Operational Risk Management
|
|
- Ross Blankenship
- 6 years ago
- Views:
Transcription
1 Operational Risk Management Speaker: Jay Ranade CRISC, CBCP,CISA,CISSP,CISM,ISSAP,CGEIT Director of Education Risk Management Professionals Intl. New York City, USA Phone
2 ORM, ITRM, BCRM Jay Ranade CISA, CISSP, CISM, CBCP, CGEIT, CRISC, ISSAP Risk Management Professionals Intl. New York City Cell
3 Instructor Introduction Jay, a certified CISA, CISM, CISSP, and CBCP, is an internationally renowned expert on computers, communications, disaster recovery, IT Security, and IT controls. He has written and published more than 35 IT-related books on various subjects ranging from networks, security, operating systems, languages, and systems. He also has an imprint with McGraw-Hill with more than 300 books called Jay Ranade Series. He has written and published articles for various computer magazines such as Byte, LAN Magazine, and Enterprise Systems Journal. The New York Times critically acclaimed his book called the Best of Byte. He is currently working on a number of books on various subjects such as IT Audit, IT Security, Business Continuity, and IT Risk Management. Jay has consulted and worked for Global and Fortune 500 companies in the US and abroad including American International Group, Time Life, Merrill Lynch, Dreyfus/Mellon Bank, Johnson and Johnson, Unisys, McGraw-Hill, Mobiltel Bulgaria, and Credit Suisse. He was a member of the ISACA International's Publications Committee( ). He also teaches graduate-level classes on Information Security Management and Ethical Risk Management at New York University. Jay is also adjunct professor at St John s University and teaches Accounting Information Systems, IT Auditing, Internal Auditing, and Operational Risk Management. Jay teaches ORM, ITRM, BC Planning in Bermuda almost every month from Basel III and Solvency II perspective. He is four times world champion in Arm Wrestling and two times world champion (2002 and 2003) in martial arts breaking. He has appeared on ESPN and ESPN2 numerous times. 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 3
4 What are we going to cover? ORM- summary of 1100 foils ITRM summary of 900 foils BCRM- summary of 540 foils FRM- summary of 630 foils Compressed to 60 minutes presentation 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 4
5 What is a RISK 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 5
6 Risk Areas in Financial Sector Chief Risk Officer (risk and compliance) Credit Risk Market Risk Operational Risk IT Risk People s risk Process Risk External Events 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 6
7 Value Delivery vs. Risk Management Corporate structure Value delivery people Risk management people Balance between two Proper corporate governance Reporting structure Who should RM report to? 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 7
8 SoD and Risk Management Principles of DOPESS for IT Data Operations Programming End user Security administrator System administrator 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 8
9 SoD and Risk Management Principles of CARRE for ORM Custody Authorization Record keeping Reconciliation Error correction 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 9
10 Some examples Barings Bank- February 23, 1995 Societe General 2008 UBS 2011 What failed in all of these mega scandals? SoD breach of R and A Excessive privileges 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 10
11 Jay s Definition of Risk Threats exploit vulnerabilities That s damages an asset That breaks business process(es) That s the risk You put controls in place to reduce that risk Till the residual risk is acceptable to the management 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 11
12 Types of Risks 93 types of risks Credit risk, market risk, liquidity risk, IT risk, sovereign risk, political risk, IT risk, project risk,. And by the way- Operational Risk What kind of risk created recent recession ( )? Do you think it was credit risk? 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 12
13 Operational Risks and other Financial Risks Liquidity risk Group risk Operational risk (including strategic risk) Underwriting risk Market/ product risk Credit risk
14 Rough Allocation of Risk The main risk factors relevant to almost all organizations and the mark assigned to them can be summarized as below. Financial risk35% Strategic Risks25% Operational Risks25% Legal and compliance Risks15% 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 14
15 Risk Appetite and Risk Tolerance Risk Appetite at the board level Risk Tolerance at the BU level But sum of risk tolerance can not exceed risk appetite 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 15
16 Facts about risk It is part of life It is part of doing business You can avoid it, mitigate it, accept it, transfer it Controls are not free Controls slow down business Controls cost money 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 16
17 Types of Controls Directive controls Preventive controls Detective controls Corrective controls Compensating controls Deterrent controls 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 17
18 1. What is a Operational RISK 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 18
19 Operational Risk Definition Lets go by BASEL committee s new definition Failed processes People (Computer ) Systems External events BASEL does not include Strategic risk or reputation risk 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 19
20 Seven Operational Risk Categories From Basel Committee Internal Fraud External fraud Employment practices and workplace safety Clients, products, and business practices, Damage to physical assets Business disruption and system failures Execution, delivery, and process management 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 20
