operational risk management

operational risk management

Strategies and Best Practices in Operational Risk Management

1. Introduction to Operational Risk Management

Being an earlier thriving area of academic study, operational risk has evolved quite rapidly in the recent few years, partly as a direct result of a large number of operational losses of financial services institutions in the period. The confluence of op risk academics and practitioners into attempting to develop a risk, that is, risk management, and additionally to solve the challenges of developing and deploying personal understanding. Changes in business practice were instituted in the form of the new Basel II and other final operational risk regulatory standards. To compare according to standardized approaches are prescribed, and many organizations were rushed to implement data capture processes if they wished to continue to use the relatively risk-sensitive approaches.

Operational Risk Management is the fundamental requirement that guides organizations to assure the effectiveness and efficiency of their day-to-day operations. Operational risk is defined as the type of risk that an organization will incur as a result of its operational activities. The activities like earning and spending may incur losses due to various factors, including frauds or errors by employees, the failure of the information system, external events such as the weather, or business continuity failures such as internal errors or decisions, process management failures, or value losses and/or defects that cannot be recovered within an acceptable timeframe.

2. Identification and Assessment of Operational Risks

This paper discusses the best practices in the processes of Operational Risk Management (ORM) within financial institutions. A presentation of the Basel II requirements for ORM is first provided since it is via this regulatory context that the banks’ approach to ORM is managed. We then show an ORM Detailed Instruction Tree that defines the ORM universe, while the techniques to support the identification and assessment of operational risks are detailed in order to provide business practical suggestions. In the final sections, business practice ORM outlines are outlined by considering the management, monitoring and control, and disclosure, reporting, and material event requirements of the Basel II regulatory context.

In order to manage operational risks, they must be identified and quantified. This is performed by a series of self-assessment processes executed by risk owners, risk committees, and control functions. It should also include various management workshops, in which the most severe risks are determined, and their causes and consequences are assessed. To best achieve the above, an early warning system, risk and key risk indicator monitoring, and root cause tracking should be established.

3. Mitigation and Control Measures

Formal organizational lines of responsibility influence the actual management, control. Their effectiveness depends on the active support of the Chief Executive and operating managers, as well as on the quality and leadership of the office and staff support networks. Typically, the lines of responsibility included in the organization chart reflect the organizational focus and the programming and project orientation. The many software and hardware systems that extend the formal organization unit lines of authority are important, but they are not the primary elements that determine the ultimate performance of the front-line units. The Chief Executive sets the accountability parameters for the various business units and approves any large policy proposals, ensures that some general constraints are adhered to, and designs the overall performance measures and reward system.

As sources of operational risk are identified, the next step is putting in place the needed systems and control measures to mitigate and manage the risk. In large part, success depends on the quality and experience of the team selected to develop and put in place comprehensive systems configurations and support for front-line managers and staff. Best practices and strategies in key organizational responsibilities, building effective organizational and management committees, risk measurement, and control metrics, incentive structures are becoming increasingly transparent and the new standard. It is clear that the major part of mitigating operational risk involves adjusting organizational behavior through formal and informal structures and the incentive system that defines the parameters of acceptable business behavior.

4. Monitoring and Reporting of Operational Risks

Monitoring of operational risks needs to note how agreed actions based upon accuracy and relevance are taken. This includes strengthening or acceptance of the risk, modification, or ensuring their enterprise’s interests are adequately protected against the risks to which the organization is subject. The performance of an organization can be strongly linked to its reputation or brand identity. The adverse impact of adverse operational risk events, uninsured losses, or associated direct or indirect costs may have a limited lifespan, or alternatively may have a lasting impact. Any resulting reputational damage as a consequence of the event will be ongoing from future customers and other stakeholders.

The monitoring of operational risks has significant benefits for an organization. Monitoring of operational risks provides the operational risk manager with a view on the significant activities being undertaken within the organization and when compliance with operational risk management policies and procedures are being abided by, and if the operational risk profiles are consistent with the organization’s risk appetite. It is more difficult to respond to an unforeseen loss that is the result of high-risk activities. Where an organization is striving to develop and maintain a strong risk culture, then operational risk performance information should be reported to all affected employees within the organization.

5. Emerging Trends and Future Directions in Operational Risk Management

Best-practice standards should be tailored to an organization’s specific needs and encompass strategic, organizational, and technological components. There are several widely accepted best practices for each of the three main layers in a successful risk management process. The strategic spider map encompasses objectives, tools, business identification, risk tolerance, and return optimization. The organizational spider map includes risk management organization and procedures. Technological infrastructure relies on integrated risk management information systems. The basic principles of corporate governance that emerged from the initiative can be summarized as transparency, integrity, and responsibility.

Some organizations have established risk management communication strategies. The objective of these strategies is to create transparent internal and external communication streams that provide rationale, coverage, and compliance with the suffice laws concerning risk management. Besides the existence of well-defined leadership profiles with skills in corporate governance, talented, experienced individuals to manage the risk management process are required. The risk management function should be located close to higher management to ensure proper attention and coverage. Risk management information systems supporting business needs and innovations in the market capabilities are supported by competent and motivated staff. Risk management best practices are based on internal and external standards.