Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Slides:

Advertisements

Similar presentations

Organizational Governance

Advertisements

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

IMFO Audit & Risk Indaba June 2012

Chapter 10 Accounting Information Systems and Internal Controls

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Control and Accounting Information Systems

Control and Accounting Information Systems

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

Introduction to Enterprise Risk Management (ERM)

The Use Test in Practice

NAIC Oversight of Corporate Governance Commissioner Susan Donegan Vermont Department of Financial Regulation.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

B RITISH B ANKERS' A SSOCIATION Operational Risk & the Regulatory Environment Simon Hills Director - Prudential Capital team.

Purpose of the Standards

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

1 Rittenberg/Schwieger/Johnstone Auditing: A Business Risk Approach Sixth Edition Chapter 7 Performing an Integrated Audit Copyright © 2008 Thomson South-Western,

Spreadsheet Management. Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies.

Control and Accounting Information Systems

Fiduciary Key Risk Indicators

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.

Chapter 3 Internal Controls.

RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.

IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Introduction to Internal Control Systems

From Findings over KRIs to Process Control

Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.

Chapter 5 Internal Control over Financial Reporting

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.

© 2007 KPMG, the Malaysian member firm of KPMG International, a Swiss cooperative. All rights reserved. 1 Differing Roles of Internal Auditor and Risk.

IRS Enterprise Risk Management (ERM)

1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.

Risk Management For the Board of The Law Society 16 February 2005.

Chapter 7 Managing risk and quality. Learning objectives discuss the importance of risk in a project and how it can be managed explain the processes of.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.

The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,

CIA Annual Meeting LOOKING BACK…focused on the future.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

FACILITATOR Prof. Dr. Mohammad Majid Mahmood Art of Leadership & Motivation HRM – 760 Lecture - 25.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

Where Do We Go From Here: Risk Management after the Financial Meltdown Kevin McCabe Wells Fargo Audit Services EVP & Chief Auditor FIRMA 24 th National.

Section Topics Risk and control terminology Risk elements

Chapter 9: Introduction to Internal Control Systems

A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

CORPORATE GOVERNANCE Corporate Governance. What is Corporate Governance ? Corporate Governance refers to the structures & processes for the efficient.

Financial Management & Internal Control for Utility Companies Julia Barber, CPA and Sherman, Barber & Mullikin, CPAs Madison, IN

Vector INTERNAL CONTROL Mike Trigg. vector WHAT IS INTERNAL CONTROL? A key part of effective corporate governance Policies and processes to: - make operations.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Revision N° 11ICAO Safety Management Systems (SMS) Course01/01/08 Module N° 9 – SMS operation.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Dolly Dhamodiwala CEO, Business Beacon Management Consultants

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

RISK MANAGEMENT SYSTEM

Performing an Integrated Audit

Internal control - the IA perspective

Operational Risk Management

Presentation transcript:

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All rights reserved

Slide 2 Contents Enterprise risk management (ERM) Operational risk management (ORM) – Risk and control self assessment – Key risk indicators – Loss-event database – Audits – Sarbaines-Oxley Act (SOX) – ORM awareness Conclusion Confidential © 2006 Swiss Re All rights reserved

Slide 3 Enterprise risk management Significant increase in risks faced by people and organizations Corporate governance and disclosure rules, along with the independent board of directors rapidly gaining importance among companies Increasing pressure from rating agencies to establish a strong risk management focus in the company ERM vital element in most corporations. ORM important part of ERM Confidential © 2006 Swiss Re All rights reserved

Slide 4 Operational Risk Management Operational risk: – Expected and unexpected economic impact of inadequate or failed internal processes, people, system or external events – Should be minimized – Affects other risks Confidential © 2006 Swiss Re All rights reserved

Slide 5 Operational risk management ORM role: – Ensure operational risks identified and effectively and efficiently managed – Reduce risk to predefined limits in cost-effective manner – Ensure legal requirements and internally set limits are followed Confidential © 2006 Swiss Re All rights reserved

Slide 6 Operational risk management The ORM structure: – Clearly defined – Clearly identifies roles and responsibilities – Risk owners – Risk takers – Risk controllers Confidential © 2006 Swiss Re All rights reserved

Slide 7 Operational risk management Five key steps of ORM process: – Identification and classification – Assessment, measurement and mitigation – Monitoring and assurance – Reporting – Steering decisions Confidential © 2006 Swiss Re All rights reserved

Slide 8 Operational risk management Elements supporting ORM – Risk and control self assessment – Key risk indicators – Loss-event database – Audits – SOX – ORM awareness Confidential © 2006 Swiss Re All rights reserved

