Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Use Test in Practice

Published byMilton Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "The Use Test in Practice"— Presentation transcript:

1 The Use Test in Practice
IOR Scottish Chapter: The Use Test in Practice Friday 26th October 2012 NOTICE: Proprietary and Confidential This material is proprietary to Chase Cooper. It contains trade secrets and confidential information which is solely the property of Chase Cooper. The material is solely for the Client’s internal use. This materials shall not be used, reproduced, copied, disclosed, transmitted, in whole or in part, without the express consent of Chase cooper. Copyright 2012 Chase Cooper Limited. All rights reserved

2 Agenda Use Test: What is it – in terms of operational risk?
How are you using your data? What do the regulators say? What data have we got already? How can we use it in the business? Combining the data for the RC and the Board

3 Use test: What is it? Showing that the operational risk management framework is used in the management of the firm As well as Governance, Is the data used by the business? Is the business involved in the generation of the data? For example, how is operational risk appetite reported to and discussed by the business? It is NOT ‘doing the process for the regulators’ 3

4 Operational Risk Environment
ORM Framework Operational Risk Environment Governance New activities, processes, products, systems Indicators Risk & Control Assessment Events Identify key risk & key control indicators Specify escalation triggers Identify risk & owner Assess inherent & residual risk Identify control & owner Assess design & performance Identify & capture internal & external events Analyse causes: failing or missing controls Appetite Appetite Appetite Scenarios & Modelling Reporting Three lines of defence

5 Reporting: BCBS commentary
Regular reports from both business units and internal audit Breaches of risk appetite Recent significant internal events and losses Relevant external events Top level (objectives) review Compliance with controls Identification and treatment of non-compliance Authorisation at appropriate level, if no treatment 5

6 Reporting: FSA (additionally)
Results of identification, measurement and monitoring Actions taken to control risks Exposure thresholds and actual exposures Effectiveness of tools Board of Directors to receive information identifying, measuring, managing and controlling risks of regulatory concern fair treatment of customers protection of consumers confidence in financial system reduction in financial crime

7 The Use Test (ORIAG paper)
“The effective management of OR depends on consistent and timely reporting of exposures” “…imperative that business line managers can make the connection between the overall view and what they need to achieve on the ground” “OR MIS plays the key role in linking senior management and staff level incentives to deliver the OR strategy” 7

8 What RCA data have we got already?
Risks Likelihood Impact Risk owners Controls Design Performance Control owners

9 VOTE Do you have this data? 1: Yes 2: No

10 Using the data that we’ve got
Heatmaps Spidergrams Min-Max spidergrams

11 Heatmaps: a good place to start
This example shows the severity matrix defined in VORT-x Analyser, impacts plotted against the likelihoods and the resultant classification used in scoring the risks. For instance if you have a HIGH impact with (LOW) likelihood (once in 5 years) then you have rated this as SIGNIFICANT. The impact ratings, likelihoods and severity ratings are determined by your organisation. 11

12 Spidergram: High level
Risk Control

13 Spidergram: IT & Systems
Risk Control

14 Do you use: 1: Heatmaps only 2: Spidergrams only
VOTE Do you use: 1: Heatmaps only 2: Spidergrams only 3: Heatmaps and spidergrams 4: Neither

15 What Event data have we got already?
Department of discovery, Department of origination Dates event occurred (starting, discovery, end) BII loss event type & business line Losses Monetary value

16 Do you have these data? 1: Yes 2: No Event
VOTE Do you have these data? 1: Yes 2: No Event Department of discovery, Department of origination Dates event occurred (starting, discovery, end) BII loss event type & business line Losses Monetary value

17 How good are our preventative controls
How good are our preventative controls? Is there an effective/ineffective department?

18 How good are our detective controls?

19 Do you use Events to challenge:
VOTE Do you use Events to challenge: 1: Prevent controls 2: Detect controls 3: Both types 4: Neither

20 What KRI data have we got already?
Thresholds (green, yellow, red) Values Areas data is drawn from Period of data (e.g. monthly) Linked risks, controls, actions, events Event data which can be used as indicator data

21 Do you have these data? 1: Yes 2: No VOTE
Thresholds (green, yellow, red) Values Areas data is drawn from Period of data (e.g. monthly)

22 KRI Dashboard The dashboard shows key risk indicators you define. The example shows Key performance indicators and key risk indicators (previously set up) and every month you would use this tool to enter the latest figures for these indicators by the chosen business model, our example shows by business line We have designed our dashboard to have three tabs Year to date, CLICK month and CLICK key risk indicators You can see immediately the traffic light and trend arrows to alert you to potential problem areas. THE Projects Failing Checkpoints is still green even though the trend is upwards. Because of the threshold settings being used. CLICK The dashboard tool allows charts in various forms to be viewed/printed to identify the trends The dashboard can also take aggregate figures from your other systems that manage the other risks to your organisation, e.g. market risk, credit risk so the dashboard tool gives an overview of the total risk picture.

