need for continuous and dynamic reviews is more evident today than ever before. Fortunately, advancements in technology, frequent reporting, and interactive systems will support a more timely response.
This principal entails the building block strategies for moving toward dynamic risk profiling and management.
12. Implement Bottom-Up Processes to Identify, Evaluate, and Manage Operational Risks Effective operational risk management begins with each employee having an understanding of the potential benefits and harm in each risk faced. This requires a process at a sufficiently detailed and specific level for identifying and evaluating new risks on a continuous basis (e.g., independent risk assessment, control self-assessment, process analysis).
13. Use a Portfolio-based Approach to Evaluate Firmwide Loss Potential Although bottom-up process reviews are helpful for individual business unit and line managers, they sometimes miss the big picture. In addition, senior management at a firmwide level must have an aggregate view of operational risk. This is where the portfolio level analysis comes in (e.g., firmwide, risk mapping, portfolio-level actuarial analysis).
14. Coordinate Event and Risk Indicator Data Firmwide Track operational risk issues, incidents, and losses by developing a process to capture and track them, including their cost and causative factors, at both business and corporate levels firmwide. Identify and track predictive indicators and drivers of operational risks. Capture both quantitative and qualitative driver data and descriptive information. Provide indicator reports and scores to management levels appropriate for action.
15. Apply Analytics to Improve ORM Decision Making One of the most significant advancements in modern operational risk management is the introduction of quantitative techniques for risk assessment and modeling of future loss scenarios. Apply analytics to support operational risk management decision making on a day-to-day business level, as well as in strategic risk–reward decision making on a portfolio level. Apply levels of analytic sophistication appropriate for your individual firm's size, culture, and business mix.
16. Implement Dynamic Risk Profiling and Monitoring The most successful programs have been built around a continuum of risk tools for effective identification, assessment, mitigation, and finance. Advancements in risk monitoring include risk profiling and dynamic risk profiling. Risk profiling recognizes the need for combining different types of assessment and measurement and control tools for a complete picture of an organization's risk. Dynamic risk profiling requires a continuous and timely process, enabled by interactive technology. Work to apply them for more effective and timely day-to-day risk management.
V. Financial and Regulatory Management Positioning
This set of strategies is focused on the firm's financial and capital structure, from both management and regulatory perspectives.
17. Enhance Risk Finance Hedging of Operational Risks Align insurance and risk finance programs to operational risks. Measure program performance over time. Re-engineer programs to attain an optimal coverage and cost trade-off. But conventional insurance provides only a partial solution. Enhance risk financing through the use of effective alternative risk financing structures. Use self-insurance, captive, excess-of-loss reinsurance, credit, and capital markets to construct effective protection for expected, unexpected, and catastrophe operational risks.
18. Apply operational risk-Adjusted Performance Measures and Economic Risk Capital Models Use risk-adjusted performance measures (RAPM) and economic risk capital models to calculate and monitor the effect of operational losses on firmwide and business unit levels. Monitor capital structures on top-down and bottom-up bases. Embed the models and processes to drive strategic and tactical risk-based decisions firmwide. Work toward application of the models in product pricing.
19. Monitor the Emerging Regulatory Capital and Supervisory Environment and Position Accordingly Participate in regulatory discussions and monitor the evolution of requirements. Financial service firms should monitor developments from the Basel Committee on Banking Supervision, as well as regulatory interpretations and actions on a local level. Monitor the emerging operational risk regulatory capital guidelines and options. Ensure that economic risk capital models are in sync with regulatory model developments and then position accordingly to optimize risk capital models and the balance sheet.
VI. Operational Risk Management Technology
Technology is an essential part of our everyday lives today. It is just beginning to become appreciated as an essential part of enterprise-wide operational risk management programs, however. Because of its importance, we dedicate a separate section and strategy to its development.
20. Leverage Risk Management Efforts through State-of-the-Art Technology Assure program efficiency by leveraging technology in enterprise-wide data gathering, analysis, and information delivery. Web-enabled systems will support the flow of data and information both internally and externally. Use powerful database and data warehouse technology to prepare for the flood of data that will be required to manage operational risk effectively in the future.
