Operational Risk Management Framework Control Self Assessment

Slides:

Advertisements

Similar presentations

COSO I COSO II. Meycor COSO, a Comprehensive Solution for Enterprise Risk Management (ERM)

Advertisements

360 Degrees: Conducting a Comprehensive Evaluation of Your Integrated Planning Processes Bri Hays Jill Baker San Diego Mesa College RP Conference April.

E.g Act as a positive role model for innovation Question the status quo Keep the focus of contribution on delivering and improving.

Internal Control–Integrated Framework

The HR Paradigm Shift Discover Stakeholder Value for the Human Resources Function.

Lisanne Sison Director ERM Bickmore

HR Manager – HR Business Partners Role Description

© 2009 The MITRE Corporation. All rights Reserved. Evolutionary Strategies for the Development of a SOA-Enabled USMC Enterprise Mohamed Hussein, Ph.D.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Own Risk & Solvency Assessment (ORSA): The heart of Risk & Capital Management John Spencer Director, Ultimate Risk Solutions.

IRSHAD Fourth Objective Dubai Islamic Bank – Performance Management Systems.

It’s Time to Talk About Risk and Control

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Program Management Overview (An Introduction)

Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.

Return On Investment Integrated Monitoring and Evaluation Framework.

Business Performance Management (BPM)

RSM McGladrey, Inc. is a member firm of RSM International – an affiliation of separate and independent legal entities. Operational Risk Management Framework.

The Information Systems Audit Process

project management office(PMO)

Lecture 3 Strategic Planning for IT Projects (Chapter 7)

Gene Álvarez, Ph.D. Operational Risk Management Department The Bank of Tokyo-Mitsubishi, Ltd. Headquarters for the Americas 20 May 2004 Operational Risk.

Opportunities & Implications for Turkish Organisations & Projects

How the Balance Scorecard Approach Compares to Policy Governance ® IPGA 2007 Annual Conference Alexandria, VA June 23, 2007 Presented by: David Mustine.

Enterprise Architecture

Information Technology Audit

Internal Auditing and Outsourcing

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

1 Workshop on the Strategic Planning Model. 2 Strategic Planning Model A B C D E Environmental Scan A ssessment Background Information Situational Analysis.

Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.

1 Module 4: Designing Performance Indicators for Environmental Compliance and Enforcement Programs.

Continual Service Improvement Process

1 Our Expertise and Commitment – Driving your Success An Introduction to Transformation Offering November 18, 2013 Offices in Boston, New York and Northern.

Copyright 2002 Prentice-Hall, Inc. Lecture 5 Identifying and Selecting Systems Development Projects 5.1 COSC4406: Software Engineering.

IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253

Do it pro bono. Strategic Scorecard Service Grant The Strategy Management Practice is presented by Wells Fargo. The design of the Strategic Scorecard Service.

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.

The Challenge of IT-Business Alignment

From Findings over KRIs to Process Control

Chapter 5 Internal Control over Financial Reporting

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.

IRS Enterprise Risk Management (ERM)

December 14, 2011/Office of the NIH CIO Operational Analysis – What Does It Mean To The Project Manager? NIH Project Management Community of Excellence.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

NHS Education for Scotland Defining A Quality Improvement Framework For A Coordinated Service Model Workshop 27 th May 2003 Dr Ann Wales NHS Scotland Library.

© 2003 DelCreo, Inc. All rights reserved. | U.S. Toll-free 866.DELCREO | International 001/ |

Information Systems Engineering. Lecture Outline Information Systems Architecture Information System Architecture components Information Engineering Phases.

Fifth Lecture Hour 9:30 – 10:20 am, September 9, 2001 Framework for a Software Management Process – Life Cycle Phases (Part II, Chapter 5 of Royce’ book)

Strategies for Knowledge Management Success SCP Best Practices Showcase March 18, 2004.

Needs for changes and adjusting to them in the management of statistical systems Panel discussion Prospects and Risks for the Future: How to manage uncertainties.

1  The objective of operational risk management is the same as for credit, market and liquidity risks that is to find out the extent of the financial.

Kathy Corbiere Service Delivery and Performance Commission

Inputs Processes Outputs Information Systems Planning Process

Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.

The Second Annual Medical Device Regulatory, Reimbursement and Compliance Congress Presented by J. Glenn George Thursday, March 29, 2007 Day II – Track.

Strategic Planning. What is Strategic Planning? Process to establish priorities on what you will accomplish in the future Forces you to make choices about.

Quality Milestones Elaborate quality system developed over the years “Joint Agenda Building” (JAB) group “Strategic Quality” – Progress report CA/80/04.

Info-Tech Research Group1 Manage the IT Portfolio World Class Operations - Impact Workshop.

1 COSO ERM Framework Update Our Next Challenge and Opportunity September 2015.

Scottish Local Authority Chief Internal Auditors Group Conference - June 2013.

LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.

