Operational Risk Management – Financial Institutions

Skip Navigation Links Home Services Business Risk Services Risk Management Operational Risk Management– Financial Institutions

From RE-action to PRO-action!

Banking is a risky business; however, until now, in most financial institutions, only two of the three major risk elements, Credit Risk and Market Risk, have been subjected to analysis, measurement, and management. The third, and arguable, the most complex and critical, Operational Risk, has been largely ignored. The recent banking crisis and recent bank failures meant this had to change; and it has. Both the regulators and the boards of banks now understand that unexpected and uncontrolled Operational Risk can present a major threat to their institution. Insurance companies are in the business of assessing risk, yet they too, in the past, have largely ignored Operational Risk. Now, major insurers and their regulators are coming to understand the importance of massively significant threat to insurer’s activities.

To survive, develop, and prosper in this increasingly risky and competitive environment, financial services organizations need to be at the leading edge of operational Risk Measurement and Management; all of their stakeholders, along with their regulators, expect nothing less from them.

Our Operational Risk Management Methodology and software are designed to meet these requirements.

Grant Thornton’s approach for implementing an Operational Risk Management process within an organization incorporates:

  • Reviewing the corporate structure to identify discrete risk units.
  • Developing an implementation schedule for the business.
  • Conducting a series of workshops to train the staff on the identification, classification and measurement of risks and the evaluation of controls, and on the development of Compliance Tests for the periodical evaluation of controls.
  • Training the Risk Management Team on the use of CARE and on conducting/facilitating workshops.
  • Developing the forms and procedures of work needed for capturing loss events and “near-misses” and using CARE to record and analyze such events as well as to monitor the implementation of action plans to prevent their recurrence.
  • Designing, interpreting and using the reports generated by CARE.
  • Adjusting the Internal Audit Charter to utilize CARE results for the implementation of a Risk-based audit methodology.
  • Training RM, Compliance and IA staff on the use of CARE.

Basel Requirements

The Basel Committee on Banking Supervision, a committee of the Bank for International Settlements, has issued a number of papers that put the responsibility on the board and management of a bank for ensuring that the bank has an effective system of operational (internal) control. The board and management are also responsible for ensuring that the bank has a means of providing periodic assurance to them that the systems of control are working and that the role of internal audit is adapted to provide objective assurance of the adequacy of internal controls.

The relevant Basel Committee pronouncements include:

  • The Regulatory Treatment of Operational Risk
  • Internal Audit in Banks and the Supervisor's Relationship with Auditors
  • Framework for Internal Control Systems in Banking Organizations
  • Enhancing Corporate Governance in Banking Institutions
  • Sound Practices for the Management and Supervision of Operational Risk
  • Minimum Capital Requirements
  • International Convergence of Capital Measurement and Capital Standards
  • Quantifying Regulatory Capital for Operational Risk
  • Sound Practices for the Management and Supervision of Operational Risk - Basel Committee

Aldar has helped more than 20 banks in the Arab world meet these requirements.

Our adopted methodology and related software (CARE) are designed to not only meet these and other regulatory requirements, but also to significantly improve a bank’s control environment.

It is to be noted that the methodology also takes into consideration the unique requirements of Islamic Banks, where Shariaa Compliance is an essential factor for the success of these banks.


Meeting the Challenge

A number of key questions arise as a result of the Basel Committee and Corporate Governance requirements for which bank boards and management are responsible:

  • Do the Board and Senior Management know the operational risks that their business faces?
  • For each identified risk, is there a clear and accountable ownership within the business?
  • Are the risks that have been identified controlled, adequately and consistently?
  • Has the potential impact of a risk occurring been measured and the probability of occurrence estimated?
  • Is there a system in place to ensure that operational risks continue to be identified and adequately controlled?
  • Is there a reliable reporting system in place?
  • Does the Bank have an accurate and valid process for recording operational losses and identifying the causes of such losses?

There are many potential risks, which can threaten an organization. A systematic approach is required to identify where the risks lie, what controls should be implemented to mitigate them, how effective the system of internal control is in mitigating those risks and which risks can be accepted based on the Bank’s assessed appetite for risk.

Aldar Audit Bureau has adopted a unique software Control And Risk Evaluation (CARE) which meets all the requirements for Operational Risk Management noted above. The software provides a systematic, consistent and effective approach to the recognition of operational risks, the effectiveness of internal controls in mitigating those risks and to the measurement of the bank's operational risk profile. It provides reports which enable the board and management of a bank to understand the bank's operational risk profile, determine where improvements and enhancements to the control environment are required, prioritize such changes and measure the results. Above all, CARE is extremely flexible to meet the needs of individual organizations.

For more information about CARE, please Click Here .


Advantages

  • Understanding and awareness of operational risks at all times and at all levels
  • Consistent approach to Operational Risk Management
  • Development and enhancement of a control culture: all staff must be involved in the process
  • Acceptability to regulators of the process for managing and measuring operational risk, thus reducing capital charges and related capital costs: capital is freed up for more productive and profitable purposes
  • Can be used to control and manage, through the development of generic matrices, specific operational risk elements inherent in all banking operations, e.g. money laundering, Know Your Customer requirements, Internet banking, etc.
  • Enables board and management to carry out their corporate governance responsibilities in ensuring the bank has an effective and consistent approach to operational risk management and that the board and management are provided with adequate and accurate information to enable informed decisions to be made regarding operational risk management.
  • Our entire methodology is supported by detailed training courses.

Grant Thornton Approach Grant Thornton Approach Flow Chart

Grant Thornton Approach Flow Chart

Aldar Comprehensive Risk Management Methodology can be summarized in the following diagram:
Aldar Comprehensive Risk Management Methodology

© 2009 Grant Thornton International Ltd – All rights reserved