21 OR Boundary cntd. More than 50 percent of bank debts are operational losses, not credit or market Collateral documentation failure are not credit losses Fat Finger losses - wrong key pressed, sales vs. buy order, Mizuho Securities in December 2005, J-com shares, one share at yen vs shares at one cent, recruitment company J-Com vs. cable television Jcom, OR not market risk 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 21
22 Cause vs. Effect Cause Event Event Effect (aka consequence) Insurance companies follow this principle OR is managed through DirC and PCs by managing the causes OR is managed through DCs and CCs by mitigating effects 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 22
23 Operational risk management framework Governance Risk and control Assessment Identify risk and Identify control owner and owner Assess likelihood Assess design and Impact and performance Action plans Scenarios and modeling Identify key risk and control indicators Indicators Action plans Specify risk appetite Events Identify and capture internal and external events Action plans Analyze causes Reporting
24 Seven Steps of ORM ORM and ITRM is about informed decision making. It involves 7 steps Understand operational risk context of decision making (governance) How are your ORs controlled (RCA and treatment) Perform loss causal analysis for past problems Where are you now (from indicators) Where you want to be (scenario analysis) Capital allocation for OR (modeling) Reporting and communications Continuous improvement (CMMI level 5)
25 Managing Operational Risk Likelihood Expected loss Severe unexpected loss Catastrophic unexpected loss Reserve Capital Risk transfer and BRP Impact
26 2. Risk Appetite using Risk and Control Assessment cntd. Includes RA and CA to mitigate those risks RA is likelihood x impact CA is Control DE x Control OE Next foil E.g. Operational threats to IT are well controlled E.g. People risk to IT is not well controlled, but is an acceptable risk with high appetite
27 Risk appetite using risk and control assessment scores Systematic approach to IT strategy IT dependency on people Systems manuals and procedures documentation Computer application poorly specified Computer systems not adequately protected Systems and processes not adequately protected Systems and processes not adequately protected Training procedures for IT Dependency on technology Operational threats to IT Dependency on external suppliers Testing of systems Investement in technology Legacy systems will not support business Risk Control
28 Risk Appetite using KRI thresholds for Number of help desk queries Red Amber Green Amber Red 2 or fewer 3 to 7 7 to to 25 Over 25
29 Three lines of defense for RM Business units is the first line Day-to-day function Board s oversight committees is the second line Based on exceptions IAA is the third line Based on risk based approach It is NOT monitoring
30 4. Risk and Control Assessment (RCA) 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 30
31 Why RCA? To identify, assess, and monitor RISKS and CONTROLS for an organization RCA can be qualitative (subjective) or quantitative (objective) or both Qualitative based on value-judgment Low, medium low, medium high, high Quantitative based on numbers E.g. likelihood percentage or ARO, loss in monetary units
32 Business Objectives, Processes, and Activities Three levels (very important) Strategic level (business objectives) Process level (business process) Activity level (business operations)
33 Levels of risk and control assessment OBJECTIVES Strategic RISK Strategic CONTROL PROCESS Process RISK Process CONTROL ACTIVITY Activity RISK Activity CONTROL
34 Risk and Control Components Risk Owner Direct explicit responsibility for managing risk event Ultimately a board member One risk owner usually own many risks Certain risks have multiple owners Control Based on DE and OE
35 Risk Identification Mistakes Risk Register It is risk inventory Pitfall is that people start focusing on risk rather than strategic objectives Cause Cause is not event. Cause is the cause of event. Preventing one cause will not prevent a risk event, because another cause can cause such an event Cause(s) and risk event(s) have many to many relationship
36 Risk Identification Mistakes Effect Effect is the outcome Control of an event gives short term assurance to the risk owner (Corrective Control) Good practice is to have controls to control the cause (Preventive Control)
37 Risk Identification Mistakes Indicators Indicators show movement in likelihood or impact of a risk Indicators show movement in DE and OE of a control Indicators show movement in performance of firm s objectives or processes
38 Risk Identification Mistakes Levels and Components If risk is identified at strategic level, do not do RA at activity level Strategic risks are at a level too high to worry about activity If risks are at process level or BU-level, know when to stop. Don t overdo RCA
39 Risk and Controls Following is a very important concept Repeat: very very very very very very important Risk has 2 dimensions Likelihood (directive, preventive) Impact (detective, corrective) Controls have 2 dimensions DE OE Third dimension should be CMM level Controls must match risk as per risk appetite of the firm
