Loading in 2 Seconds...
Loading in 2 Seconds...
Operational Risk Management Framework And Control Self Assessment . Maurice A. Krisel April 7, 2010. The Vision of Operational Risk Management.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Operational Risk Management FrameworkAnd Control Self Assessment Maurice A. Krisel April 7, 2010
The Vision of Operational Risk Management In 12 to 18 months, the Bank’s goal should be to create a report for each department and group that summarizes all relevant information that gets combined into a rating for operational risk.
Pillars of Operational Risk Management Senior Management Qualitative/Quantitative Analyses Indicators Issues Losses CSA Common Operational Risk Classification Scheme
Outline Control-Self Assessment Definition Control-Self Assessment Objectives Enterprise wide Control Self Assessment Framework Balanced Scorecard CSA Methodology Results Control Self Assessment Corporate Governance Project TimeLine Appendix -Delivered Solution 1. Risk Map 2. Excel Based Worksheets 3. HTML Interface 4. Excel Based
Control Self Assessment Definition • Control-Self Assessment is a risk management tool used by business managers to transparently assess risk and control strengths and weaknesses against a Control Framework. The “self” assessment refers to the involvement of management and staff in the assessment process.
Control Self Assessment Objectives • Communication • To ensure better communication of CEO’s objectives and strategies to all business lines • To ensure business line managers communicate their risks and controls more effectively • Education • To ensure business line managers have a better comprehension of effective risk control • To ensure business line managers have a better comprehension of risk management • Proactive Management • To ensure business line managers align their objectives and strategies with the CEO's objectives and strategies • To ensure business line managers assume greater responsibility and accountability for their risks and controls • To ensure business line managers monitor their risk effectively and timely • To ensure business line managers utilize and allocate their resources effectively
Enterprise-wide CSA Framework Goal • To foster a proactive management framework which is pervasive throughout a firm
Step 1: Objective Setting • Balanced Scorecard * • A tool that translates a firm’s mission and strategy into a comprehensive set of performance measures that provides the framework for a strategic measurement and management system • Objectives • Ensures linkage between the objective of senior management and the businesses • Increased focus on the appropriateness of the objectives • Reinforced as the central “top down” articulation of goals • Provides a framework within which the oversight functions, risk management and the business lines operate
Step 2: CSA Methodology ORCA Framework • The ORCA framework components fit logically together to form a comprehensive relationship between firm-wide objectives, processes and risks, and controls. This relationship may be viewed as the core of a firm’s internal control. • Objectives • Risk Assessment of Key Processes • Controls • Action Plans
Step 2: CSA Methodology ORCA Framework • To find equilibrium the business managers must carefully assess the risks inherent within their key processes, and apply controls that will work at a reasonable costs.
Step 2: CSA Methodology ORCA Framework
Step 2: CSA Methodology Key Indicators • Metrics to measure the effectiveness of controls in the mitigating or managing risks • TO measure operational problems • TO monitor the quality of the services provided • TO provide early warning for problems • TO aid in the containment of losses • TO determine trends • TO set limits for risk or escalation criteria • TO facilitate everyday decisions.
Step 3: Results Qualitative • Bottom-up feedback to executive management to ascertain how successfully the organization accomplished its strategic vision • Identification of the interdepartmental and thematic risks within the firm Quantitative • CSA Metric Score • Inherent & Residual Risks Model • CSA Scenario Engine
Step 3: Results • Inherent and Residual risk models provide a sense of the potential monetary impact before and after the implementation of controls • CSA scenario engine may shed insight on how the department’s or firm’s control environment may evolve – for better or worse.
Corporate Governance • The enterprise-wide CSA framework presented here is a key component of a robust corporate governance structure. It enables the organization to inform executive management of the current state of the firm’s risk environment on an ongoing basis • Furthermore, the framework readily lends itself to Sarbanes-Oxley and BIS II compliance • The expected benefits of a strong corporate governance structure are:
Summary • The presented enterprise-wide control self-assessment framework: • Provides flexibility and dynamism to evolve with the changing firm • Allows a firm to manage risks from both the “top-down” and “bottom-up” perspectives • Is an integral component of a strong corporate governance structure
Time Line • Planning • Project Scope • Define CSA scope • Evaluate current firm wide objectives • Define key business areas and processes • Obtain Sr. Management support • Project Planning • Create project timeline • Allocate resources • Deliverables:Project Plan, Road map • Design and Development (Prototype) • Meet with Business Lines • Gather Key business processes • Establish • Create Data Model • Create Database • Create user interface • Load master tables data into database • Create procedure guide Deliverables:CSA beta version software, User guide CSA Rollout • Analysis • Define Op Risk components • Firm wide objectives • Risk map • Define CSA components • Objectives and key processes • Risks • Control Methods • Action Plans • Key Risk Indicators • Refine Timeline and estimates • Deliverables: Business requirements, User presentation • Implementation • Rollout Control Self Assessment Software • Data Gathering of Business Units CSA • Support business units performing CSA Deliverables:Cutover Plan, CSA application • Close-out • Review user feedback • Establish cyclical review requirements • Update CSA reporting package May June June July September January April August October November February March December Closeout Planning Analysis Implementation Design Development