Post on 22-Dec-2015
transcript
Operational Risk Management Framework
And
Control Self Assessment
Maurice A. KriselManaging DirectorBroad Street Banking Associates, LLC. Confidential(203) 331 - 5644
David E. FisherManaging DirectorBroad Street Banking Associates, LLC.(203) 434 - 7455
The Vision of Operational Risk ManagementThe Vision of Operational Risk Management
In 12 to 18 months, your goal should be to create a report for each In 12 to 18 months, your goal should be to create a report for each department and group that summarizes all relevant information that department and group that summarizes all relevant information that gets combined into a rating for operational risk.gets combined into a rating for operational risk.
Pillars of Operational Risk ManagementPillars of Operational Risk Management
Los
ses
Los
ses
Senior ManagementSenior Management
CS
AC
SA
Issu
esIs
sues
Indi
cato
rsIn
dica
tors
Qualitative/Quantitative AnalysesQualitative/Quantitative Analyses
Common Operational Risk Classification SchemeCommon Operational Risk Classification Scheme
Control Self Assessment FrameworkControl Self Assessment Framework
Control Self AssessmentControl Self Assessment
Control-Self Assessment DefinitionControl-Self Assessment DefinitionControl-Self Assessment ObjectivesControl-Self Assessment ObjectivesEnterprise wide Control Self Assessment FrameworkEnterprise wide Control Self Assessment Framework Balanced ScorecardBalanced Scorecard CSA MethodologyCSA Methodology ResultsResults
Corporate GovernanceCorporate GovernanceCSA Rollout - Project Time LineCSA Rollout - Project Time LineAppendix - Delivered SolutionAppendix - Delivered Solution1. Risk Map1. Risk Map2. Excel Based Worksheets2. Excel Based Worksheets3. HTML Interface3. HTML Interface4. Excel Based4. Excel Based
OutlineOutline
Control Self AssessmentControl Self Assessment
Control-Self Assessment is a risk management tool used by business Control-Self Assessment is a risk management tool used by business managers to transparently assess risk and control strengths and weaknesses managers to transparently assess risk and control strengths and weaknesses against a Control Framework. The “self” assessment refers to the against a Control Framework. The “self” assessment refers to the involvement of management and staff in the assessmentinvolvement of management and staff in the assessment processprocess..
DefinitionDefinition
Control Self AssessmentControl Self Assessment
Communication Communication To ensure better communication of CEO’s objectives and strategies to all business To ensure better communication of CEO’s objectives and strategies to all business
lineslines To ensure business line managers communicate their risks and controls more To ensure business line managers communicate their risks and controls more
effectivelyeffectively
EducationEducation To ensure business line managers have a better comprehension of effective risk To ensure business line managers have a better comprehension of effective risk
controlcontrol To ensure business line managers have a better comprehension of risk managementTo ensure business line managers have a better comprehension of risk management
Proactive ManagementProactive Management To ensure business line managers align their objectives and strategies with the To ensure business line managers align their objectives and strategies with the
CEO's objectives and strategiesCEO's objectives and strategies To ensure business line managers assume greater responsibility and accountability To ensure business line managers assume greater responsibility and accountability
for their risks and controlsfor their risks and controls To ensure business line managers monitor their risk effectively and timelyTo ensure business line managers monitor their risk effectively and timely To ensure business line managers utilize and allocate their resources effectivelyTo ensure business line managers utilize and allocate their resources effectively
ObjectivesObjectives
Enterprise-wide CSA FrameworkEnterprise-wide CSA Framework
To foster a proactive management framework which is pervasive throughout a firmTo foster a proactive management framework which is pervasive throughout a firmGoalGoal
Enterprise-wide CSA FrameworkEnterprise-wide CSA Framework
Step 1: Objective SettingStep 1: Objective Setting
Balanced Scorecard *Balanced Scorecard *A tool that translates a firm’s mission and strategy into a comprehensive A tool that translates a firm’s mission and strategy into a comprehensive set of performance measures that provides the framework for a strategic set of performance measures that provides the framework for a strategic measurement and management systemmeasurement and management system
ObjectivesObjectivesEnsures linkage between the objective of senior management and the Ensures linkage between the objective of senior management and the businessesbusinesses
Increased focus on the appropriateness of the objectivesIncreased focus on the appropriateness of the objectives
Reinforced as the central “top down” articulation of goalsReinforced as the central “top down” articulation of goals
Provides a framework within which the oversight functions, risk Provides a framework within which the oversight functions, risk management and the business lines operatemanagement and the business lines operate
Step 2: CSA MethodologyStep 2: CSA Methodology
ORCA FrameworkORCA Framework
OObjectivesbjectives
RRisk Assessment of Key Processesisk Assessment of Key Processes
CControlsontrols
AAction Plansction Plans
The ORCA framework components fit logically together to form a The ORCA framework components fit logically together to form a comprehensive relationship between firm-wide objectives, processes comprehensive relationship between firm-wide objectives, processes and risks, and controls. This relationship may be viewed as the core of and risks, and controls. This relationship may be viewed as the core of a firm’s internal control.a firm’s internal control.
