Finance Dublin
Finance Jobs
Tuesday, 23rd April 2024
    Home             Archive             Publications             Our Services             Finance Jobs             Events             Surveys & Awards             
Effective risk management controls can bring continued success to companies or lead to their downfall Back  
This month’s special feature focuses on ‘The risks companies face’ and looks at the threats that both external and internal factors pose for Irish companies. Gerry Fitzpatrick examines the role of operational risk within companies and outlines how well prepared Irish companies are, while Richard Pike looks at risk management in an asset management context. In light of recent events at AIB’s subsidiary Allfirst, Donal Galvin addresses the risks treasurers face and Conor Griffin says that the deteriorating credit environment means that credit risk will be bankers number one concern in 2002. Orla Brennan, in her article on how domestic regulation will impact organisation’s risk management systems, says that strict compliance to an evolving regulatory environments means that companies have to devote more resources to manage their exposure to risk.
Never has the relationship between opportunity and risk been more pronounced: as companies grow and adapt to changes in the market place, every move forward embodies new risks and operational risk is now on the agenda for increasing numbers of senior executives and directors.
Operational risk can be defined as encompassing ‘a wide range of risks that can interfere significantly with achieving business objectives.’ But can it really be that simple? Unlike market and credit risk, operational risk is not something that is actively sought after as a source of profitable venture. It is a negative force; it represents ‘things that go wrong’ and which have, ultimately, a financial cost. Sometimes, operational risk represents ‘things that go very wrong’ and cause a crisis of confidence in the organisation, its management, and its ability to continue.
Indeed, operational risk is broader than the traditional market and credit risks facing financial institutions. It often stems from deep within the heart of a business, in its systems, procedures, or management controls and practices. As such, this risk could be called the danger within. Throughout 2001, Deloitte & Touche held a series of roundtable debates and discussions with risk managers in global organisations, and these roundtables highlighted a number of key issues:
• Our current operational risk management efforts include:
Nearly two-thirds (64 per cent) of risk officers reported that their current operational risk management efforts include a combination of qualitative metrics (like self-assessment and workshops) and quantitative metrics (such as transaction data or losses). Interestingly, one in five (20 per cent) participants do not capture operational risk data.
• Operational risk management roles and responsibilities are well defined.
Participants were split in their view of how well defined operational risk management roles and responsibilities were; half disagreed with the statement in relation to their organisations, while 43 per cent agreed.
• We have a good understanding which operational risk approach is most appropriate for our institution.
Participants were split in their perceptions about having a good understanding on which operational risk approach is most appropriate for their institutions. More than one-third (36 per cent) reported they have a good understanding, while 44 per cent do not. In discussion, risk officers noted that the Accord has generated awareness and discussion of operational risk. However, lack of a clear definition of operational risk makes it difficult to decide which approach is most appropriate.
Key questions
So what did this survey really tell us? Although awareness at the board level has increased, a gap often exists between it and the other layers of the organisation. Asking the four questions below will reveal much about the progress an organisation has, or has not made in dealing with operational risk through-out the company:
1. Can the CEO and other top-level management clearly identify the portfolio of operational risks their enterprise faces, including those faced by each business unit?
2. For each of these identified risks, is there an understanding of the likelihood and impact of their occurrence?
3. Is there clear and accountable ownership for the risks within the organisation?
4. Is the organisation in control of these risks? Can senior executives and the front-line business unit managers clearly demonstrate this.

Capital adequacy and operational risk
Responding to a growing awareness that operational risk can, in fact, be equally as damaging as a market or credit risk failure, the new Basel Accord seeks to address operational risk specifically - requiring banks to allocate capital for operational risk in addition to market and credit risk, and thus provide a capital cushion to absorb operational risk losses.
The Basel Committee’s proposals for an explicit capital charge for operational risk have generated much debate. One major issue is calibration - the Committee’s proposal, that the charge should be based on 20 per cent of the total regulatory capital requirement, has been challenged, and is likely to be refined based on the results of further research. No date has been set for a final Accord, however they believe that they are still on track for issue sometime in 2002 and implementation from 2005.
Another issue, more fundamental in nature, is that the first two alternatives, the Basic Indicator and Standardised Approaches, which the vast majority of institutions are likely to adopt initially, are not risk sensitive since they fail to take into account how well operational risk is managed in an institution. This has generated counter-proposals for the introduction of qualitative scoring in the Pillar 1 (capital requirements) approach or for operational risk to be addressed solely in Pillar 2 (regulatory supervision).
Although many organisations view the Basel Accord as another regulatory requirement, one positive outcome of the Accord is that it has generated additional awareness and discussion of operational risk.
To refer back to our survey, there is uncertainty among risk managers about which Accord approach is most appropriate - particularly because the approaches are not clearly or completely defined. A majority of the participants indicated that their existing operational risk processes would not facilitate compliance with the Basel Accord, nor did they believe it would improve operational risk management within their organisation.
Concerns included:
• The Accord’s focus was too narrow.
• Risk management is a small part of the business picture, which may not translate into capital savings.
• Measuring risk itself does not provide much value - it does not help to reduce risk.
To understand risk better and to more effectively manage operational risk, suggestions made included:
• Operational risk management should focus on improving operations, and not just an operational charge.
• Loss events should be tracked but not extrapolated.
• Metrics/benchmarks that are developed with and are valid for the business unit will get business unit buy-in, versus an arbitrary top-down allocation.

The foundation for a process
It is clear that there is no consistent approach to implementing an operational risk management programme. However here are seven operational risk management ‘best practices’ to consider when designing an operational risk management strategy (see table).
The management of operational risk remains an evolving science. Today’s best practices may not be suitable five years, or even one year, down the road.

Digg.com Del.icio.us Stumbleupon.com Reddit.com Yahoo.com

Home | About Us | Privacy Statement | Contact
©2024 Fintel Publications Ltd. All rights reserved.