User:Cyardumian/sandbox

Best Practices in Operational Risk Management

Introduction

Out of all the components of Enterprise Risk Management, Operational Risk is the least developed component, despite the fact its one of the earliest risks companies have ever faced. Operational risk is both a major area of risk that needs to be addressed, but also possesses significant opportunities, accompanied by a wide variety of practices.

Basic Practice

The first and most basic level of Operational Risk Management is what's referred to as the "Basic Practice". Under a basic practice, a firm has recognized that certain operational risks exist, and they have defined both it and its sub-categories. The firm has appointed a Chief Risk Officer (CEO) to manage their overall practice, but an operational risk committee has also been formed and meets monthly to discuss topics related to the firm's operational risk. At this stage the company has also started tracking losses related to operational risk while also beginning to report based on risk indicators.

Standard Practice

The next level up is referred to as "Standard Practice". These firms have developed a full set of operational risk indicators broken up by business unit, while also setting goals for these indicators and having processes in place to track and report on them. Early warning indicators have also been developed in order to better equip the board to handle potential operational risks. These firms have developed multiple years of operational risk losses and incidents and also have an internal database linked up with an "industry loss-event" database. Multiple response plans have been formulated to aid loss mitigation and control, which would be executed by a team of operational risk experts and professionals should the need ever arise.

Best Practice

The highest level of operational risk management is called the "Best Practice." These companies have integrated qualitative and quantitative tools to support their efforts in minimizing operational risk. Their set of early warning indicators is fully developed which helps them asses not only internal operational risk, but that risk which exists in their external environment as well. These companies have also developed scenario based operational risk modelling procedures to help quantify potential losses, which better allows them to allocate capital to underlying operational, credit and market risks. They posses a fully integrated insurance function as well, which when using the economic capital framework as a model, they can then tailor and execute risk management strategies to fit their needs, allowing for risk analysis in business plans, reviews, new products and acquisition strategies. In this final level of operational risk management, the process has evolved from simply a control function, into a function that supports more educated decisions about pricing, growth, and profitability strategies.