40 Typical risk and control assessment ID Risks Owner(s) of the risk 1 Failure to attract; recruit and retain key IT staff 2. Financial advisors misinterpret/ fail to understand the complexity of equity release products 3. Poor IT staff communication 4 Failure to understand the law and/or regulations by IT 5 Poor detection of money laundering I L S Controls Owner(s) of the control D P E SR Salary surveys TJ Training and mentoring schemes TB Retention packages for key staff TJ PL AB Staff Training TB Learning gained from previous deals KW&EL Review of individual needs in performance appraisal process TB Procedure manuals for processes EL SR JK Defined communication channels ZK Documented procedures and processes EL PL Internal training courses EL PL Regular updates from various sources EL External training courses TB&EL TB&EL Anti-Money Laundering annual training Circulation of British Bankers Association awareness circulars EL&ZK Know Your Customer ALL
41 Don t Forget Link risk to risk appetite Residual risk is cost of doing business RCA is indication of internal control environment It is needed for advanced modeling of OR RCA used to understand effect of scenario on risk profile of organization Don t underestimate independent review of IAA
42 5. Events and Losses 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 42
43 6. Indicators 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 43
44 Indicators KRIs and KPIs KPIs are from value delivery perspective KRIs are from risk management perspective KCIs are from control perspective They indicate the state of performance or risk at a particular time Meaning of KRIs (very important) KRIs should be read as K-R Is and NOT K R-Is Or KRI could be called I of KR Very important to understand this concept
45 Thresholds for Loss of key staff risk and risk appetite for key staff turnover Red Amber Green Amber Red Under 5% 5 % - 9% 10% -15% 16% -20% Over 20%
46 8. Modeling 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 46
47 Introduction You can not model operational uncertainty, so its roots are not as mathematical as CR or MR modeling Quantitative but not intensely mathematical Our focus based on BASEL committee s three suggested approaches OR modeling can start as soon as RCA is complete Can use data from one or more of the three OR processes ( trio of RCA, Events, and indicators) Goal: Convert qualitative RCA data into monetary values
48 Capital Requirement BASEL II capital requirement formula ((Total capital))/((risk weighted assets (market risk+ operational risk)) must be >8%
49 Fat Tails Term used for OR losses Higher quantiles in a distribution Lognormal distribution (next figure) Considerable high quintile events have taken place in the last 20 years Mathematically, large events happen once in many lifetimes. This seems to be wrong!!! Higher losses require more capital Bimodal distribution (next second figure) Source is external data One mode in expected losses, second in low frequency/high impact area
50 Frequency Lognormal distribution and fattened tail lognormal distribution at low severities Fattened tail at high severity values Internal (private) data External (public) data Severity
51 Frequency Lognormal and bimodal distributions lognormal distribution at low severities Second distribution at high severity values Internal (private) data External (public) data Severity
52 9. Stress Tests and Scenarios 12/3/2012 Copyright by Risk Management Professionals International (Version 19) 52
53 Introduction Stress testing (ST) and scenario analysis (SA) are tools for ORM process ST and SA do not forecast what is likely to happen ST and SA provide outcomes for severe but plausible outcomes Forward looking Involve element of judgment
54 Why use scenarios? To challenge subjective RCA SA is also subjective KRIs are forward looking based on current and past data So trends form useful input when concocting scenarios SA overcomes limitations of models OR models are constructed based on assumptions and correlations but are lost during the process
55 Important OR scenarios should be combined with market and credit risk for SA. Events of 911 proved that these 3 risks are interdependent and can occur simultaneously
56 Summary Scenarios are about imagination These are practical exercises, not mathematical Imagine combination of events which could adversely affect firm s objectives or existence Ultimate goal is to have a BCP for such scenarios (and that is next presentation)
57 Questions
Managing risk appetite for operational and non-financial risks
Managing risk appetite for operational and non-financial risks John Thirlwell IIA, Bodø, 27 May 2013 Agenda What do we mean by operational and nonfinancial risks? What do we mean by risk appetite? A framework
More informationAn introduction to Operational Risk
An introduction to Operational Risk John Thirlwell Finance Dublin, 29 March 2006 Setting the scene What is operational risk? Why are we here? The operational risk management framework Basel and the Capital
More informationOperational risk and corporate governance
Operational risk and corporate governance John Thirlwell Director, Operational Risk Research Forum Said Business School, University of Oxford, 22 July 2004 The development of operational risk in banks
More informationInsurance regulation and operational risk
Insurance regulation and operational risk John Thirlwell Non-executive Director, Novae Syndicates Limited London, 7 June 2006 What do we mean by operational risk? The operational risk framework and the
More informationCertified Enterprise Risk Professional (CERP) Test Content Outline
Certified Enterprise Risk Professional (CERP) Test Content Outline SECTION 1: RISK GOVERNANCE Domain 1: Board and Senior Management Oversight (8%) Task 1: Provide relevant, timely, and accurate information
More informationERM in the Rating Process: A Practical Perspective
ERM in the Rating Process: A Practical Perspective Jeffrey Mango, Group Vice President, A.M. Best Michelle Baurkot, Assistant Vice President, A.M. Best Tom Zitelli, Managing Senior Financial Analyst, A.M.
More informationINTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R
INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R Operational Risk Management Today Companies are struggling to obtain a holistic view of risk and
More informationAgenda. Agenda (cont.) Risk Management Association. Loss Data in an Organization s DNA
Risk Management Association Internal Loss Events: Embedding Internal Loss Data in an Organization s DNA Agenda Overview and Context Background on Loss Data Defining the Objectives Objectives of Collecting
More informationRolling Up Operational Risk
Rolling Up Operational Risk SHARI BREITEN Director, Operational Risk September 17, 2015 Historical Perspective Goals & Objectives Industry Challenges Solutions HISTORICAL PERSPECTIVE: Regulatory Environment
More informationTHE BERMUDA MONETARY AUTHORITY BANKS AND DEPOSIT COMPANIES ACT 1999: The Management of Operational Risk
THE BERMUDA MONETARY AUTHORITY BANKS AND DEPOSIT COMPANIES ACT 1999: The Management of Operational Risk May 2007 Introduction 1 This paper sets out the policy of the Bermuda Monetary Authority ( the Authority
More informationOperational Risk Management. Operational Risk Management: Plan
Operational Risk Management VAR Philippe Jorion University of California at Irvine July 2004 2004 P.Jorion E-mail: pjorion@uci.edu Please do not reproduce without author s permission Operational Risk Management:
More informationERM and ORSA Assuring a Necessary Level of Risk Control
ERM and ORSA Assuring a Necessary Level of Risk Control Dave Ingram, MAAA, FSA, CERA, FRM, PRM Chair of IAA Enterprise & Financial Risk Committee Executive Vice President, Willis Re September, 2012 1 DISCLAIMER
More informationOperational Risk Management
Operational Risk Management An Iceberg but Icebergs can melt DMF Stakeholders Forum Berlin, May 2013 Mike Williams mike.williams@mj-w.net Operational risk is: The risk of loss (financial or nonfinancial)
More informationCRISC. Isaca CRISC Certified in Risk and Information Systems Control Version: 1.0
Isaca CRISC Certified in Risk and Information Systems Control Version: 1.0 1 Topic 1, Volume A QUESTION: 1 Which of the following is the MOST important reason to maintain key risk indicators (KRIs)? A.
More informationSTRESS TESTING GUIDELINE
c DRAFT STRESS TESTING GUIDELINE November 2011 TABLE OF CONTENTS Preamble... 2 Introduction... 3 Coming into effect and updating... 6 1. Stress testing... 7 A. Concept... 7 B. Approaches underlying stress
More informationEnterprise Risk Management Focusing on the Right Risks
2014 CliftonLarsonAllen LLP Enterprise Risk Management Focusing on the Right Risks VGFOA 2015 Fall Conference October 22, 2015 CLAconnect.com Session Objectives 1.Identify factors driving the need for
More informationRESERVE BANK OF MALAWI
RESERVE BANK OF MALAWI GUIDELINES ON INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP) Bank Supervision Department March 2013 Table of Contents 1.0 INTRODUCTION... 2 2.0 MANDATE... 2 3.0 RATIONALE...
More informationPost-Class Quiz: Information Security and Risk Management Domain
1. Which choice below is the role of an Information System Security Officer (ISSO)? A. The ISSO establishes the overall goals of the organization s computer security program. B. The ISSO is responsible
More informationCyber Risk Enlightenment through information risk management
Cyber Risk Enlightenment through information risk management www.pwc.com.au Cyber Risk Enlightenment through information risk management Managing cyber risk in a way that makes sense to everyone in the
More informationIndex. Managing Risks in Commercial and Retail Banking By Amalendu Ghosh Copyright 2012 John Wiley & Sons Singapore Pte. Ltd.
Index A absence of control criteria, as cause of operational risk, 395 accountability, 493 495 additional exposure, incremental loss from, 115 advances and loans, ratio of core deposits to, 308 309 advances,
More informationDemystifying Operational Risk
Demystifying Operational Risk USA 2007 A Comprehensive Two-Day Interactive Seminar Led by Ali Samad-Khan, President, OpRisk Advisory and Special Guest Speaker, Jan Voigts, Federal Reserve Bank of New York
More informationRisk Management Relevance to PAS 55 (ISO 55000) Deciding on processes to implement risk management
Risk Management Relevance to PAS 55 (ISO 55000) Deciding on processes to implement risk management Jeff Hollingdale DQS South Africa jeffh@dqs.co.za PAS 55 Risk Management The guideline states: (4.4.7);
More informationAgenda. Key Risk Indicators: Practical Issues. Facilitator: Ken Weinstein
Key Risk Indicators: Practical Issues Risk Management Association Part One 1 Facilitator: Ken Weinstein SVP & Senior Risk Officer at Newtown Savings Bank ($950 million in assets) Member of RMA s Operational
More informationOperational Risk Management. By: A V Vedpuriswar
Operational Risk Management By: A V Vedpuriswar September 17, 2017 Introduction Globalization and deregulation of financial markets, combined with increased sophistication in financial technology, have
More informationUniversity of Colorado at Boulder Leeds School of Business Dr. Roberto Caccia
Applied Derivatives Risk Management Value at Risk Risk Management, ok but what s risk? risk is the pain of being wrong Market Risk: Risk of loss due to a change in market price Counterparty Risk: Risk
More informationSolvency Assessment and Management: Stress Testing Task Group Discussion Document 96 (v 3) General Stress Testing Guidance for Insurance Companies
Solvency Assessment and Management: Stress Testing Task Group Discussion Document 96 (v 3) General Stress Testing Guidance for Insurance Companies 1 INTRODUCTION AND PURPOSE The business of insurance is
More informationCertified in Risk and Information Systems Control
Certified in Risk and Information Systems Control Dumps Available Here at: /isaca-exam/crisc-dumps.html Enrolling now you will get access to 540 questions in a unique set of CRISC dumps Question 1 Which
More informationWorking through Risk Appetite
28 th National Risk Management Training Conference Working through Risk Appetite Marilyn Smith Head U.S. Policy & Governance BMO Financial Corp./BMO Harris Bank Fiduciary Governance April 30 2013 Working