Phases of Implementation
The majority of firms are in one of three phases of operational risk management: realization, basic implementation, and advanced integration.[3]
? Realization: As with any major issue, the first step is to accept a problem. Most firms have passed through the first phase. They realize that operational risk is a major issue, understand the framework of operational risk, and have embarked on operational risk programs.
? Basic implementation: Firms in the second phase are implementing one-off initiatives, experimenting with self-assessment, employing risk indicators on an isolated level, using various management tools, using management information systems (MIS) for individual business lines, and perhaps doing some high-level modeling of certain areas of risk.
? Advanced integration: What firms are really striving for is phase three, integrated or holistic operational risk programs, including multiuser web-based platforms and systems. They are seeking to support input and access of data and information throughout the firm, conduct various types of analyses to support the efficiency of the business overall, and reduce the cost of operational risk and loss.
At this level, programs and systems are fully integrated and distributed. There is risk assessment and mitigation throughout the firm. Risk capital is being used to understand the impact on the capital structure of the firm, and blended risk finance—insurance, reinsurance, self-insurance, capital markets, finite risk, or financial insurance coverages—is a reality. The management framework is in place, or at least being created, for dealing with the risk of complexity: integration risk, merger and acquisition risk, dealing with cultural changes, and things of that nature.
A Final Thought:
Programs Must be Transparent and Understandable
Before these advances, managers had little basis on which to make decisions about risk reductions, risk finance, and the efficient use of risk capital. Now operational risks will be included in these risk–reward calculations.
Arcane classifications, analyses, capital calculations, and financing structures serve to make the entire subject more confusing for many, at a time when simplicity and involvement by the masses on an enterprise-wide and industrywide basis is most critical.
For more Information
* Financial Risk Management. Enterprise Risk Management. Risk Management Framework, Risk Control, Risk Analysis, Risk Management Books. *
Today, an operational risk management program and process will consist of many or all of the following components and concepts:[1]
? An enterprise-wide recognition that there is an urgent need, opportunity, and upside in managing operational risk.
? A dedicated and independent risk assessment function by business, and for operational risks at the corporate level, not solely an audit function.
? Use of quantitative analysis for risk assessment at all levels of the organization, applying sophistication appropriate for the organization and its culture.
? Specific firmwide risk assessment and control projects (e.g., e-business, systems integration, merger, and acquisition due diligence).
? Development of operational risk mitigation programs and incentive systems.
? Development of operational risk capital attribution and/or allocation methods for operational risks.
? Focus on strategic reputation management in alliance with public relations (PR) and senior management.
? Linkage with risk and insurance management functions for the mutual benefits of enhanced risk assessment and broader risk financing.
? Enhanced development and dissemination of management information about operational risks (e.g., risk indicators, incident, issue, and loss data), performance measures (e.g., business-risk goals and industry benchmarks) at all levels in the organization.
? Assimilation of all of the above risk functions into a firmwide ideological vision (e.g., quality management efforts like Six Sigma or other programs).
? Recognition that operational risk management is a key component of enterprise-wide risk management, including credit, market, operational, and strategy risks.
Key Building Blocks and 20 Best Practice Strategies
Best practices implies a function that has matured.
I offer six key principles—building blocks that serve as our foundation for the strategies. They are:
I. Enterprise-wide Vision, Culture, and Commitment
II. Organizational Framework and Responsibilities
III. Framing Strategies for operational risk Response
IV. Dynamic Risk Monitoring and Management
V. Financial and Regulatory Management Positioning
VI. operational risk Management Technology
The six building blocks and 20 strategies are outlined below.
I. Enterprise-wide Vision, Culture, and Commitment
Any enterprise-wide program must be evident to stakeholders both internally and externally. The commitment must be as clear to the investment community as it is to the employee and client base. Thus, it is essential to begin with top-level issues of vision, reputation, culture, and definition.