Defining a World-Class Finance Organization

By Jeff Burklo, Director

Manage Service Requests and Incidents

Metrics for process and Projects

Presentation transcript:

Operational Risk Management Framework Control Self Assessment And Control Self Assessment Maurice A. Krisel Managing Director Broad Street Banking Associates, LLC. Confidential (203) 331 - 5644 David E. Fisher Managing Director Broad Street Banking Associates, LLC. (203) 434 - 7455

The Vision of Operational Risk Management In 12 to 18 months, your goal should be to create a report for each department and group that summarizes all relevant information that gets combined into a rating for operational risk.

Pillars of Operational Risk Management Senior Management Qualitative/Quantitative Analyses Losses Indicators Issues CSA Common Operational Risk Classification Scheme

Control Self Assessment Framework

Control Self Assessment Outline Control-Self Assessment Definition Control-Self Assessment Objectives Enterprise wide Control Self Assessment Framework Balanced Scorecard CSA Methodology Results Corporate Governance CSA Rollout - Project Time Line Appendix - Delivered Solution 1. Risk Map 2. Excel Based Worksheets 3. HTML Interface 4. Excel Based

Control Self Assessment Definition Control-Self Assessment is a risk management tool used by business managers to transparently assess risk and control strengths and weaknesses against a Control Framework. The “self” assessment refers to the involvement of management and staff in the assessment process.

Control Self Assessment Objectives Communication To ensure better communication of CEO’s objectives and strategies to all business lines To ensure business line managers communicate their risks and controls more effectively Education To ensure business line managers have a better comprehension of effective risk control To ensure business line managers have a better comprehension of risk management Proactive Management To ensure business line managers align their objectives and strategies with the CEO's objectives and strategies To ensure business line managers assume greater responsibility and accountability for their risks and controls To ensure business line managers monitor their risk effectively and timely To ensure business line managers utilize and allocate their resources effectively

Enterprise-wide CSA Framework Goal To foster a proactive management framework which is pervasive throughout a firm

Enterprise-wide CSA Framework

Step 1: Objective Setting Balanced Scorecard * A tool that translates a firm’s mission and strategy into a comprehensive set of performance measures that provides the framework for a strategic measurement and management system Objectives Ensures linkage between the objective of senior management and the businesses Increased focus on the appropriateness of the objectives Reinforced as the central “top down” articulation of goals Provides a framework within which the oversight functions, risk management and the business lines operate

Objectives ORCA Framework Step 2: CSA Methodology Risk Assessment of Key Processes Controls Action Plans The ORCA framework components fit logically together to form a comprehensive relationship between firm-wide objectives, processes and risks, and controls. This relationship may be viewed as the core of a firm’s internal control.

Step 2: CSA Methodology ORCA Framework To find equilibrium, the business managers must carefully assess the risks inherent within their key processes and apply controls that will work at a reasonable cost.

Step 2: CSA Methodology ORCA Framework

Step 2: CSA Methodology Key Indicators Metrics to measure the effectiveness of controls in the mitigating or managing risks TO measure operational problems TO monitor the quality of the services provided TO provide early warning for problems TO aid in the containment of losses TO determine trends TO set limits for risk or escalation criteria TO facilitate everyday decisions.

Step 3: Results Qualitative Quantitative Bottom-up feedback to executive management to ascertain how successfully the organization accomplished its strategic vision Identification of the interdepartmental and thematic risks within the firm Quantitative CSA Metric Score Inherent & Residual Risks Model CSA Scenario Engine

Step 3: Results

Step 3: Results Inherent and Residual risk models provide a sense of the potential monetary impact before and after the implementation of controls. CSA scenario engine may shed insight on how the department’s or firm’s control environment may evolve – for better or worse.

Corporate Governance Furthermore, the framework readily lends itself to Sarbanes-Oxley and BIS II compliance The enterprise-wide CSA framework presented here is a key component of a robust corporate governance structure. It enables the organization to inform executive management of the current state of the firm’s risk environment on an ongoing basis The expected benefits of a strong corporate governance structure are:

Summary The presented enterprise-wide control self-assessment framework: Provides flexibility and dynamism to evolve with the changing firm Allows a firm to manage risks from both the “top-down” and “bottom-up” perspectives Is an integral component of a strong corporate governance structure

CSA Rollout - Project Time Line Planning Project Scope Define CSA scope Evaluate current firm wide objectives Identify key business areas and processes Obtain Sr. Management support Project Planning Create project timeline Allocate resources Deliverables: Project Plan, Road map Design and Development (Prototype) Meet with Business Lines Gather Key business processes Establish Create Data Model Create Database Create user interface Load master tables data into database Create procedure guide Deliverables: CSA beta version software, User guide Analysis Define Op Risk components Firm wide objectives Risk map Define CSA components Objectives and key processes Risks Control Methods Action Plans Key Risk Indicators Refine Timeline and estimates Deliverables: Business requirements, User presentation Implementation Rollout Control Self Assessment Software Data Gathering of Business Units CSA Support business units performing CSA Deliverables: Cutover Plan, CSA application Close-out Review user feedback Establish cyclical review requirements Update CSA reporting package April May June June July August September October November December January February March Closeout Planning Analysis Implementation Design Development