Operational Risk Questionnaire by m4N9Vg

VIEWS: 0 PAGES: 12

									Operational Risk
Questionnaire

A Framework for Operational
Risk Management
                                      Broad Street Banking I Operational Risk Questionnaire


Background on Operational Risk

• New Basel capital requirements are based upon market, credit, and
  operational risk.
• The New Basel Capital Accord defines operational risk as:
     “The risk loss resulting from inadequate or failed processes, people and
      systems or from external events”
• Market and credit risk both have well-understood market conventions, and are
  readily quantifiable. Operational risk management is at an earlier stage, and no
  market consensus on measurement and approach has yet formed.
• Best practices and industry trends are moving toward more active means of
  defining, measuring, monitoring, and mitigating operational risks.




                                                                                              2
                                      Broad Street Banking I Operational Risk Questionnaire


BSB Questionnaire Framework

BSB proposes the following risk categories to establish what risks exist, and how
management is or could be controlling risk:



• External Catastrophe                         • Customer Relationships
• Service Provider Failure                     • Key Control Effectiveness
• Regulatory                                   • Compliance with Commercial Contracts
• Fraud, Theft, and Vandalism                  • People Management
• Compliance with Policies, Procedures         • Information Risk
  and Practices                                • IT Security




                                                                                              3
                                                     Broad Street Banking I Operational Risk Questionnaire


BSB Approach – Risk Identification
Each risk category is intended to elicit risk information from a specific perspective
• External Catastrophe - The risk that an external event would disrupt the ability of staff to access office locations or
  perform normally required tasks. These are risks that you can plan against but cannot prevent.

• Service Provider Failure - The risk that a service providers failure to deliver expected services would hinder or
  prevent normal business activity. The risks in this category are those where there is excessive reliance upon an
  external or internal service provider or outsourced function, or where contingency plans do not exist or are inadequate.
  The principal risk in this category is that you will be unable to continue business, or will suffer significant deficiencies,
  due to failures or inadequacies in service provider delivery or outsourced functions.

• Regulatory - The risk that your activities will fail to comply with regulatory requirements and restrictions. The risks in
  this category are those where regulatory non-compliance results in regulator response, up to and including a cease-
  and-desist order.

• Fraud, Theft, and Vandalism - The risk to you of an internal or external party committing fraud, theft, or vandalism,
  damaging BSB or its clients monetarily or in image.

• Compliance with Policies, Procedures, and Practices - The risk that you will fail to comply with internal policies,
  procedures, and practices, as well as industry best practices and ethical business practices. To not be in compliance
  with these practices would be to suggest that you are not managing its business and risks according to market
  standards.

• Customer Relationships - The risk that you will fail in the management of customer relationships and in delivery of
  services to customers, causing monetary and reputational damages. The risks in this category are those that affect
  your market share, reputation, and profitability.


                                                                                                                                  4
                                                     Broad Street Banking I Operational Risk Questionnaire


BSB Approach – Risk Identification
• Key Control Effectiveness - The risk that operational control points will fail to function as intended, putting you at risk
  of significant monetary losses, regulatory action, and reputational damage. The risks of ineffective controls are
  widespread, and affect many areas with a wide range of monetary, reputational, and regulatory implications. The risk
  that you will have poorly structured behavioral and physical limits, or that those limits might be unenforced or
  circumvented. The risk in this category is also of control and efficiency, which would affect risk and control.

• Compliance with Commercial Contracts - The risk that you will fail to comply with, or implement properly,
  commercial contracts, with potential monetary damage, legal exposure, and reputational damage. The risks in this
  category are those which affect the legal relationships between you and clients / counterparties. Incidents of this type
  could affect relationships, cause legal action, and adversely impact future ability to do business with the client /
  counterparty.

• People Management - The risk that you will fail to attract, manage, develop, and retain employees with the appropriate
  skills. The risk in this category is that you will, over the long-term, fail to stay competitive and fail to have employees
  with the skills and training to engage in business in a prudent, well-controlled fashion. The risk that you will fail to
  organize its business in an appropriate way, resulting in an inefficient and operationally risky business structure. The
  risk in this category is largely of control and efficiency, which would affect long-term business risk, profitability, and
  competitiveness. The risk that you will choose inefficient or inappropriate measures of staff or business performance.

• Information Risk - The risk that you might manage your business or generate reporting based upon incomplete,
  inaccurate or inappropriate information. The risk that you might manage its business or generate reporting based upon
  incomplete, inaccurate or inappropriate information. The risk that you might manage its business or generate reporting
  based upon incomplete, inaccurate or inappropriate information, as well as the risk that BSB will not be able to access
  archived information.

