eBook - ePub
Operational Risk Management
Best Practices in the Financial Services Industry
Ariane Chapelle
This is a test
Condividi libro
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Operational Risk Management
Best Practices in the Financial Services Industry
Ariane Chapelle
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
OpRisk Awards 2020 Book of the Year Winner! The Authoritative Guide to the Best Practices in Operational Risk Management
Operational Risk Management offers a comprehensive guide that contains a review of the most up-to-date and effective operational risk management practices in the financial services industry. The book provides an essential overview of the current methods and best practices applied in financial companies and also contains advanced tools and techniques developed by the most mature firms in the field.
The author explores the range of operational risks such as information security, fraud or reputation damage and details how to put in place an effective program based on the four main risk management activities: risk identification, risk assessment, risk mitigation and risk monitoring. The book also examines some specific types of operational risks that rank high on many firms' risk registers.
Drawing on the author's extensive experience working with and advising financial companies, Operational Risk Management is written both for those new to the discipline and for experienced operational risk managers who want to strengthen and consolidate their knowledge.
Domande frequenti
Come faccio ad annullare l'abbonamento?
Ă semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrĂ attivo per il periodo rimanente giĂ pagato. Per maggiori informazioni, clicca qui
Ă possibile scaricare libri? Se sĂŹ, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalitĂ di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in piÚ di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Operational Risk Management è disponibile online in formato PDF/ePub?
SĂŹ, puoi accedere a Operational Risk Management di Ariane Chapelle in formato PDF e/o ePub, cosĂŹ come ad altri libri molto apprezzati nelle sezioni relative a Business e Financial Risk Management. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
PART One
Risk Identification
âForewarned is forearmed.â
CHAPTER 1
Risk Identification Tools
TOPâDOWN AND BOTTOMâUP RISK IDENTIFICATION
The most dangerous risks are those we ignore, as they can lead to nasty surprises. Before organizing risks in a register, it is important to identify the risks that are specific to your own business, not just those based on an external list, and then assess, mitigate and monitor them.
Risk identification in an organization should take place both topâdown, at senior management level, looking at the large exposures and threats to the business, and bottomâup, at business process level, looking at local or specific vulnerabilities or inefficiencies. These procedures are different but complementary, and both are vital because it is not sufficient to have one without the other. My favorite analogy for topâdown and bottomâup risk management is the crow's nest versus the engine room of a boat, both of which are necessary for a complete view of an organization (see Figure 1.1).
FIGURE 1.1 Topâdown and bottomâup risk management: the boat analogy
Topâdown risk analysis should be performed between one and four times a year, depending on the growth and development of the business and the level of associated risks. The aim is to identify key organizational risks, the major business threats that could jeopardize strategic objectives. Topâdown risk identification sessions will typically include senior risk owners, members of the executive committee and heads of business lines. Sessions are best organized as brainstorming workshops with supporting techniques and tools, such as review of exposures and vulnerabilities, risk wheel, and causal analysis of potential impacts and expected revenues. These are explained in the next sections. Topâdown risk identification exercises are similar to scenario generation, which is the first phase of scenario analysis. For small to mediumâsized firms, I recommend conducting these meetings with both risk identification and scenario generation in mind in order to save time. The results can then be used as inputs to both the risk and control selfâassessment (RCSA) exercises and scenario analysis. The links between RCSA and scenario analysis will be explained in Part 2.
CASE STUDY: FTSE 100 INSURANCE COMPANY â TOPâDOWN RISK IDENTIFICATION
A large insurer in the UK calls its topâdown risk analysis TDRA. It was set up by the chief risk officer (CRO) several years ago and provides a quarterly platform for the executive committee to review principal risks and emerging threats to the business, and to implement any required changes to the firm's risk profile. The insurer calls bottomâup risk identification RCSA, which focuses on the business process level and is the abbreviation for the more classic risk and control selfâassessment technique.
Topâdown risk analysis is one of the most efficient ways to identify important threats to a business. However, bottomâup risk analysis is still more common in the industry. Bottomâup risk identification is the only type of risk identification in many firms, especially among firms new to the discipline, where the practice is the least mature. In such firms, risk and control selfâassessments are carried out as a first step to risk management, at a granular level. If the scope of the bottomâup risk identification exercise is too restricted, too granular, the output will be a disparate collection of small risks, such as manual errors and process risks, which are not always of much value to senior management. In the same way that we might fail to see a beach because we are too busy observing the grains of sand, we may miss the big picture when it comes to risks and their interactions because identification takes place at a level that is too low in the organization. The most common bottomâup risk identification techniques are process mapping and interviews, which we explore in this chapter.
CASE STUDY: TRADING FIRM â COMPLEMENTING TOPâDOWN AND BOTTOMâUP RISKS
Reconciling topâdown and bottomâup risks is a goal for many firms and consultants. However, I don't believe it is a useful or even correct approach. Rather than reconciling, I would recommend informing one type of identification with the other, and adding the results of both exercises to obtain a comprehensive view of the operational risks in an organization. This is what we did during an ICAAP (Internal Capital Adequacy Assessment Process) in a trading group in the UK. After performing two risk identification workshops with top management, we compared the results with the findings of the bottomâup risk identification and assessment process. The findings were similar for some risks, but there were also some differences. The sum of both results provided the firm with its first risk universe, which was subsequently organized in a risk register and properly assessed.
EXPOSURE AND VULNERABILITIES
Risk exposure is inherent in every business and relates to key clients, principal distribution channels, central systems, primary sources of revenue and main regulatory authorities. In particular, large company projects and critical third parties are among the typical large exposures for a business. Operational risks related to projects and to outsourcing practices are an increasing focus in operational risk management, and rightly so. Large exposures to certain activities or counterparties aggravate the impact of possible incidents should a failure materialize for one of those activities. We will revisit exposure in Part 4, when we review the key risk indicators (KRIs) of impacts.
Vulnerabilities are the weakest links in an organization. They include inadequate or outdated products and processes, systems overdue for maintenance and testing, pockets of resistance to risk management and remote businesses left unmonitored. Large exposure typically relates to high impact/low probability risks, whereas vulnerabilities relate to higher frequency or more likely risks, hopefully with low impacts, but not necessarily. If vulnerabilities relate to large exposures, you have a heightened threat to the business. Examples of exposures and vulnerabilities are displayed in Figure 1.2.
FIGURE 1.2 Exposures and vulnerabilities as a risk identification tool
There are two significant benefits to the risk identification method of exposure and vulnerabilities: it's businessâdriven and it's specific. Discussing exposures and v...