More informationAFERM Best Practices: Guideposts, Risk Registers and a Maturity Model
AFERM Best Practices: Guideposts, Risk Registers and a Maturity Model G.Edward DeSeve, Senior Advisor September, 2014 Oliver Wyman Introduction Guide Posts- As governments design ERM programs, they must
More informationKRUNG THAI BANK PUBLIC COMPANY LIMITED
KRUNG THAI BANK PUBLIC COMPANY LIMITED Basel II Pillar III Disclosure Risk Management & Compliance Group Page 1 of 24 Basel II Pillar III Disclosures Krung Thai Bank PCL has applied the Basel II Standardised
More informationNorthwest Regional Data Center
Northwest Regional Data Center Located in Tallahassee, Florida, NWRDC was founded in 1972 as one of four regional data centers serving State University System of Florida. We have been providing services
More informationRisk Management at the Deutsche Bundesbank March 2011
Risk Management at the Deutsche Bundesbank March 2011 (C) Deutsche Bundesbank - Division Organisation 1 Agenda Definition of risk management [3] Factors of influence to review the RM set up [4] The Framework
More informationEnergize Your Enterprise Risk Management
Energize Your Enterprise Risk Management Presented By Mark Caiazzo, CISA, CISM, CRISC Tammy Michaud, CPA May 15, 2017 Reviewed: Agenda Enterprise Risk Management Defined Benefits of ERM Key Components
More informationCHARTER OF THE RISK AND COMPLIANCE JOINT COMMITTEE OF THE BOARDS OF DIRECTORS OF FIFTH THIRD BANCORP AND FIFTH THIRD BANK
CHARTER OF THE RISK AND COMPLIANCE JOINT COMMITTEE OF THE BOARDS OF DIRECTORS OF FIFTH THIRD BANCORP AND FIFTH THIRD BANK As Approved by the Board of Directors of Fifth Third Bancorp on June 20, 2017 and
More informationRisk Management Made Easy 1, 2
1, 2 By Susan Parente ABSTRACT Many people know and understand risk management but are struggling to integrate it into their project management processes. How can you seamlessly incorporate project risk
More informationChapter 10. Auditing the Revenue Process
Chapter 10 Auditing the Revenue Process Copyright 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. LO# 1 Revenue
More informationModelling Operational Risk
Modelling Operational Risk Lucie Mazurová 9.12.2016 1 / 38 Contents 1 Operational Risk Definition 2 Operational Risk in Banks 3 Operational Risk Management 4 Capital Requirement for Operational Risk Basic
More informationThe tool covers three key processes under three sections: selection of applicants (worksheet 1 of the spread-sheet);
Ref. Ares(2013)3769073-19/12/2013 Annex 1 1.1. HOW TO USE THE SELF-ASSESSMENT TOOL The tool covers three key processes under three sections: selection of applicants (worksheet 1 of the spread-sheet); implementation
More informationENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework
ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework ENTERPRISE RISK MANAGEMENT (ERM) ERM Definition The Conceptual Frameworks: CAS and COSO Risk Categories Implementing ERM Why ERM? ERM Maturity
More informationDefining a Risk Appetite That Works
SESSION ID: CXO-W10 Defining a Risk Appetite That Works Jack Jones Chairman - FAIR Institute What we ll cover Appetite vs. tolerance what s the diff? Why bother? Comparing risk appetite definitions An
More informationGuidance Note: Stress Testing Credit Unions with Assets Greater than $500 million. May Ce document est également disponible en français.
Guidance Note: Stress Testing Credit Unions with Assets Greater than $500 million May 2017 Ce document est également disponible en français. Applicability This Guidance Note is for use by all credit unions
More informationGOV : Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management GOV-080-005: Enterprise Risk Management Policy Draft Date: November 2006; January 2012 Revised
More informationPubali Bank Limited Market Discipline-Pillar-III Disclosures under Basel-II As on 31 December 2010
Capital Adequacy under Basel-II Banks operating in Bangladesh are maintaining capital since 1996 on the basis of risk weighted assets in line with the Basel Committee on Banking Supervision (BCBS) capital
More informationAAS BTA Baltic Insurance Company Risks and Risk Management
AAS BTA Baltic Insurance Company Risks and Risk Management December 2017 1 RISK MANAGEMENT SYSTEM The business of insurance represents the transfer of risk from the insurance policy holder to the insurer
More informationLEGAL & GENERAL GROUP PLC risk management supplement
LEGAL & GENERAL GROUP PLC 2017 risk management supplement Supplement contents Within this supplement we set out descriptions of the risks we face, how our risk management framework operates, as well as
More informationApplying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004
Applying COSO s Enterprise Risk Management Integrated Framework September 29, 2004 Today s organizations are concerned about: Risk Management Governance Control Assurance (and Consulting) ERM Defined:
More informationI. Scenario Analysis Perspectives & Principles
Industry Position Paper I. Scenario Analysis Perspectives & Principles Introduction This paper on Scenario Analysis (SA) (Part I Perspectives and Principles) is one in a series of industry position papers
More informationOPERATIONAL RISK. New results from analytical models
OPERATIONAL RISK New results from analytical models Vivien BRUNEL Head of Risk and Capital Modelling SOCIETE GENERALE Cass Business School - 22/10/2014 Executive summary Operational risk is the risk of
More informationRisky Business. Jaidev Iyer Operational Risk Expert, CEO J-Risk Advisors
Risky Business Jaidev Iyer Operational Risk Expert, CEO J-Risk Advisors Speaker Information Jaidev Iyer Enterprise & Operational Risk Expert J-Risk Advisors Jaidev Iyer is a veteran of Citigroup, where
More informationIT Risk in Credit Unions - Thematic Review Findings
IT Risk in Credit Unions - Thematic Review Findings January 2018 Central Bank of Ireland Findings from IT Thematic Review in Credit Unions Page 2 Table of Contents 1. Executive Summary... 3 1.1 Purpose...
