eBook - ePub
Operational Risk Management
Best Practices in the Financial Services Industry
Ariane Chapelle
This is a test
Buch teilen
- English
- ePUB (handyfreundlich)
- Ăber iOS und Android verfĂŒgbar
eBook - ePub
Operational Risk Management
Best Practices in the Financial Services Industry
Ariane Chapelle
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Ăber dieses Buch
OpRisk Awards 2020 Book of the Year Winner! The Authoritative Guide to the Best Practices in Operational Risk Management
Operational Risk Management offers a comprehensive guide that contains a review of the most up-to-date and effective operational risk management practices in the financial services industry. The book provides an essential overview of the current methods and best practices applied in financial companies and also contains advanced tools and techniques developed by the most mature firms in the field.
The author explores the range of operational risks such as information security, fraud or reputation damage and details how to put in place an effective program based on the four main risk management activities: risk identification, risk assessment, risk mitigation and risk monitoring. The book also examines some specific types of operational risks that rank high on many firms' risk registers.
Drawing on the author's extensive experience working with and advising financial companies, Operational Risk Management is written both for those new to the discipline and for experienced operational risk managers who want to strengthen and consolidate their knowledge.
HĂ€ufig gestellte Fragen
Wie kann ich mein Abo kĂŒndigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf âAbo kĂŒndigenâ â ganz einfach. Nachdem du gekĂŒndigt hast, bleibt deine Mitgliedschaft fĂŒr den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich BĂŒcher herunterladen?
Derzeit stehen all unsere auf MobilgerĂ€te reagierenden ePub-BĂŒcher zum Download ĂŒber die App zur VerfĂŒgung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die ĂŒbrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den AboplÀnen?
Mit beiden AboplÀnen erhÀltst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst fĂŒr LehrbĂŒcher, bei dem du fĂŒr weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhĂ€ltst. Mit ĂŒber 1 Million BĂŒchern zu ĂŒber 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
UnterstĂŒtzt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nÀchsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Operational Risk Management als Online-PDF/ePub verfĂŒgbar?
Ja, du hast Zugang zu Operational Risk Management von Ariane Chapelle im PDF- und/oder ePub-Format sowie zu anderen beliebten BĂŒchern aus Business & Financial Risk Management. Aus unserem Katalog stehen dir ĂŒber 1Â Million BĂŒcher zur VerfĂŒgung.
Information
PART One
Risk Identification
âForewarned is forearmed.â
CHAPTER 1
Risk Identification Tools
TOPâDOWN AND BOTTOMâUP RISK IDENTIFICATION
The most dangerous risks are those we ignore, as they can lead to nasty surprises. Before organizing risks in a register, it is important to identify the risks that are specific to your own business, not just those based on an external list, and then assess, mitigate and monitor them.
Risk identification in an organization should take place both topâdown, at senior management level, looking at the large exposures and threats to the business, and bottomâup, at business process level, looking at local or specific vulnerabilities or inefficiencies. These procedures are different but complementary, and both are vital because it is not sufficient to have one without the other. My favorite analogy for topâdown and bottomâup risk management is the crow's nest versus the engine room of a boat, both of which are necessary for a complete view of an organization (see Figure 1.1).
FIGURE 1.1 Topâdown and bottomâup risk management: the boat analogy
Topâdown risk analysis should be performed between one and four times a year, depending on the growth and development of the business and the level of associated risks. The aim is to identify key organizational risks, the major business threats that could jeopardize strategic objectives. Topâdown risk identification sessions will typically include senior risk owners, members of the executive committee and heads of business lines. Sessions are best organized as brainstorming workshops with supporting techniques and tools, such as review of exposures and vulnerabilities, risk wheel, and causal analysis of potential impacts and expected revenues. These are explained in the next sections. Topâdown risk identification exercises are similar to scenario generation, which is the first phase of scenario analysis. For small to mediumâsized firms, I recommend conducting these meetings with both risk identification and scenario generation in mind in order to save time. The results can then be used as inputs to both the risk and control selfâassessment (RCSA) exercises and scenario analysis. The links between RCSA and scenario analysis will be explained in Part 2.
CASE STUDY: FTSE 100 INSURANCE COMPANY â TOPâDOWN RISK IDENTIFICATION
A large insurer in the UK calls its topâdown risk analysis TDRA. It was set up by the chief risk officer (CRO) several years ago and provides a quarterly platform for the executive committee to review principal risks and emerging threats to the business, and to implement any required changes to the firm's risk profile. The insurer calls bottomâup risk identification RCSA, which focuses on the business process level and is the abbreviation for the more classic risk and control selfâassessment technique.
Topâdown risk analysis is one of the most efficient ways to identify important threats to a business. However, bottomâup risk analysis is still more common in the industry. Bottomâup risk identification is the only type of risk identification in many firms, especially among firms new to the discipline, where the practice is the least mature. In such firms, risk and control selfâassessments are carried out as a first step to risk management, at a granular level. If the scope of the bottomâup risk identification exercise is too restricted, too granular, the output will be a disparate collection of small risks, such as manual errors and process risks, which are not always of much value to senior management. In the same way that we might fail to see a beach because we are too busy observing the grains of sand, we may miss the big picture when it comes to risks and their interactions because identification takes place at a level that is too low in the organization. The most common bottomâup risk identification techniques are process mapping and interviews, which we explore in this chapter.
CASE STUDY: TRADING FIRM â COMPLEMENTING TOPâDOWN AND BOTTOMâUP RISKS
Reconciling topâdown and bottomâup risks is a goal for many firms and consultants. However, I don't believe it is a useful or even correct approach. Rather than reconciling, I would recommend informing one type of identification with the other, and adding the results of both exercises to obtain a comprehensive view of the operational risks in an organization. This is what we did during an ICAAP (Internal Capital Adequacy Assessment Process) in a trading group in the UK. After performing two risk identification workshops with top management, we compared the results with the findings of the bottomâup risk identification and assessment process. The findings were similar for some risks, but there were also some differences. The sum of both results provided the firm with its first risk universe, which was subsequently organized in a risk register and properly assessed.
EXPOSURE AND VULNERABILITIES
Risk exposure is inherent in every business and relates to key clients, principal distribution channels, central systems, primary sources of revenue and main regulatory authorities. In particular, large company projects and critical third parties are among the typical large exposures for a business. Operational risks related to projects and to outsourcing practices are an increasing focus in operational risk management, and rightly so. Large exposures to certain activities or counterparties aggravate the impact of possible incidents should a failure materialize for one of those activities. We will revisit exposure in Part 4, when we review the key risk indicators (KRIs) of impacts.
Vulnerabilities are the weakest links in an organization. They include inadequate or outdated products and processes, systems overdue for maintenance and testing, pockets of resistance to risk management and remote businesses left unmonitored. Large exposure typically relates to high impact/low probability risks, whereas vulnerabilities relate to higher frequency or more likely risks, hopefully with low impacts, but not necessarily. If vulnerabilities relate to large exposures, you have a heightened threat to the business. Examples of exposures and vulnerabilities are displayed in Figure 1.2.
FIGURE 1.2 Exposures and vulnerabilities as a risk identification tool
There are two significant benefits to the risk identification method of exposure and vulnerabilities: it's businessâdriven and it's specific. Discussing exposures and v...