Operational Risk Training Managing Operational Risk & AMA Toronto Nov 3, 2011
KM164 Operational Risk 26.01.05 V4.0 © Copyright HBOS plc all rights reserved Operational Risk A...
-
Upload
kathryn-cain -
Category
Documents
-
view
215 -
download
0
Transcript of KM164 Operational Risk 26.01.05 V4.0 © Copyright HBOS plc all rights reserved Operational Risk A...
KM164 Operational Risk 26.01.05 V4.0
© Copyright HBOS plc all rights reserved
Operational RiskA Storm is
Coming
Andrew Smith
16th August 2005
Draft 4.0
ISDAISDA Seminar
KM164
© Copyright HBOS plc all rights reserved
KM164
© Copyright HBOS plc all rights reserved
KM164
© Copyright HBOS plc all rights reserved
KM164
© Copyright HBOS plc all rights reserved
KM164
© Copyright HBOS plc all rights reserved
Agenda
• Charting the rise of Operational Risk• But …• Operational Risk: RIP
KM164
© Copyright HBOS plc all rights reserved
“The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events” (BIS)
“Operational risk is not a new risk….However the idea that operational risk management is a discipline with its own management structure, tools and processes….is new” (BBA)
Operational Risk
KM164
© Copyright HBOS plc all rights reserved
OR emerged as a result of focus on controls and governance
• Treadway Commission (1987)• Federal Deposit Insurance Corporation Act (1991)• COSO Report (1992)• Cadbury Commission (1992/93)• Public Oversight Board (1993)• COCO (1994/95)• Quality movement (Baldridge/EQA)• General trend towards empowered, self managed
work teams and flatter organisations.
Examples
KM164
© Copyright HBOS plc all rights reserved
External loss history
Internal loss history and KRI
Internal risk profile
OR Infrastructure at HBOS
1
External Loss data
Consortium
Public Loss Database
Search agency
Algo OpData
Key Risk Indicators
Template & Business Specific
Bayesian Analysis tool
Events
Losses
Near Misses
AspectsOR
Risk Register
Risk/Control assessment
Categorisation
Action tracker
@Risk
Aggregation Model
Economic Capital
HORN
2 31
2
3
KM164
© Copyright HBOS plc all rights reserved
Capital Calculator
Project Risk Assessment
Risk BasedSelf Assessment
External LossDatabase
Bayesian &ScenarioModelling
Integrated Reporting
Key RiskIndicators
Issues
Losses &Near Misses
Control Based
Self Assessment
Integrated Reporting at HBOS
KM164
© Copyright HBOS plc all rights reserved
Agenda
• Charting the rise of Operational Risk• But …• Operational Risk: RIP
KM164
© Copyright HBOS plc all rights reserved
The Problem
…HBOS has been working hard on operational risk since 1996. Last year we won several industry awards for the quality of our operational risk management environment…
But…
…the better we got at the “traditional model” the more it became obvious that it doesn’t work!
KM164
© Copyright HBOS plc all rights reserved
The Problem
…HBOS has been working hard on operational risk since 1996. Last year we won several industry awards for the quality of our operational risk management environment…
But…
…the better we got at the “traditional model” the more it became obvious that it doesn’t work!
KM164
© Copyright HBOS plc all rights reserved
Audience participation…
Is the fundamental problem the commitment and competence of senior management…or…is it the operational risk concept?
Q1: Does senior management in your organisation care passionately about the quality of your business?
Q2: Does senior management take operational risk management seriously - taking part appropriately and using it as a key tool for effective business management?
KM164
© Copyright HBOS plc all rights reserved
Audience participation (2)…
Real need for a clear concept for risk management customised to your organisation.
Q: Is your organisation clear as to what “operational risk management” really means and what it should be achieving?
KM164
© Copyright HBOS plc all rights reserved
Agenda
• Charting the rise of Operational Risk• But …• Operational Risk: RIP
KM164
© Copyright HBOS plc all rights reserved
KM164
© Copyright HBOS plc all rights reserved
KM164
© Copyright HBOS plc all rights reserved
KM164
© Copyright HBOS plc all rights reserved
KM164
© Copyright HBOS plc all rights reserved
“The essence of risk management lies in maximising the areas where we have some control over the outcome, while minimising the areas where we have absolutely no control over the outcome and the linkage between cause and effect is hidden from us”
Peter Bernstein (Against the Gods)
KM164
© Copyright HBOS plc all rights reserved
Risk Management is
A set of actions used to
contribute towards
the likelihood of achieving and surpassing
planned objectives
over a defined timeframe
. . . . .
