FRM lec 10 Flashcards
process aims to reduce the overall risk level to one that is acceptable to senior management and regulatory bodies
Operational Risk Management
Consider all the services, processes, and procedures and identify the potential risks and controls in place relating to each service, process, or procedure.
Identification
Consider each identified risk and assess the effectiveness of existing controls in mitigating the risk’s potential impact
Assessment
Operational risk measurement involves quantifying the potential losses from each identified risk
Measurement
Once operational risks have been identified, assessed, and measured, additional controls and process improvements can be developed and implemented to further mitigate identified risks to levels that are consistent with the risk level of the organization
Mitigation and control
Requires ongoing monitoring of risks and concise, timely communication to management, employees, and regulators. Regular risk reports on operational risk events allow management to better understand and assess the operational risk profile of the institution and to allocate the resources effectively to guard against unexpected increases in risk events
Monitoring and reporting
Is responsible for risk management across the entire firm
Centralized risk function
Is responsible for evaluation of an individual business line
Business line risk function
Is responsible for operational risk management for a business unit and supported by a central risk management group or function
Individual business unit risk function
The focus is on the review of individual business processes by external auditors. This practice is usually used to supplement the bottom-up approach.
Audit oversight
Each business unit analyzes the nature of the operational risks it faces. This subjective method leads to an inventory of various risks, including an evaluation of the frequency and severity of past losses. Often this approach would include the development of risk control processes, such as checklists and questionnaires. This is a bottom-up approach.
Critical self-assessment
This relates process flows, organizational units, and business units to various operational risk types to help management understand the location of operational weaknesses. This is considered a bottom-up approach.
Risk mapping
A map of the factors that directly or indirectly cause an operational risk event is created.
Causal networks
These measure the change in risks over time, indicating how risky an activity is. Usually early warning signs (increased staff turnover, trade volumes, number of failed trades, the frequency and severity of errors within one business unit, etc.), potential losses can be estimated
Key risk indicators
The focus is on the frequency and magnitude of operational risk losses and is based on internally collected or externally sourced information. Earnings volatility. The earnings of various operational units are analyzed, and the historical changes in the earnings are calculated.
Actuarial models.
