Fundamentals of Risk Management
operational risk management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
operational risk management
369 ● ● There was an over-reliance on compliance and controls to protect assets, with the mistaken assumption that historic controls and monitoring a few key metrics are enough to change human behaviour. ● ● There was a failure to properly understand, define, articulate, communicate and monitor risk tolerances, with the mistaken assumption that everyone understands how much risk the organization is willing to take. ● ● There was a failure to embed enterprise risk management best practices from the top all the way down to the trading floor, with the mistaken assumption that there is only one way to view a particular risk. The text box below provides an example of how financial institutions report on their operational risks. This edited extract demonstrates the scope of operational risk, but also illustrates that financial institutions (FIs) face exactly the same range of opera- tional risks as non-FIs. The key difference is that FIs are required to quantify their operational risk, so that capital can be allocated to fund these risks. The group risk department defines and prescribes the insurance, market and operational risk assessment processes for the business. It performs second-line reviews, including the reserving and capital modelling processes, and undertakes regular reviews of all risks in conjunction with management, with the results of these reviews recorded in risk registers. Listed below are the principal operational risks that Admiral has identified through its ERM framework: ● ● People risk: – Failure to recruit, develop and retain suitable talent. ● ● Process risk: – A failure in processes or failure of their associated controls. ● ● Technology risk: – Failure to invest and successfully implement, appropriate technology. ● ● Cyber risk: – Financial loss, data loss, business disruption or damage to reputation from failure of IT systems. ● ● Customer outcome risk – Failure of products, processes or services to meet customer and regulator expectations. Admiral Group plc Annual Report and Accounts 2015 scope of operational risk |