KM164
© Copyright HBOS plc all rights reserved
The set of actions used to
contribute towards
the likelihood of achieving and surpassing
planned objectives
over a defined timeframe
Only things that happen make a
difference
RM is part of a business, all must
work together
If there is no uncertainty, RM has no meaning
Stability
Plans are not always realistic but the scope of
ambition drives the nature of the actions required
Because risk = uncertainty in timescale
concept is essential
Without clarity here action is ultimately
meaningless
Outperformance
Risk Management is . . . . .
KM164
© Copyright HBOS plc all rights reserved
Risk Management Culture?
Do what is important to them.
Do things which demonstrably and measurably add value.
Take seriously regulatory initiatives that they don’t believe in.
Keep doing things unless the value arising is evident.
People/Organisations
Will Won’t
can only achieve a risk management culture when there is alignment between the goals of risk management and the goals of the organisation.
KM164
© Copyright HBOS plc all rights reserved
can only achieve a risk management culture when there is alignment between the goals of risk management and the goals of the organisation.
alignment
Risk Management Culture?
Do what is important to them.
Do things which demonstrably and measurably add value.
Take seriously regulatory initiatives that they don’t believe in.
Keep doing things unless the value arising is evident.
People/Organisations
Will Won’t
KM164
© Copyright HBOS plc all rights reserved
alignment
Risk Management Culture?
Do what is important to them.
Do things which demonstrably and measurably add value.
Take seriously regulatory initiatives that they don’t believe in.
Keep doing things unless the value arising is evident.
People/Organisations
Will Won’t
can only achieve a risk management culture when there is alignment between the goals of risk management and the goals of the organisation.
alignment
KM164
© Copyright HBOS plc all rights reserved
5 Success Factors
Measure/Report on value arising from risk management.
…only 4 items…
• Operate a Total Risk programme, capturing risks exactly once.
• Align management of risk to the way in which a (good) organisation actually works and the objectives it wishes to achieve.- includes categorisation- includes clarity on where different types of risk are reported and reviewed.
• Distinguish between - Analysis/Reports/Oversight - “Lets do the right things”
- Action/Management - “doing it”- Assurance/Compliance - “did we do what we said we would?”
KM164
© Copyright HBOS plc all rights reserved
Most Critical Element
• Recognise that operational risk is a regulatory construct.
• It doesn’t really exist!!
Operational Risk: RIP
KM164
© Copyright HBOS plc all rights reserved
Operational Risk = Sum of Component Risk Areas
• Financial Risk [Not OR]- ALM/Liquidity/Market Risk- Credit Risk- Insurance Risk- Investment Risk
• Tax and Accounting Risk [Not OR]
• Regulatory Risk [OR]- Interpretation/change- Conduct of business (new)- Public policy (new)?- Contagion Risk
• IT Risk [OR]- Stability- Application Quality- Infrastructure Quality- Hardware- Security
• Business & Strategic [Not OR]- Management Risk [OR?]
• Operations Risk [OR]- HR- Legal- Fraud- Environmental Risk- Physical Security- Procurement- Health and Safety- Controls design (new)- Information Risk- Property- Project Risk- Other
• CEO Advisory Areas [Not OR]
[OR] = BISII definition
E X A M P L E
KM164
© Copyright HBOS plc all rights reserved
What about the regulator?
Sum of specialist risk areas
• Effective risk measurement
• Effective reporting
• Demonstrable RM process
• Co-ordinated coverage of all risk areas relevant to business
KM164
© Copyright HBOS plc all rights reserved
Sum of specialist risk areas
• Effective risk measurement
• Effective reporting
• Demonstrable RM process
• Co-ordinated coverage of all risk areas relevant to business
What about the regulator?
KM164 Operational Risk 26.01.05 V4.0
© Copyright HBOS plc all rights reserved
Effective Risk ManagementA New Concept:
The Three Lines of Attack Model
Virtual Case Study
Andrew Smith
KM164
© Copyright HBOS plc all rights reserved