Содержание
- 2. Slide Enterprise risk management Significant increase in risks faced by people and organizations Corporate governance and
- 3. Slide Operational Risk Management Operational risk: Expected and unexpected economic impact of inadequate or failed internal
- 4. Slide Operational risk management ORM role: Ensure operational risks identified and effectively and efficiently managed Reduce
- 5. Slide Operational risk management The ORM structure: Clearly defined Clearly identifies roles and responsibilities Risk owners
- 6. Slide Operational risk management Five key steps of ORM process: Identification and classification Assessment, measurement and
- 7. Slide Operational risk management Elements supporting ORM Risk and control self assessment Key risk indicators Loss-event
- 8. Slide ORM: Risk and control self assessment Risk and control self assessment (RCSA) as management tool
- 9. Slide ORM: Risk and control self assessment Identification and classification of operational risks Identify events that
- 10. Slide ORM: Risk and control self assessment Identification of controls Key objective: reduce operational risk exposure
- 11. Slide ORM: Risk and control self assessment Assessment Operational risk exposure Severity: most likely monetary loss
- 12. Slide ORM: Risk and control self assessment Inherent risk value Identify significant potential loss exposure Identify
- 13. Slide ORM: Risk and control self assessment Control assessment Control design effectiveness Level of risk mitigation
- 14. Slide ORM: Risk and control self assessment Measurement Failure rates of control design and control operating
- 15. Slide ORM: Risk and control self assessment Mitigation Compare expected losses with a predefined risk acceptance
- 16. Slide ORM: Key risk indicators Key risk indicators (KRI) Measures that provide information about organization or
- 17. Slide ORM: Loss-event database Loss event database Loss event: occurrence that leads to a financial cost,
- 18. Slide ORM: Audits Audits Crucial function of ORM Through audits, operational processes can be checked, issues
- 19. Slide ORM: Sarbanes-Oxley Act Sarbanes-Oxley Act (SOX) Introduced by US Congress in 2002 after major US
- 20. Slide ORM: Sarbanes-Oxley Act SOX compliance requirement: All applicable companies must establish financial accounting framework that
- 21. Slide ORM awareness ORM awareness Essential part of effective risk management. Raised throughout company by implementing
- 22. Slide Increased awareness of operational risks triggered by corporate failures made operational risk management integral part
- 23. Why ORM? To Ensure Necessary Risks are Taken ORM: Is an important tool for training realism
- 24. What is Operational Risk Management? Natural evolution from traditional risk management Systematic decision-making tool that balances
- 25. OBJECTIVE AND GOALS IDENTIFY, CONTROL, AND DOCUMENT HAZARDS IDENTIFY, CONTROL, AND DOCUMENT OPPORTUNITIES EVALUATE AND MINIMIZE
- 26. 4 KEY ORM PRINCIPLES 1. Accept no unnecessary risks. 2. Make risk decisions at the appropriate
- 27. BUT.... NOBODY TAKES “UNNECESSARY” RISKS? If all the hazards that could have been detected have not
- 28. 2. Make Risk Decisions at the Appropriate Level Factors below become basis of a decision- making
- 29. WHAT HAPPENS WHEN AN ORGANIZATION STOPS TAKING RISKS? WEBSTER: “BUREAUCRACY: A system of administration characterized by
- 30. Operational Process Operational Process Operational Process Loss Control Staff Injects Operational Leaders Add-On This is the
- 31. and all their sub-processes WHAT IS AN “OPERATIONAL PROCESS”?
- 32. ORM IS BASED ON SYSTEMS MANAGEMENT CONCEPTS
- 33. THE ORM 6-STEP PROCESS
- 34. Step 1 - Identify the Hazard Process: Emphasize hazard ID tools. Adds rigor and early detection.