1. Define operational risk for the Organization operational risk must be defined and that definition communicated throughout an organization before it can be measured or managed effectively. It is nearly impossible for a staff at large to be focused on and committed to a topic if the topic is not well defined or understood.
2. Demonstrate a Vision, Mandate, and Objectives The firmwide vision, values, and mandate will be formulated at the highest levels of the organization and communicated outward. It will be communicated at three levels. The first is the company's own ideological vision statement. That sets the stage. The second is a statement on enterprise-wide risk management, of which operational risk will be a recognized part. The third is a specific statement on operational risk management, which will be much more specific as to the key objectives, roles, responsibility, and functional scope. Taken together, the statements will serve as clear evidence of buy-in at both the board and most senior management levels of the organization. They demonstrate not only internally, but also externally, the firm's commitment and also serve as an enhancement to shareholder value.
3. Foster a Culture of Integrity and Risk Management Awareness More often than not corporate culture and ethos are the least recognized components of an operational risk management program but, at the same time, can have the greatest positive or negative impact on an organization's risk profile. A senior level commitment and a risk-aware culture are both essential.
4. Manage the Risk to the Firm's Franchise, Reputation, and Brand The best firms will have a clear understanding of the potential effect of operational risk on their franchise and franchise value. A vision and mandate are not enough. In addition to continued positive reinforcement of the company's franchise and brand, reputation management requires ongoing discipline, a tested strategy, and a plan for managing crises that might impact their reputation and franchise.
II. Organizational Framework and Responsibilities
Without a clear vision, mandate, framework, and responsibilities, operational risk management will fail.[2] Day-to-day management of operational risk is the responsibility of the business units. Corporate management is charged with enterprise-wide policy and standards, supporting and holding the business units accountable.
5. Empower Business Units with Responsibility for Risk Management The framework will delineate risk management roles and responsibilities of the business units. Business units on a local level manage operational risk most effectively. The best firms will support and empower business units and profit centers with responsibility, accountability and authority for management of their own operational risks.
6. Support and Leverage Corporate Units' Capabilities and Contributions Define roles and responsibilities of corporate units firmwide. Structure operational risk management programs such that they reinforce key aspects of existing control and risk management programs, including but not limited to those of Control Self-Assessment, Internal Audit, Compliance, Legal, Security, and other risk management functions. Support and leverage their contribution. Avoid redundancy of effort. A mission statement and objectives will be set for those units contributing to the firmwide function, not limited to the group operational risk management unit.
7. Designate an operational risk Management Unit to Serve as a Facilitator Form a coordinating unit for operational risk management headed by a senior manager and staffed with top talent to coordinate operational risk management efforts firmwide. In some firms the manager will head operational risk exclusively. In others, the individual may also serve as Chief Risk Officer. In any event, business units will direct their own operational risk efforts, but a separate corporate operational risk function will support and monitor their activities. In some industries (e.g., financial services), the function will be separate from Internal Audit.
III. operational risk Response Framework
Although arguably all of our efforts are or will be geared toward mitigating or optimizing risk, there are several strategies that will be identified as providing an overall framework for risk mitigation efforts firmwide. We refer to these as the risk mitigation framing strategies. They consist of strategies that must emanate from the corporate organization in support, reinforcement, and scrutiny of the business unit efforts.
9. Disseminate Useful Management Information and Reports Provide clear, useful, and actionable information about operational risks, losses, and the status of risk response and control efforts such that business unit managers and staff firmwide are in a position to manage them on a day-to-day basis.
10. Use Incentives and Disincentives in Managing operational risk Use incentives and disincentive systems as a means to balance strategic risk and reward. For instance, use risk-adjusted performance measures (RAPM), such as risk-based economic capital allocation or attribution processes, to highlight operational risk intensive businesses. Provide both incentives and disincentives for management of risk. Use capital as a means to optimize risk and reward.