More informationBusiness Continuity Management and ERM
Business Continuity Management and ERM Partnership for Emergency Planning Kansas City Marshall Toburen GRC Strategist ERM, ORM, 3PM RSA A division of EMC 2 June 18, 2014 1 Agenda Intro State of ERM Today
More informationIOPS Toolkit for Risk-Based Pensions Supervision Kenya
Risk-based Pensions Supervision provides a structured approach focusing on identifying potential risks faced by pension funds and assessing the financial and operational factors in place to mitigate those
More informationMEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework
MEMORANDUM To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 Re: ERM Policy and Framework Executive Summary Attached are the draft Enterprise Risk Management
More informationSolvency II Insights for North American Insurers. CAS Centennial Meeting Damon Paisley Bill VonSeggern November 10, 2014
Solvency II Insights for North American Insurers CAS Centennial Meeting Damon Paisley Bill VonSeggern November 10, 2014 Agenda 1 Introduction to Solvency II 2 Pillar I 3 Pillar II and Governance 4 North
More informationOUT OF THE UNKNOWN. Industry-leading supply chain risk management. Will Harman September 2013
OUT OF THE UNKNOWN Industry-leading supply chain risk management Will Harman September 2013 1 Agenda Supply chain risk in the real world Why is supply chain risk management so difficult? An example of
More informationProperty & Casualty Dynamic Capital Adequacy Testing and Stress Testing The Canadian Framework
Property & Casualty Dynamic Capital Adequacy Testing and Stress Testing The Canadian Framework Caribbean Actuarial Conference December 5, 2009 Xavier Bénarosch, FCAS, FCIA, CFA, FRM Table of contents Concept
More informationHow Advanced Pricing Analysis Can Support Underwriting by Claudine Modlin, FCAS, MAAA
How Advanced Pricing Analysis Can Support Underwriting by Claudine Modlin, FCAS, MAAA September 21, 2014 2014 Towers Watson. All rights reserved. 3 What Is Predictive Modeling Predictive modeling uses
More informationApplying Risk-based Decision-making Methods/Tools to U.S. Navy Antiterrorism Capabilities
Applying Risk-based Decision-making Methods/Tools to U.S. Navy Antiterrorism Capabilities Mr. Charles Mitchell ABSG Consulting Inc. Alexandria, VA (703) 519-6387 cmitchell@absconsulting.com Commander Chris
More informationQuantitative and Qualitative Disclosures about Market Risk.
Item 7A. Quantitative and Qualitative Disclosures about Market Risk. Risk Management. Risk Management Policy and Control Structure. Risk is an inherent part of the Company s business and activities. The
More informationPerpetual s Risk Management Framework
Perpetual s Risk Management Framework Perpetual s Risk Management Framework Context Perpetual Limited (Perpetual) is a diversified financial services firm, listed on the Australian Securities Exchange.
More informationCriteria Insurance General: Refined Methodology For Assessing An Insurer's Risk Appetite. Table Of Contents
March 30, 2010 Criteria Insurance General: Refined Methodology For Assessing An Insurer's Risk Appetite Primary Credit Analyst: Marcus Bowser, London +44(207) 176 7052; marcus_bowser@standardandpoors.com
More informationApplying COSO s Enterprise Risk Management Integrated Framework
Applying COSO s Enterprise Risk Management Integrated Framework COSO COSO stands for the Committee Of Sponsoring Organizations of the Treadway Commission. The sponsoring organizations are: Institute of
More informationP2.T6. Credit Risk Measurement & Management. Michael Crouhy, Dan Galai and Robert Mark, The Essentials of Risk Management, 2nd Edition
P2.T6. Credit Risk Measurement & Management Bionic Turtle FRM Practice Questions Michael Crouhy, Dan Galai and Robert Mark, The Essentials of Risk Management, 2nd Edition By David Harper, CFA FRM CIPM
More informationAn Introductory Presentation for ECU Staff
Risk Management at ECU An Introductory Presentation for ECU Staff Phillip Draber Manager, Risk and Assurance Outcomes By the end of this session you should: Be able to complete and document risk management
More informationScouting Ireland Risk Management Framework
No. SID 124A/15 Gasóga na héireann/scouting Ireland Issued Amended 20 th June 2015 Deleted Source: National Management Committee Scouting Ireland Risk Management Framework Revision Date Description # 20/06/2015
More informationUsing Meaningful KRI s for Basel II Operational Risk Management
Using Meaningful KRI s for Basel II Operational Risk Management Presentation to: The Association of International Bank Auditors November 4, 2008 The Association of the Bar of New York City 3 What do these
More informationBERMUDA INSURANCE (GROUP SUPERVISION) RULES 2011 BR 76 / 2011
QUO FA T A F U E R N T BERMUDA INSURANCE (GROUP SUPERVISION) RULES 2011 BR 76 / 2011 TABLE OF CONTENTS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Citation and commencement PART 1 GROUP RESPONSIBILITIES
More informationAshmore Group plc Pillar 3 Disclosures as at 30 June 2018
Ashmore Group plc Pillar 3 Disclosures as at 30 June 2018 Table of Contents 1. OVERVIEW 3 1.1 BASIS OF DISCLOSURES 1.2 FREQUENCY OF DISCLOSURES 1.3 MEDIA AND LOCATION OF DISCLOSURES 2. CORPORATE GOVERNANCE
More informationPillar 3 Disclosures for the year ending 31 December 2015
29, Avenue de la Porte-Neuve Pillar 3 Disclosures for the year ending 31 December 2015 Pillar 3 Disclosures for the year ending 31 December 2015 Table of content 1. Overview 4 1.1. Background 4 1.2. Scope
More informationMaster Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards
Master Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards A framework for the integration of risk management into the project and construction industry, following
More informationRisk Appetite. What is risk appetite?