- 35. 7 Primary Hazard ID Tools Operations Analysis/Flow Diagram Preliminary Hazard Analysis What If Scenario Logic Diagrams
- 36. Specialized and Advanced Hazard ID Tools Specialized tools accomplish specific ORM objectives. Map analysis, interface analysis,
- 37. EXAMPLE: THE DRIVE TO WORK What if the car catches fire. WHAT IF ANALYSIS What if
- 38. Step 2 - Assess the Risk Process: All hazards evaluated for total impact on mission or
- 39. THE ASSESSMENT TOOLS ADD OBJECTIVITY TO THE EVALUATION OF RISK Risk assessment matrix: Requires specific evaluations
- 40. THE RISK ASSESSMENT MATRIX KEY TOOL FOR RISK ASSESSMENT
- 41. EXAMPLE: THE DRIVE TO WORK What if the car catches fire. What if a carjack is
- 42. Step 3 - Analyze Risk Control Measures Process: Comprehensive risk control options are developed for risks
- 43. The Risk Control Option Tools Add Scope & Depth Basic or “macro” risk control options: Reject,
- 44. EXAMPLE: THE DRIVE TO WORK What if the car catches fire Macro options: Transfer - Insurance
- 45. Step 4 - Make Control Decisions Process: A decision-making system gets risk decisions to the right
- 46. ORM Uses Proven Decision-making Tools Decision-making systems get the decision to the right person, at the
- 47. ESTABLISHING A DECISION MAKING GUIDELINE EXAMPLE RISK LEVEL DECISION LEVEL Extremely High Wing Commander or specifically
- 48. EXAMPLE: THE DRIVE TO WORK What if the car catches fire Who decides: Vehicle owner(s) Control:
- 49. Step 5 - Risk Control Implementation Process: Leaders lead, operators are involved, all are accountable. Output:
- 50. ORM Implementation Tools & Guidelines Help Controls Click with Operators The involvement continuum guides the high
- 51. EXAMPLE: THE DRIVE TO WORK What if the car catches fire Transfer - Insurance OPR: Dad
- 52. Step 6 - Supervise and Review Process: Progress measured through increased mission effectiveness, mishap results and
- 53. Review and Feedback Procedures Measure & Leverage ORM Results Eliminate invalid statistical uses of mishap rates
- 54. USING THE 6-STEP PROCESS THE RISK MANAGEMENT CONTINUUM
- 55. USING THE 6-STEP PROCESS LEVELS OF EFFORT Little Time Resources Risk Lot of Time Resources Risk
- 56. Why integration is critical? 12 Strategies for ORM integration. The importance of pace. Integrating the ORM
- 57. WHY INTEGRATION IS CRITICAL? Integration: Forces balancing of loss control and other mission needs Captures more
- 58. THE TWELVE STRATEGIES FOR PROGRAM INTEGRATION Accountability Teaming Partnership Integrate in Training Risk Decision Points Organization
- 59. THE IMPORTANCE OF PACE Don’t use the shotgun Don’t get out in front of the organization
- 60. USAF ORM MATURATION Vision USAF Approach Background Strategy
- 61. VISION Macro: Every Leader, Member, & Employee Manages Risk in All They Do... On- & Off-Duty
- 62. CAP APPROACH Top-Down Approach Strong Senior Leader Backing Decentralized Implementation Moderate Implementation Tempo Safety Lead Role
- 63. ORM STRATEGY Miscellaneous Initiatives Automated “Tools” Doctrine Integration Crosstell NEWS Release(s) Video(s)
- 64. The leader’s role will be a decisive factor in the success or failure of ORM
- 65. ORM Leadership Opportunities 1. Commit to Breakthrough Improvement Objectives: Put improvement of risk performance (control-opportunity) on
- 66. ORM Leadership Opportunities Continued 3. Set a Personal Example Objectives: To assure credibility of the ORM
- 67. ORM Leadership Opportunities Continued 5. Induce Loss Control Community Functional Integration Objectives: Build increasing cooperation and
- 68. ORM Leadership Opportunities Continued 7. Resource ORM Activities Objectives: Allocate resources to ORM (control-opportunity) at a
- 69. ORM Leadership Opportunities Continued 9. Detect & Correct Gambling Objectives: Develop an organization in which risk
- 70. ORM Leadership Opportunities Continued 11. Regularly Monitor ORM Progress Objectives: Periodically assess a set of data
- 71. 3 Definition Basel II – Operational risk is the risk of loss resulting from inadequate or
- 72. 4 Definition Who are these people? What does this have to do with us?
