Operational Risk Questionnaire

Slides:



Advertisements
Similar presentations
EMS Checklist (ISO model)
Advertisements

Effectively applying ISO9001:2000 clauses 6 and 7.
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Internal Control–Integrated Framework
Chapter 14 Fraud Risk Assessment.
Planning for Change Corporate Plans
Issue Identification, Tracking, Escalation, and Resolution.
Operational risk. Introduction During the early part of the decade, much of the focus was on techniques for measuring and managing market risk. As the.
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.
IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,
THE EURO & THE AUDIT PROCESS RISK ANALYSIS, MATERIALITY AND CERTIFICATION November 14, 2000 Christian Perrier.
The Islamic University of Gaza
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Viewpoint Consulting – Committed to your success.
ISO General Awareness Training
TEMPUS ME-TEMPUS-JPHES
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
B RITISH B ANKERS' A SSOCIATION Operational Risk & the Regulatory Environment Simon Hills Director - Prudential Capital team.
1 Operational Risk Management Member Education Series Seminar Indian Institute of Banking & Finance Nagpur November 2005.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Session 3 – Information Security Policies
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Vendor Risk: Effective Management is Essential
Chapter 4 Risk Assessment.
CS 4310: Software Engineering
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Basics of OHSAS Occupational Health & Safety Management System
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Requirements Engineering Processes l Processes used to discover, analyse and.
Internal Control in a Financial Statement Audit
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Conducting Compliance Assessments and Building Internal Controls In Pharmaceutical R&D Third Annual Medical Research Summit – Session 2.01 Michael Swiatocha.
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
CIA Annual Meeting LOOKING BACK…focused on the future.
Telerik Software Academy Software Quality Assurance.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Credit risk vs. Market risk Credit risk is the risk that a borrower or counterparty may fail to fulfill an obligation whereas market risk is the risk to.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Is Your Background Check Process Compliant?. 2 © Copyright 2015 ADP, LLC. Proprietary and Confidential Information. Agenda Privileged & Confidential.
The Risk Management Process
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
1 Banking Risks Management Chapter 8 Issues in Bank Management.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
LATVENERGO GROUP COMPLIANCE AND FRAUD RISK MANAGEMENT Kristine Arensone Compliance officer
Revision N° 11ICAO Safety Management Systems (SMS) Course01/01/08 Module N° 9 – SMS operation.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Corliss Whitaker: Portfolio – Instructional Presentation Understanding BASEL II Concepts Author: Korki Whitaker Revised: 02/17/2007.
1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.
Stoimen Stoimenov QA Engineer SitefinityLeads,SitefinityTeam6 Telerik QA Academy Telerik QA Academy.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Claims Leakage Control
Physical Security Governance Model
Approaches to Defining Risk
Information Security based on International Standard ISO 27001
Operational Risk Chapter 20
Internal control - the IA perspective
CAYMAN ISLANDS MONETARY AUTHORITY
About EverydayComply A Solution designed to:
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Cyber Security in a Risk Management Framework
Presentation transcript:

Operational Risk Questionnaire A Framework for Operational Risk Management

Background on Operational Risk New Basel capital requirements are based upon market, credit, and operational risk. The New Basel Capital Accord defines operational risk as: “The risk loss resulting from inadequate or failed processes, people and systems or from external events” Market and credit risk both have well-understood market conventions, and are readily quantifiable. Operational risk management is at an earlier stage, and no market consensus on measurement and approach has yet formed. Best practices and industry trends are moving toward more active means of defining, measuring, monitoring, and mitigating operational risks.

BSB Questionnaire Framework BSB proposes the following risk categories to establish what risks exist, and how management is or could be controlling risk: External Catastrophe Service Provider Failure Regulatory Fraud, Theft, and Vandalism Compliance with Policies, Procedures and Practices Customer Relationships Key Control Effectiveness Compliance with Commercial Contracts People Management Information Risk IT Security

BSB Approach – Risk Identification Each risk category is intended to elicit risk information from a specific perspective External Catastrophe - The risk that an external event would disrupt the ability of staff to access office locations or perform normally required tasks. These are risks that you can plan against but cannot prevent. Service Provider Failure - The risk that a service providers failure to deliver expected services would hinder or prevent normal business activity. The risks in this category are those where there is excessive reliance upon an external or internal service provider or outsourced function, or where contingency plans do not exist or are inadequate. The principal risk in this category is that you will be unable to continue business, or will suffer significant deficiencies, due to failures or inadequacies in service provider delivery or outsourced functions. Regulatory - The risk that your activities will fail to comply with regulatory requirements and restrictions. The risks in this category are those where regulatory non-compliance results in regulator response, up to and including a cease-and-desist order. Fraud, Theft, and Vandalism - The risk to you of an internal or external party committing fraud, theft, or vandalism, damaging BSB or its clients monetarily or in image. Compliance with Policies, Procedures, and Practices - The risk that you will fail to comply with internal policies, procedures, and practices, as well as industry best practices and ethical business practices. To not be in compliance with these practices would be to suggest that you are not managing its business and risks according to market standards. Customer Relationships - The risk that you will fail in the management of customer relationships and in delivery of services to customers, causing monetary and reputational damages. The risks in this category are those that affect your market share, reputation, and profitability.

