lecture 2 - operational risk management

Question 1

what are operational risks?

Answer 1

They represent losses arising from lapses of internal control, human errors and failures to adequately manage external events like downturns and tech developments

Question 2

why is the choice of risk metric important?

Answer 2

failure to use the appropriate risk metric leads to operational risk, measures like VaR are appropriate for market portfolios but not so much for property as the horizons don’t match, leading to incorrect estimates and halting risk mgment ability.

Question 3

why might known risks be ignored?

Answer 3

‘too good to be true’ results - means risks will be ignored as long as big bonuses are being realised

Question 4

how was the subprime crisis an example of operational risk?

Answer 4

shows dangers of incorrectly measuring known risks - mortgage default risks were well known, but the frequency and scale of the risk was grossly underestimated

Question 5

what do known unknowns show in terms of risk?

Answer 5

a failure to identify and measure unknown risks.

Question 6

how can communication failures lead to operational risk?

Answer 6

upwards reporting may be slow, incomplete or distorted and result in boardroom inaction

Question 7

how do weak non-execs create operational risk?

Answer 7

can lead to monitoring and management lapses, especially if they don’t understand business properly.

Question 8

how have financial firms responded to operational risk?

Answer 8

heavily trust-based financial firms now have to hold regulatory capital to mitigate operational risks and prevent reputational damage

Question 9

what is the audit-related response to risk?

Answer 9

internal and external audit risk assessments are important for IT dependent and opaque financial firms.

also, recently have seen an increased incidence/scope of line mgment audits. not just looking at financials but management aspects too like reporting systems and evaluation of risks.

Question 10

how can insurance help with operational risk?

Answer 10

can be used for cyber breaches, business disruption etc.

Question 11

what can operational control systems bring to a company?

Answer 11

maintaining financial stability, successfully effecting internal/external changes, safeguarding assets, ensuring compliance with regs and laws, facilitating true and fair accounting of transactions

Question 12

what is the key to an effective operational control system?

Answer 12

a flexible mix of control mechanisms!

control mechanisms:
controls over input, e.g. HR

controls over processes, systems/procedures/policies. place for mgment and financial accounting to assist, e.g. with audits and inspection schemes to assist corp governance.

controls over output, e.g. financial and non-financial measures. need control over confidential outputs

qualitative approaches - surveys, focus groups, market research

Question 13

what does an effective operational control system need to produce useful results?

Answer 13

measurement against a standard or target:

target must be meaningful. also need a method of gathering relevant data and info and of comparing this info to the standard. also a means of initiating effective control.

Question 14

what are the assumptions of measuring against a target/standard?

Answer 14

assumed that we know:

what we want to know

how to measure it

target to set for it

how to make comparisons

that we can take appropriate corrective action

Question 15

what are the 5 main standards against which performance can be compared?

Answer 15

previous time period

similar organisations

estimates of future org’s performance (ex-ante)

estimates on what might have been achieved (ex-post)

performance necessary to achieve defined goals - growth/performance/output etc

Question 16

what are the problems of using measures in an operational control system?

Answer 16

KPIs should not be overemphasised, outcome-related performance indicators can distort mgment behaviour

Question 17

how can outcome related performance indicators distort mgment behaviour?

Answer 17

sub-optimisation - budget constraints inhibit initiatives

myopia - short term cuts at expense of long term gains

convergence - follow herd rather than stand out

gaming - manipulation of KPIs to maximise payoffs under bonus plans

misrepresentation

Question 18

what should the choice of and appropriate control system depend on?

Answer 18

SECRET:

Structure of org
Environmental conditions
Culture present in org
Role of centre v subsidiaries in terms of decision making
Established strategy being pursued
Tech usage and dependency

Question 19

what are the traditional accounting controls?

Answer 19

setting standard costs - calculation of variances as feedback against plan

capital investment appraisal techniques

costing methods and allocation of overheads - AC,MC,ABC, LCC

performance measurement - ROI, ROCE, EVA, transfer pricing

budgets and budgetary control - responsibility centres CC,PC,IC

manufacturing techniques - JIT, TQM

Question 20

what dysfunctional behaviour can occur in the budgeting process?

Answer 20

employees may factor in more than required and have slack.

mgrs have use it or lose it approach

not setting at a level to motivate

smoothing (increasing provisions)

bias in offering good forecasts rather than realistic estimates

Question 21

how can organisational structure help with operational risk?

Answer 21

follows strategy, determines type of internal control.

reflected in reporting/operational relationships in an organisational chart.

potent form of control because by arranging people in heirarchy with defined patterns of authority and responsibility, a great deal of their behaviour can be influenced or even pre-determined - Emmanual, Otely and Merchant, 1990.

Question 22

what is a functional structure and the +ves/-ves?

Answer 22

decision making at top, functional responsibilties allocated on depts. depts to communicate with each other. top-down control. service depts provide centralised staff function.

+ves: easy to understand, simple lines of communication

-ves: suitable for small firms with narrow geographical footprint.

Question 23

what is a divisional structure and the +ves/-ves?

Answer 23

head office with senior staff supporting CEO, divisions for major elements of business based on geographies or products/services. divisions responsible for all functional areas, operational control located in each area (subject to HO strategy).

+ves: planning centrally coordinated, implementation under local mgment

-ves: risk of mavericks, can foster inter-divisional disputes over resources.