23 Do you have a KRI dashboard?
VOTE Do you have a KRI dashboard? 1: Yes 60% 2: No 40%

24 Linking KRIs to Risks

25 Have you linked KRIs to risks?
VOTE Have you linked KRIs to risks? 1: Yes 2: No Thresholds (green, yellow, red) Values Areas data is drawn from Period of data (e.g. monthly) Linked risks, controls, actions, events Event data which can be used as indicator data

26 The RED Report: Red risks with Red KRIs with Overdue Actions
26

27 Risk Performance Current Level Performance Appetite Overall Risk Event Impact Prob. Actual KRI Trend Target KRI Better / (Worse) Actions / Summary Rating* Major Technology Infrastructure Failure H L No. of weeks free from severity 1 Failure = 7 +3 10 free weeks during year No action required Breach of confidentiality M Complaints received from Customers re alleged breach = 0 Zero material breaches of VIP customers’ / major corporate customers’ confidentiality High potential for risk occurrence due to customer / client base Employee processing error Error reporting: 5 events £4,000 loss + 2 +1000 No more than 10 errors per quarter. No single event > £10,000 +5 . Internal Fraud No. of frauds over £10,000 Detected: 7 No. of these frauds committed: 4 Potential Loss: $300,000 Actual Loss: £65,000 +2 +50000 Not more than 1 a month £10,000 acceptable (6) Action required, retrain staff, redesign processes *Chair of the Committee decides on overall rating for each risk event 27

28 Top risks and their KRIs

29 Operational Risk Environment
ORM Framework Operational Risk Environment Governance New activities, processes, products, systems Indicators Risk & Control Assessment Events Identify key risk & key control indicators Specify escalation triggers Identify risk & owner Assess inherent & residual risk Identify control & owner Assess design & performance Identify & capture internal & external events Analyse causes: failing or missing controls Appetite Appetite Appetite Scenarios & Modelling Reporting Three lines of defence

30 Contact details Tony Blunden Head of Consulting, Chase Cooper
Hon Professor, Glasgow Caledonian University Tel: +44 (0) Fax: +44 (0) Mob: +44 (0)

Download ppt "The Use Test in Practice"

Similar presentations

Chapter 4 Risk Assessment McGraw-Hill/Irwin

Chapter 4 Risk Assessment McGraw-Hill/Irwin
Managing Risk: A Framework and Reporting Cycle 2014.

Managing Risk: A Framework and Reporting Cycle 2014.
Chapter 14 Fraud Risk Assessment.

Chapter 14 Fraud Risk Assessment.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Corporate Governance Reform Professor Blanaid Clarke Trinity College Dublin Law Reform Commission Annual Conference 11th December 2012.

Corporate Governance Reform Professor Blanaid Clarke Trinity College Dublin Law Reform Commission Annual Conference 11th December 2012.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Governance and quality Ian Sharp November 2006 Aims of the presentation To highlight the importance of quality management and quality assurance in the.

Governance and quality Ian Sharp November 2006 Aims of the presentation To highlight the importance of quality management and quality assurance in the.
IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,

IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.

Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Sound Practice Guidance update Glasgow, 7 th November 2014 IOR Scottish Chapter The Institute of Operational Risk Brian Rowlands FIOR ©

Sound Practice Guidance update Glasgow, 7 th November 2014 IOR Scottish Chapter The Institute of Operational Risk Brian Rowlands FIOR ©
1 Operational Risk Management Member Education Series Seminar Indian Institute of Banking & Finance Nagpur November 2005.

1 Operational Risk Management Member Education Series Seminar Indian Institute of Banking & Finance Nagpur November 2005.
Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.

Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.
Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk.

Systemise your compliance management Peter Scott Consulting
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE

Similar presentations

Ads by Google