Risk Appetite Presented by Mike Claffey 30 March 2011 What is risk appetite? Risk appetite is the degree of risk that an organisation is willing to accept in order to achieve its objectives, both in terms
More informationEnterprise Risk Management
Enterprise Risk Management Southeastern Actuaries Conference Rebecca Scotchie June 2011 ERM is 2 1 Agenda What is ERM? Why is risk management important? ERM maturity model/evolution of ERM ERM Framework
More informationRISK COMMITTEE TERMS OF REFERENCE. The Board has resolved to establish a Committee of the Board to be known as the Risk Committee.
RISK COMMITTEE TERMS OF REFERENCE Constitution The Board has resolved to establish a Committee of the Board to be known as the Risk Committee. Objective To identify and monitor risks to the Society s strategy,
More informationExploring the New Era of ORSA Enterprise Risk Management (ERM)/ Own Risk and Solvency Assessment (ORSA) Committee
Exploring the New Era of ORSA Enterprise Risk Management (ERM)/ Own Risk and Solvency Assessment (ORSA) Committee Copyright 2015 by the American Academy of Actuaries. All Rights Reserved. Presenters Tricia
More informationModelling of Operational Risk
Modelling of Operational Risk Copenhagen November 2011 Claus Madsen CEO FinE Analytics, Associate Professor DTU, Chairman of the Risk Management Network, Regional Director PRMIA cam@fineanalytics.com Operational
More informationEffective Computation & Allocation of Enterprise Credit Capital for Large Retail and SME portfolios
Effective Computation & Allocation of Enterprise Credit Capital for Large Retail and SME portfolios RiskLab Madrid, December 1 st 2003 Dan Rosen Vice President, Strategy, Algorithmics Inc. drosen@algorithmics.com
More informationTHE USE OF KEY RISK INDICATORS BY BANKS AS AN OPERATIONAL RISK MANAGEMENT TOOL: A SOUTH AFRICAN PERSPECTIVE
THE USE OF KEY RISK INDICATORS BY BANKS AS AN OPERATIONAL RISK MANAGEMENT TOOL: A SOUTH AFRICAN PERSPECTIVE Jacobus Young* Abstract The use of key risk indicators as a management tool is one of the requirements
More informationENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017
ENTERPRISE RISK MANAGEMENT IN HEALTH CARE April 27, 2017 Presenters Adam Marshall Director, Risk Advisory Services Jessika Garis Manager, Risk Advisory Services RSM US LLP Adam.Marshall@rsmus.com +1 410
More informationTD BANK INTERNATIONAL S.A.
