Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Operational Risk

    Загружено:

    aichaanalyst4456
    135 просмотров6 страниц
    Operational Risk

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    DOCX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Operational Risk

    Авторское право:

    © All Rights Reserved
    Скачайте в формате DOCX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    135 просмотров6 страниц

    Operational Risk

    Загружено:

    aichaanalyst4456
    Operational Risk

    Авторское право:

    © All Rights Reserved
    Скачайте в формате DOCX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 6

    Operational risk: key risk

    indicators (KRIs)

    October 29, 2015


    Kseniya Strachnyi
    Key risk indicators, operational risk, risk mitigationthese terms pop
    up in most content focused on risk management. But, these terms
    aren't often used in a way that provides guidance on improving
    processes. We all need to understand what role KRIs play in risk
    mitigation, but do we all know how to get started turning concepts
    into action? This blog by Kate Strachnyi provides a substantive
    introduction to a realistic KRI framework that any company can use as
    a foundation for a robust and customized risk management strategy.

    Key risk indicators defined


    Key risk indicators (KRIs) are an important tool within risk
    management and are used to enhance the monitoring and mitigation of
    risks and facilitate risk reporting. Operational risk is defined as the
    risk of loss resulting from inadequate or failed internal processes,
    people and systems, or external events. Operational KRIs are
    measures that enable risk managers to identify potential losses before
    they happen. The metrics act as indicators of changes in the risk
    profile of a firm.

    Effective KRIs should be:

    Measurable - metrics should be quantifiable (e.g., number, count,


    percentage, dollar volume, etc.).

    Predictable - provide early warning signals.

    Comparable - track over a period of time (trends).

    Informational - measure the status of the risk and control.

    Leading & lagging KRIs


    Leading KRIs are measures that are considered predictive in nature.
    They are derived from metrics that can help to forecast future
    occurrences. Lagging KRIs are metrics based on historical measures.
    These help to identify trends in the firm.

    Importance of KRIs
    KRIs play an important role in risk management by predicting potential
    high risk areas and enabling timely action.
    KRIs enable firms to:

    Identify current risk exposure and emerging risk trends.

    Highlight control weaknesses and allow for the strengthening of


    poor controls.

    Facilitate the risk reporting and escalation process.

    Operational risk management adds value to the firm.

    Regulatory expectations
    To qualify to use the Advanced Measurement Approach (AMA) to
    calculate operational risk capital under Basel II, the Basel Committee
    on Banking Supervision (BCBS) has specified detailed criteria for the
    use of forward-looking measures. The choice of each factor needs to
    be justified as a meaningful driver of risk and whenever possible, and
    the factors should be translatable into quantitative measures that lend
    themselves to verification. The sensitivity of a firms risk estimates to
    changes in the factors and the relative weighting of the various factors
    need to be well reasoned.

    KRI roadmap
    Below is a high-level roadmap for establishing a KRI framework:

    KRI processes
    KRI identification

    Identify existing metrics.

    Assess gaps and improve metrics.

    Identify KRIs via risk control self-assessment (RCSA)interview


    business units.

    Dont over rely on them; focus on indicators which track changes


    in the risk profile or the effectiveness of the control environment.

    Concentrate on the significant risks and their causes and


    consider forward looking and historical indicators.

    Consider absolute values and numbers, ratios, percentages,


    ageing, etc.
    Data on KRIs should be collated on a systematic and consistent
    basis in order to be meaningful, e.g., on a monthly basis.

    KRI selection

    Select the KRIs that are measurable, meaningful and predictive


    (leading indicators).

    Gather a good mix of leading and lagging indicators for effective


    risk management.

    Dont select too many KRIs that:

    o Are too difficult to manage (track).

    o Might become unmanageable.

    o Select only the ones that provide useful information.

    Setting thresholds

    Determine and validate trigger levels or thresholds.

    Based on industry tolerance or internal acceptance.

    Board of directors should approve thresholds.

    Should coincide with risk appetite statement.

    KRI tracking & reporting

    Periodic tracking of KRIs (monthly, weekly, depends on what the


    KRI represents).

    KRIs should be reported regularly and escalation procedures


    should be in place (as part of the KRI framework) to ensure
    timely reporting to management and board.

    Various KRIs will have different levels of escalation. When in


    doubt, escalate higher but dont dump too much information on
    management/board because they will get overwhelmed.
    Reporting of KRIs to head of business units by KRI owners. Head
    of business units then reports into risk management. Risk
    management reports to risk board and when applicable, the full
    board.

    This can help improve corporate governance structure.

    Risk mitigation plans

    Risk mitigation plans (RMPs) should be set for High risk items.

    Items with high severity or high frequency of occurrence need to


    have RMPs to mitigate risk and enhance controls.

    Determine what is high risk by assessing control levels.

    Track RMPs to ensure that controls are enhanced and risk is


    mitigated. Report on RMPs to management/board, and set target
    completion dates.

    Roles & responsibilities

    Risk management

    o Create Framework and provide training

    o Guidance and challenge KRI selection process

    o Reporting/Escalation of breaches

    o Identify Trends

    Business units

    o Identify KRIs

    o Set thresholds

    o Monitor positions

    o Escalate breaches of limits to management


    Internal audit

    o Validation and assurance around KRI process

    o Incorporate output into audit plan

    o Assess control effectiveness for KRIs that were breached


    or yellow

    Challenges
    The potential challenges of establishing an effective KRI framework
    include:

    Getting business units to buy-in into the need for KRIs

    Demonstrating the effect (positive) that it can have on the firm


    overall and for each business unit

    Might result in setting aside more capital

    Identification of KRIs can prove to be difficult

    Lack of resources to track KRIs

    Key Risk Indicators


    The level of risk can be measured continuously through a series of defined and
    monitored indicators.

    Some of the identified risks can be measured continuously on the basis of defined KRI (Key Risk
    Indicators) and defined dashboards, based on the existing data in IT systems. This is a more optimal
    approach than an approach based on periodic, eg. an annual assessment of the identified risks
    based on expert judgement only.
    Continuous risk assessment enables ongoing reaction to the appearing deviations of the risk level
    defined as acceptable for the entity and take appropriate action in a short time.

    Вам также может понравиться