Far too often, risk management only focuses on negatives, and thus risk managers fall in the trap of penalizing staff and units for risks identified, poor performance, and loss results. The most effective programs balance this with a system of rewards for productive risk management behavior and investment by both business and corporate units and staff alike. Some examples might include reduction of risk through upgrades in systems or manual processes, enhanced issue tracking systems, and timely clearance of self-identified risk issues or issues identified by Internal Audit.
Focus attention beyond organizational units to individual behavior. Build operational risk considerations into incentive-based compensation plans (e.g., bonuses, stock options, deferred compensation) in order to assure that staff members are focused on mitigating and optimizing operational risk on a day-to-day basis.
Develop a program of benchmarking and goal setting to track progress on a consistent basis over time and relative to peers on a unit-by-unit basis and firmwide (e.g., peer comparisons, incident and loss results over time, cost-of-operational risk analyses and reporting).
11. Employ Segregation and Diversification Strategies Pursue high-level diversification techniques to combat the potentially catastrophic effects of process. Reinforce diversification and segregation of duties in critical processes. Balance risk and reward in diversification of physical asset concentrations.
12. Leverage Firmwide Defenses for Business Continuity A key aspect of operational risk management will be to assure the smooth continuity of business operations. Enhance and leverage strategic business continuity efforts beyond traditional areas of focus, such as physical hazard risk. Address the vulnerabilities such as risk to key revenue streams, reputation, stakeholder and regulatory standing, and one-time risk of loss. Include strategic investments in systems and processes. Seek opportunities to showcase business continuity as a competitive advantage.
IV. Dynamic Risk Monitoring and Management
Understanding the risk profile of the organization is an essential first step in managing it. Use of data and metrics is essential for making the subject more tangible and retaining management and staff attention to the issues at large.
Traditionally, risk management had been viewed as consisting of separate and distinct elements. They have been recognized to include risk identification, assessment and/or measurement, and mitigation or control. Although the process has always been continuous, it was often viewed to require formal and orderly risk identification reviews, followed by analysis, then a focus ..s. Today, rates of change in technology and business processes have accelerated to such a point that separate analyses are too often out of date before they are even completed. Thus, the need for continuous and dynamic reviews is more evident today than ever before. Fortunately, advancements in technology, frequent reporting, and interactive systems will support a more timely response.
This principal entails the building block strategies for moving toward dynamic risk profiling and management.
12. Implement Bottom-Up Processes to Identify, Evaluate, and Manage Operational Risks Effective operational risk management begins with each employee having an understanding of the potential benefits and harm in each risk faced. This requires a process at a sufficiently detailed and specific level for identifying and evaluating new risks on a continuous basis (e.g., independent risk assessment, control self-assessment, process analysis).
13. Use a Portfolio-based Approach to Evaluate Firmwide Loss Potential Although bottom-up process reviews are helpful for individual business unit and line managers, they sometimes miss the big picture. In addition, senior management at a firmwide level must have an aggregate view of operational risk. This is where the portfolio level analysis comes in (e.g., firmwide, risk mapping, portfolio-level actuarial analysis).
14. Coordinate Event and Risk Indicator Data Firmwide Track operational risk issues, incidents, and losses by developing a process to capture and track them, including their cost and causative factors, at both business and corporate levels firmwide. Identify and track predictive indicators and drivers of operational risks. Capture both quantitative and qualitative driver data and descriptive information. Provide indicator reports and scores to management levels appropriate for action.
15. Apply Analytics to Improve ORM Decision Making One of the most significant advancements in modern operational risk management is the introduction of quantitative techniques for risk assessment and modeling of future loss scenarios. Apply analytics to support operational risk management decision making on a day-to-day business level, as well as in strategic risk–reward decision making on a portfolio level. Apply levels of analytic sophistication appropriate for your individual firm's size, culture, and business mix.
16. Implement Dynamic Risk Profiling and Monitoring The most successful programs have been built around a continuum of risk tools for effective identification, assessment, mitigation, and finance. Advancements in risk monitoring include risk profiling and dynamic risk profiling. Risk profiling recognizes the need for combining different types of assessment and measurement and control tools for a complete picture of an organization's risk. Dynamic risk profiling requires a continuous and timely process, enabled by interactive technology. Work to apply them for more effective and timely day-to-day risk management.