TD BANK INTERNATIONAL S.A. Pillar 3 Disclosures Year Ended October 31, 2013 1 Contents 1. Overview... 3 1.1 Purpose...3 1.2 Frequency and Location...3 2. Governance and Risk Management Framework... 4 2.1
More informationTRIPLE E EUROPEAN FOUNDATION CERTIFICATE in BANKING (TRIPLE E EFCB) LEARNING OUTCOMES
TRIPLE E EUROPEAN FOUNDATION CERTIFICATE in BANKING (TRIPLE E EFCB) LEARNING OUTCOMES EBTN is the united voice of vocational education and training providers in the European banking sector 56, Avenue des
More informationก ก Tools and Techniques for Enterprise Risk Management (ERM)
ก ก Tools and Techniques for Enterprise Risk Management (ERM) COSO ERM ISO ERM 31 2554 10:45 12:15.. 301, 302, 307 ก ก COSO Internal Control ERM Integrated Framework Application Technique ISO 31000 Guide
More informationERM and Reserve Risk
ERM and Reserve Risk Alietia Caughron, PhD CNA Insurance Casualty Actuarial Society s 2014 Centennial Celebration and Annual Meeting New York City, NY November 11, 2014 Disclaimer The purpose of this presentation
More informationEnterprise Risk Management
Enterprise Risk Management Navigating the Enterprise Risk Management Landscape Alp E. Can Director of Enterprise Risk Management, FHLBank Atlanta North Carolina Bankers Association August 31, 2016 Building
More informationAdvisory Guidelines of the Financial Supervision Authority. Requirements to the internal capital adequacy assessment process
Advisory Guidelines of the Financial Supervision Authority Requirements to the internal capital adequacy assessment process These Advisory Guidelines were established by Resolution No 66 of the Management
More informationIdentifying and measuring systemic risk Regional Seminar on Financial Stability Issues, October 2015, Sinaia, Romania
Identifying and measuring systemic risk Regional Seminar on Financial Stability Issues, 22-24 October 2015, Sinaia, Romania Ulrich Krüger, Deutsche Bundesbank Outline Introduction / Definition Dimensions
More informationReport on Internal Control
Annex to letter from the General Secretary of the Autorité de contrôle prudentiel to the Director General of the French Association of Credit Institutions and Investment Firms Report on Internal Control
More informationWHITE PAPER FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE
WHITE PAPER FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE 90 CAPTURE AND MONITOR RISK APPETITE 2 FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE Many organisations are grappling with
More informationRegulatory Disclosures. September 30, 2016
Regulatory Disclosures September 30, 2016 Scope of Application This Regulatory Disclosures Report provides the following qualitative and quantitative disclosures relating to Wealth One Bank of Canada (the
More informationOverview of ERM Assessment Viewpoints (June 2016) Overview
ERM assessment main category Culture & Governance Control & Capital Adequacy Profile & Measurement Application to Business Management Overview of ERM Assessment Viewpoints (June 2016) Overview Examine
More informationPillar 2 - Supervisory Review Process
B ASEL II F RAMEWORK The Supervisory Review Process (Pillar 2) Rules and Guidelines Revised: February 2018 CAYMAN ISLANDS MONETARY AUTHORITY Cayman Islands Monetary Authority Page 1 Table of Contents Introduction...
More informationEnterprise Risk Management Policy Adopted by the AMP Limited Board on 2 February 2017
Enterprise Management Policy Adopted by the AMP Limited Board on 2 February 2017 AMP s promise is to help people own tomorrow. To achieve this promise, risks must be managed effectively within the Board
More informationBANGKOK BANK BERHAD (Company No W)
BANGKOK BANK BERHAD (Company No. 299740-W) Risk Weighted Capital Adequacy Framework (BASEL II) - Pillar 3 Disclosure As at 31 December 2011 CONTENTS Page 1. Introduction 1 2. Scope of Application 1 3.
More informationLearning Objectives. Chapter 2 The Accounting Cycle: During the Period INSTRUCTOR S MANUAL
Financial Accounting 4th Edition SOLUTIONS MANUAL Spiceland Thomas Herrmann Full download at: https://testbankreal.com/download/financial-accounting-4th-editionsolutions-manual-spiceland-thomas-herrmann/
More informationI would like to thank the following organizations for sponsoring the course, which allows their employees/members to have the registration fee waived:
Presented by: Erike Young, MPPA, CSP, ARM 1 I would like to thank the following organizations for sponsoring the course, which allows their employees/members to have the registration fee waived: University
More informationCapital Buffer under Stress Scenarios in Multi-Period Setting
Capital Buffer under Stress Scenarios in Multi-Period Setting 0 Disclaimer The views and materials presented together with omissions and/or errors are solely attributable to the authors / presenters. These
More informationEnterprise Risk Management Sources. Universe. Tolerance. Appetite
Sources. Universe. Tolerance. Appetite Presentation Made at the ICPAK ERM Conference Wednesday, 20 th March 2013 Hilton Hotel, Nairobi Kenya Jona Owitti, CISA (jona.owitti@yahoo.com) Membership Director
More informationEnterprise Risk Management Integrated Framework
ISACA S IT Audit, Information Security & Risk Insights Africa 2014, Alisa Hotel Enterprise Risk Management Integrated Framework Tony Bediako May 20, 2014 Today s organizations are concerned about: Risk
More informationCASE STUDY DEPOSIT GUARANTEE FUNDS
CASE STUDY DEPOSIT GUARANTEE FUNDS 18 DECEMBER FINANCIAL SERVICES Section 1 Introduction to Oliver Wyman Oliver Wyman has been one of the fastest growing consulting firms over the last 20 years Key statistics
More informationPractical methods of modelling operational risk
Practical methods of modelling operational risk Andries Groenewald The final frontier for actuaries? Agenda 1. Why model operational risk? 2. Data. 3. Methods available for modelling operational risk.
More informationDECEMBER 2010 BASEL II - PILLAR 3 DISCLOSURES. JPMorgan Chase Bank, National Association, Madrid Branch INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
DECEMBER 2010 BASEL II - PILLAR 3 DISCLOSURES INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS JPMorgan Chase Bank, National Association, Madrid Branch Financial year ending December 31, 2010 Disclosures under
More information