- 73. 5 Definition Basel Committee on Banking Supervision – Committee of banking supervisory authorities that provides a
- 74. 6 Definition Basel II was intended to create an international standard for banking regulators to control
- 75. 7 Definition Market liquidity is the risk that a security can not be sold at all
- 76. 8 Definition Solvency II codifies and harmonizes EU insurance regulation. Solvency II definition - Operational risk
- 77. 9 Definition Legal risk - risk of loss due to legal actions or uncertainty in the
- 78. 10 Definition Better definition - Operational risk is the risk arising from execution of a company’s
- 79. 11 Definition Operational risk does not include strategic risk – the risk that arises from decisions
- 80. 12 Types of Operational Risk Basel II List Internal fraud – misappropriation of assets, tax evasion,
- 81. 13 Types of Operational Risk Operational risk losses usually are idiosyncratic to a particular institution. Operational
- 82. 14 Operational Risk Management Framework Basel II Risk organizational and governance structure Policies, procedures and processes
- 83. 15 Operational Risk Management Framework Enterprise Risk Management Steps 1. Identify risks 2. Describe and/or quantify
- 84. 16 Operational Risk Management Framework Basel II differentiates between verification and validation. Verification tests the effectiveness
- 85. 17 Operational Risk Management Framework Essential elements for verification and validation: Independence Capacity – adequately staffed
- 86. 18 Quantification Basel Committee on Banking Supervision “Operational Risk – Supervisory Guidelines for the Advanced Measurement
- 87. 19 Quantification It all starts with scenarios. Ask “What if…?” Don’t know what internal and external
- 88. 20 Quantification Internal Loss Data (ILD) Internal to the organization Used to estimate loss frequencies Used
- 89. 21 Quantification External Data (ED) External to the organization Used to estimate loss severity, particularly for
- 90. 22 Quantification Scenario Analysis (SA) Scenario outputs form part of the input into the Advanced Measurement
- 91. 23 Quantification Business Environment and Internal Controls Factors (BEICF) Highly subjective Often used as indirect input
- 92. 24 Mitigation Goals Have business continuity Mitigate financial loss Reduce reputational risk
- 93. 25 Mitigation The size of loss a company is willing to accept compared to the cost
- 94. 26 Mitigation Low frequency, low severity – may do nothing. Low frequency, high severity – analyze
- 95. 27 Mitigation Insurance companies sell products that mitigate others’ operational risks.
- 96. 28 Mitigation Basel Committee on Banking Supervision - “Principles for the Sound Management of Operational Risk”
- 97. 29 Mitigation Three lines of defense: Business line management An independent corporate operational risk management function
- 98. 30 Monitoring Key Performance Indicator (KPI) – Are we achieving our desired level of performance? Key
- 99. 31 Risk Identification and Mitigation Examples Fine Dining Restaurant Family owned Open only for dinner Monday
- 100. 32 Risk Identification and Mitigation Examples Fine Dining Restaurant Internal policies, practices, and procedures What can
- 101. 33 Risk Identification and Mitigation Examples Large Taxi Company In major city Owned by one private
- 102. 34 Risk Identification and Mitigation Examples Large Taxi Company Internal policies, practices, and procedures What can
- 103. 35 Risk Identification and Mitigation Examples Insurance Company Privately held Much of board is family members
- 104. 36 Risk Identification and Mitigation Examples Insurance Company Internal policies, practices, and procedures What can go
- 105. 37 Risk Identification and Mitigation Examples Insurance Company Internal policies, practices, and procedures (continued) What can
- 106. 38 Risk Identification and Mitigation Examples Insurance Company Operational risk losses usually are idiosyncratic to a
- 107. 39 Words of Wisdom Strategic decisions affect operations. Have an “open door” policy. Manage by walking
- 108. 40 Words of Wisdom Some processes need to be “hard-wired” in: no exceptions. Manage by exception.
- 109. 41 Words of Wisdom Be aware of what is going on outside the company: Clients/customers Service
- 110. 42 Words of Wisdom Be more proactive than reactive. Keep an open mind. See what is
- 112. Скачать презентацию