V. Financial and Regulatory Management Positioning
This set of strategies is focused on the firm's financial and capital structure, from both management and regulatory perspectives.
17. Enhance Risk Finance Hedging of Operational Risks Align insurance and risk finance programs to operational risks. Measure program performance over time. Re-engineer programs to attain an optimal coverage and cost trade-off. But conventional insurance provides only a partial solution. Enhance risk financing through the use of effective alternative risk financing structures. Use self-insurance, captive, excess-of-loss reinsurance, credit, and capital markets to construct effective protection for expected, unexpected, and catastrophe operational risks.
18. Apply operational risk-Adjusted Performance Measures and Economic Risk Capital Models Use risk-adjusted performance measures (RAPM) and economic risk capital models to calculate and monitor the effect of operational losses on firmwide and business unit levels. Monitor capital structures on top-down and bottom-up bases. Embed the models and processes to drive strategic and tactical risk-based decisions firmwide. Work toward application of the models in product pricing.
19. Monitor the Emerging Regulatory Capital and Supervisory Environment and Position Accordingly Participate in regulatory discussions and monitor the evolution of requirements. Financial service firms should monitor developments from the Basel Committee on Banking Supervision, as well as regulatory interpretations and actions on a local level. Monitor the emerging operational risk regulatory capital guidelines and options. Ensure that economic risk capital models are in sync with regulatory model developments and then position accordingly to optimize risk capital models and the balance sheet.
VI. Operational Risk Management Technology
Technology is an essential part of our everyday lives today. It is just beginning to become appreciated as an essential part of enterprise-wide operational risk management programs, however. Because of its importance, we dedicate a separate section and strategy to its development.
20. Leverage Risk Management Efforts through State-of-the-Art Technology Assure program efficiency by leveraging technology in enterprise-wide data gathering, analysis, and information delivery. Web-enabled systems will support the flow of data and information both internally and externally. Use powerful database and data warehouse technology to prepare for the flood of data that will be required to manage operational risk effectively in the future.
Phases of Implementation
The majority of firms are in one of three phases of operational risk management: realization, basic implementation, and advanced integration.[3]
? Realization: As with any major issue, the first step is to accept a problem. Most firms have passed through the first phase. They realize that operational risk is a major issue, understand the framework of operational risk, and have embarked on operational risk programs.
? Basic implementation: Firms in the second phase are implementing one-off initiatives, experimenting with self-assessment, employing risk indicators on an isolated level, using various management tools, using management information systems (MIS) for individual business lines, and perhaps doing some high-level modeling of certain areas of risk.
? Advanced integration: What firms are really striving for is phase three, integrated or holistic operational risk programs, including multiuser web-based platforms and systems. They are seeking to support input and access of data and information throughout the firm, conduct various types of analyses to support the efficiency of the business overall, and reduce the cost of operational risk and loss.
At this level, programs and systems are fully integrated and distributed. There is risk assessment and mitigation throughout the firm. Risk capital is being used to understand the impact on the capital structure of the firm, and blended risk finance—insurance, reinsurance, self-insurance, capital markets, finite risk, or financial insurance coverages—is a reality. The management framework is in place, or at least being created, for dealing with the risk of complexity: integration risk, merger and acquisition risk, dealing with cultural changes, and things of that nature.
A Final Thought:
Programs Must be Transparent and Understandable
Before these advances, managers had little basis on which to make decisions about risk reductions, risk finance, and the efficient use of risk capital. Now operational risks will be included in these risk–reward calculations.
Arcane classifications, analyses, capital calculations, and financing structures serve to make the entire subject more confusing for many, at a time when simplicity and involvement by the masses on an enterprise-wide and industrywide basis is most critical.
For more Information
* Financial Risk Management. Enterprise Risk Management. Risk Management Framework, Risk Control, Risk Analysis, Risk Management Books. *
0 comments:
Post a Comment
Place Your Comments Here