Step 2: CSA MethodologyStep 2: CSA Methodology
ORCA FrameworkORCA FrameworkTo find equilibrium, the business managers must carefully assess the risksTo find equilibrium, the business managers must carefully assess the risks inherent within their key processes and apply controls that will work at inherent within their key processes and apply controls that will work at
a reasonable cost.a reasonable cost.
Step 2: CSA MethodologyStep 2: CSA Methodology
ORCA FrameworkORCA Framework
Step 2: CSA MethodologyStep 2: CSA Methodology
Key IndicatorsKey Indicators
Metrics to measure the effectiveness of controls in the mitigatingMetrics to measure the effectiveness of controls in the mitigating
or managing risksor managing risks TO measure operational problemsTO measure operational problems TO monitor the quality of the services providedTO monitor the quality of the services provided TO provide early warning for problemsTO provide early warning for problems TO aid in the containment of lossesTO aid in the containment of losses TO determine trendsTO determine trends TO set limits for risk or escalation criteriaTO set limits for risk or escalation criteria TO facilitate everyday decisionsTO facilitate everyday decisions..
Step 3: ResultsStep 3: Results
QualitativeQualitative Bottom-up feedback to executive management to ascertain howBottom-up feedback to executive management to ascertain how
successfully the organization accomplished its strategic visionsuccessfully the organization accomplished its strategic vision
Identification of the interdepartmental and thematic risks within theIdentification of the interdepartmental and thematic risks within the
firmfirm
QuantitativeQuantitative CSA Metric Score Inherent & Residual Risks Model CSA Scenario Engine
Step 3: ResultsStep 3: Results
Step 3: ResultsStep 3: Results
Inherent and Residual risk models provide a sense of the potential monetary impact before and after the implementation of controls.
CSA scenario engine may shed insight on how the department’s or firm’s control environment may evolve – for better or worse.
Corporate GovernanceCorporate Governance
Furthermore, the framework readily lends itself to Sarbanes-Oxley and BIS II complianceThe enterprise-wide CSA framework presented here is a key component of a robust corporate governance structure. It enables the organization to inform executive management of the current state of the firm’s risk environment on an ongoing basisThe expected benefits of a strong corporate governance structure are:
SummarySummary
The presented enterprise-wide control self-assessment framework:
Provides flexibility and dynamism to evolve with the changing firmAllows a firm to manage risks from both the “top-down” and “bottom-up” perspectivesIs an integral component of a strong corporate governance structure
CSA Rollout - Project Time LineCSA Rollout - Project Time Line Design and Development (Prototype)Design and Development (Prototype)
Meet with Business LinesMeet with Business Lines
Gather Key business processesGather Key business processes
Establish Establish
Create Data ModelCreate Data Model
Create DatabaseCreate Database
Create user interfaceCreate user interface
Load master tables data into database Load master tables data into database
Create procedure guideCreate procedure guide
Deliverables:Deliverables: CSA beta version software, User guideCSA beta version software, User guide
Analysis
Define Op Risk components Firm wide objectives Risk map
Define CSA components Objectives and key processes Risks Control Methods Action Plans Key Risk Indicators
Refine Timeline and estimates
Deliverables: Business requirements, User presentation
PlanningPlanning
Project ScopeProject Scope Define CSA scopeDefine CSA scope Evaluate current firm wide objectivesEvaluate current firm wide objectives Identify key business areas and processesIdentify key business areas and processes Obtain Sr. Management supportObtain Sr. Management support
Project PlanningProject Planning Create project timelineCreate project timeline Allocate resourcesAllocate resources
Deliverables:Deliverables: Project Plan, Road mapProject Plan, Road map
Close-out
Review user feedback
Establish cyclical review requirements
Update CSA reporting package
ImplementationImplementation
Rollout Control Self Assessment SoftwareRollout Control Self Assessment Software
Data Gathering of Business Units CSAData Gathering of Business Units CSA
Support business units performing CSASupport business units performing CSA
Deliverables:Deliverables: Cutover Plan, CSA applicationCutover Plan, CSA application
MarchFebruary
Planning Analysis
April May June NovemberOctoberAugust SeptemberJuly
Closeout
Implementation
June
Design
December January
Development