BSB Approach – Risk Identification Key Control Effectiveness - The risk that operational control points will fail to function as intended, putting you at risk of significant monetary losses, regulatory action, and reputational damage. The risks of ineffective controls are widespread, and affect many areas with a wide range of monetary, reputational, and regulatory implications. The risk that you will have poorly structured behavioral and physical limits, or that those limits might be unenforced or circumvented. The risk in this category is also of control and efficiency, which would affect risk and control. Compliance with Commercial Contracts - The risk that you will fail to comply with, or implement properly, commercial contracts, with potential monetary damage, legal exposure, and reputational damage. The risks in this category are those which affect the legal relationships between you and clients / counterparties. Incidents of this type could affect relationships, cause legal action, and adversely impact future ability to do business with the client / counterparty. People Management - The risk that you will fail to attract, manage, develop, and retain employees with the appropriate skills. The risk in this category is that you will, over the long-term, fail to stay competitive and fail to have employees with the skills and training to engage in business in a prudent, well-controlled fashion. The risk that you will fail to organize its business in an appropriate way, resulting in an inefficient and operationally risky business structure. The risk in this category is largely of control and efficiency, which would affect long-term business risk, profitability, and competitiveness. The risk that you will choose inefficient or inappropriate measures of staff or business performance. Information Risk - The risk that you might manage your business or generate reporting based upon incomplete, inaccurate or inappropriate information. The risk that you might manage its business or generate reporting based upon incomplete, inaccurate or inappropriate information. The risk that you might manage its business or generate reporting based upon incomplete, inaccurate or inappropriate information, as well as the risk that BSB will not be able to access archived information. Infrastructure Security (IT View) - The risk that your IT security structure will fail to perform as intended, allowing unauthorized access and data damage or loss.

BSB Risk Categories The original 23 risk categories have been merged into 11, eliminating 12 descriptive answers and approximately 10 more repetitive lines of questioning.

BSB Risk Classification For each risk category, the questionnaire will have one or several scenarios or risks. For each of these scenarios or risks, the following questions need to be answered: Risk Severity What would be the impact on P/L? What would be the effect on customers and on your image? What is the frequency of this type of event or loss? What would be a typical loss from an incident of this type? Management’s Ability to Control How aware and involved is management in managing this risk? (Responsibilities defined, resources allocated, etc.) What is your assessment of the effectiveness and efficiency of the internal control system? Which of the following exist to address this type of operational risk? Policies, procedures, formal organization, formal limits, risk control system, monitoring system, regular or periodic reporting, management review Is data regarding this type of event or loss known, reported, and stored?

Questionnaire Format The questionnaire is in the form of a question matrix, with risk scenarios and questions listed vertically, and with 8 general questions for each listed horizontally General Questions Risk Scenarios Answer Area

Questionnaire Function The questionnaire consists of approximately 100 risk scenarios, with 8 general questions to answer for each Questionnaire Function 7 of the 8 questions are multiple choice, and have drop-down selection boxes to simplify the process for the user 1 of the questions asks about the existence of certain risk management tools. In the answer space for this question are checkboxes, with a check signifying yes and an empty checkbox signifying no. Each of the 23 risk categories has one answer space for a text description of the risk situation, particularly significant risks or scenarios, and additional comments.

Ability to Control Risk Questionnaire Output BSB has taken the approach that operational risk is best viewed in the context of a four-sectored grid. Highlighting high impact risks with a high degree of controllability gives BSB a starting point to reduce risk. High Impact / High Ability High Impact / Low Ability Impact of Risk Low Impact / High Ability Low Impact / Low Ability Ability to Control Risk

Ability to Control Risk Answer Scoring External Catastrophe By employing a scoring methodology, the answers on the questionnaire can be used to plot the risks of a business area by type. External Service Provider Failure Regulatory Compliance with Policies, Procedures, and Practices Impact of Risk External Fraud Customer Risk Management Key Control Effectiveness Ability to Control Risk

Contact Us David E. Fisher 203.434.7545 davidefisher@broadstbanking.com Maurice A. Krisel 203.331.5644 mauriceakrisel@broadstbanking.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.