• Infrastructure Security (IT View) - The risk that your IT security structure will fail to perform as intended, allowing
  unauthorized access and data damage or loss.
                                                                                                                                5
                                            Broad Street Banking I Operational Risk Questionnaire


BSB Risk Categories
The original 23 risk                         Category                       Sub-category or line of questioning
categories have been       1    External Catastrophe               External Catastrophe
merged into 11,            2    Service Provider Failure           External Service Provider Failure
                                                                   Outsourced Functions
eliminating 12                                                     Availability and Continuity of Systems (User View)
descriptive answers        3    Regulatory                         Regulatory
and approximately 10                                               Reports
more repetitive lines of   4    Fraud                              External Fraud
                                                                   Internal Fraud
questioning.
                           5                                       Compliance with
                                Compliance with Policies, Procedures, and Practices Policies, Procedures, and Practices
                                                                   Compliance with Practices and Rules
                                                                   Improper Practices
                           6    Customer Relationships             Customer Risk Management
                                                                   Customer Satisfaction
                           7    Key Control Effectiveness          Key Control Effectiveness
                                                                   Empowerment and Authorization
                           8    Compliance with Commercial         Compliance with Commercial Contracts
                                Contracts
                           9    HR Management                      Human Resources Management
                                                                   Role Definition
                                                                   Performance Measurement
                           10   Information                        Information Integrity
                                                                   Information's Nature
                                                                   Information Use
                           11   IT Security                        Infrastructure Security (IT View)



                                                                                                                          6
                                            Broad Street Banking I Operational Risk Questionnaire


BSB Risk Classification
For each risk category, the questionnaire will have one or several scenarios or risks. For each of
these scenarios or risks, the following questions need to be answered:


Risk Severity                                        Management’s Ability to Control

• What would be the impact on P/L?                   •How aware and involved is management in
• What would be the effect on customers and          managing this risk? (Responsibilities defined,
  on your image?                                     resources allocated, etc.)
                                                     •What is your assessment of the effectiveness and
• What is the frequency of this type of event or
                                                     efficiency of the internal control system?
  loss?
                                                     •Which of the following exist to address this type of
• What would be a typical loss from an
                                                     operational risk?
  incident of this type?
                                                         Policies, procedures, formal organization,
                                                         formal limits, risk control system, monitoring
                                                         system, regular or periodic reporting,
                                                         management review
                                                     •Is data regarding this type of event or loss known,
                                                     reported, and stored?



                                                                                                             7
                       Broad Street Banking I Operational Risk Questionnaire


Questionnaire Format



                                                                      General
                                                                      Questions




 Risk
 Scenario
 s




                                                                                  8
                                                Broad Street Banking I Operational Risk Questionnaire

                                                        The questionnaire consists of approximately 100 risk
Questionnaire Function                                  scenarios, with 8 general questions to answer for each


7 of the 8 questions are multiple choice, and
have drop-down selection boxes to simplify
the process for the user




1 of the questions asks about the existence
of certain risk management tools. In the
answer space for this question are
checkboxes, with a check signifying yes
and an empty checkbox signifying no.



Each of the 23 risk categories has one
answer space for a text description of the
risk situation, particularly significant risks or
scenarios, and additional comments.


                                                                                                             9
                                    Broad Street Banking I Operational Risk Questionnaire


Questionnaire Output



• BSB has taken the approach
  that operational risk is best                     High Impact /       High Impact /
  viewed in the context of a                        High Ability        Low Ability
  four-sectored grid.


• Highlighting high impact         Impact of Risk
  risks with a high degree of
  controllability gives BSB a                       Low Impact /         Low Impact /
  starting point to reduce risk.                    High Ability         Low Ability




                                                            Ability to Control Risk


                                                                                            10
                                  Broad Street Banking I Operational Risk Questionnaire


Answer Scoring


                                                • External Catastrophe
By employing a scoring
methodology, the answers
                                                            • External Service
on the questionnaire can                                      Provider Failure
be used to plot the risks of                                                        • Regulatory
a business area by type.
                               Impact of Risk
                                                        • Compliance with Policies,
                                                          Procedures, and Practices
                                                • External Fraud                • Customer
                                                                                  Risk Management
                                                                      • Key Control
                                                                        Effectiveness




                                                          Ability to Control Risk


                                                                                                   11
                                  Broad Street Banking I Operational Risk Questionnaire


Contact Us



David E. Fisher                                   Maurice A. Krisel
203.434.7545                                      203.331.5644
davidefisher@broadstbanking.com                   mauriceakrisel@broadstbanking.com




                                                                                          12

								
To top