Slide 9 ORM: Risk and control self assessment Risk and control self assessment (RCSA) as management tool to – Identify – Assess – Measure – Mitigate Organization’s needs determine level of detail Several RCSA systems currently available Confidential © 2006 Swiss Re All rights reserved

Slide 10 ORM: Risk and control self assessment Identification and classification of operational risks – Identify events that could have a significant negative financial or reputational impact on the company – Basel II four risk categories: – Process – People – System – External events – Usefulness of common definitions and descriptions of risks and risk categories Confidential © 2006 Swiss Re All rights reserved

Slide 11 ORM: Risk and control self assessment – Identification of controls – Key objective: reduce operational risk exposure to acceptable level – Preventive and detective controls – Recommend no more than six to eight controls per risk – Possible mitigation of more than one risk by the same control Confidential © 2006 Swiss Re All rights reserved

Slide 12 ORM: Risk and control self assessment Assessment – Operational risk exposure – Severity: most likely monetary loss in the absence of any internal controls – Frequency: how often an event of at least the size of severity is expected to occur in the absence of any internal controls – Inherent risk: risk measure in the absence of internal controls – Residual risk: remaining level of risk after controls in place. Confidential © 2006 Swiss Re All rights reserved

Slide 13 ORM: Risk and control self assessment – Inherent risk value – Identify significant potential loss exposure – Identify areas requiring mitigation activities – Residual risk value – Identify inadequate control – Focus of remediation activities – Areas with residual risk value outside acceptable limits. Confidential © 2006 Swiss Re All rights reserved

Slide 14 ORM: Risk and control self assessment – Control assessment – Control design effectiveness – Level of risk mitigation – Rated: very high, high, medium and low – Control operating effectiveness – Operational control quality in practice – Rated: fully effective (“green”), partially effective (“amber”), or not effective (“red”) – Effective, well-designed controls – Reduce the expected loss – Reduce the standard deviation of that loss Confidential © 2006 Swiss Re All rights reserved

Slide 15 ORM: Risk and control self assessment Measurement – Failure rates of control design and control operating effectiveness together with severity and frequency of inherent risk – Allow to calculate expected annual loss amounts for every residual risk – Basis for calculating required capital for operational risk Confidential © 2006 Swiss Re All rights reserved

Slide 16 ORM: Risk and control self assessment Mitigation – Compare expected losses with a predefined risk acceptance limit – Raise an issue and/or an action plan – Take an appropriate mitigation steps Confidential © 2006 Swiss Re All rights reserved

Slide 17 ORM: Key risk indicators Key risk indicators (KRI) – Measures that provide information about organization or levels of activity indicating potential or actual changes in risk exposure – One of the basic elements of an effective ORM – Identify areas requiring management attention and/or action – Monitor changes in risk profile and controls performance – Require meaningful benchmark and margins Confidential © 2006 Swiss Re All rights reserved

Slide 18 ORM: Loss-event database Loss event database – Loss event: occurrence that leads to a financial cost, lost benefit or both. – A loss event database – Captures losses and incidents – Serves as – Learning tool – Input to risk quantification Confidential © 2006 Swiss Re All rights reserved

Slide 19 ORM: Audits Audits – Crucial function of ORM – Through audits, operational processes can be checked, issues raised and corrective action determined. – Internal or external audits – Good control of company operations by thoughtful audit coverage planning and execution – Significant help in managing risks through reporting audits’ activities, substandard results, and follow up on an audits’ open issues Confidential © 2006 Swiss Re All rights reserved

Slide 20 ORM: Sarbanes-Oxley Act Sarbanes-Oxley Act (SOX) – Introduced by US Congress in 2002 after major US corporate scandals. – Compliance with Act by all publicly-traded companies in US – One of primary goals to help restore investor confidence. – SOX important part of operational risk management process. – Compliance with SOX enhances management of operational risks. Confidential © 2006 Swiss Re All rights reserved

Slide 21 ORM: Sarbanes-Oxley Act SOX compliance requirement: – All applicable companies must establish financial accounting framework that can generate financial reports readily verifiable with traceable source data. – Source data must remain intact and cannot undergo undocumented revisions. – Revisions to financial or accounting software must be fully documented Confidential © 2006 Swiss Re All rights reserved

Slide 22 ORM awareness – Essential part of effective risk management. – Raised throughout company by implementing open operational risk culture: – Employees openly report operational risks and losses – Active learning from mistakes encouraged – Active promotion with full support, engagement of senior management, board of directors Confidential © 2006 Swiss Re All rights reserved

Slide 23 Conclusion Increased awareness of operational risks triggered by corporate failures made operational risk management integral part of every company Shareholders, regulators, and rating agencies dictate tight control to minimize related losses Implementing assurance framework helps utilize best practices and provides proactive response to avoid future scandals Confidential © 2006 Swiss Re All rights reserved