IOR publishes third Sound Practice Guidance Paper

Saturday, 11 September 2010 15:32

Governance essential for good operational risk management

The importance of governance as the cornerstone to good risk management is highlighted in the latest Operational Risk Sound Practice Guidance Paper published by the Institute of Operational Risk.

‘Operational Risk Governance’ is the third in a new series of papers from the Institute that are designed to provide practical guidance on the implementation of the techniques necessary to support a robust operational risk management framework.

It emphasises that operational risk is not just a set of processes, to be effective and capable of playing a part in business management it needs clear and active leadership. Without good governance, the paper warns, operational risk management processes will operate in a vacuum. Another valuable contribution this paper makes is to stress that the roles and responsibilities of people throughout the organisation should reflect the part they play in limiting risk exposures and losses. The paper outlines the importance of a governance structure to co-ordinate risk management across the organisation.

The board and its audit and risk committees play a key governance role and the paper describes the ‘three lines of defence’ - senior management (the risk takers in the business); those responsible for risk oversight and risk guidance; and providers of independent assurance to the board regarding the effectiveness of risk management processes. Detailed guidance on the roles of operational risk functions is also given along with governance responsibilities towards external stakeholders, such as regulators, investors, rating agencies and suppliers.

This is a comprehensive paper on Operational Risk Governance that shows the high standards that executives, as well as operational risk managers, must achieve in order to both reap valuable benefits and to meet ever increasing expectations of operational risk management.

Edward Sankey the IOR Chairman says:

“Risk governance is not just about complying with a set of rules. It’s an integral part of the day to day running of a business which is why risk policies and risk appetites will only be effective if they operate within a clear risk governance framework that puts in place a structure of risk responsibility throughout the firm.

“Good risk governance from the board down is therefore essential so that everyone in the firm is clear about their operational risk roles and responsibilities. It requires open communication up and down the firm so that the quality of discussion, and resulting decisions reflect a real commitment of senior management to risk management.”

“But all of this is only possible if there is a sound governance framework and a risk culture which is embedded throughout the organisation and involves everybody in it.”

Click here to view the Operational Risk Governance Paper


Comments (0)Add Comment
feedSubscribe to this comment's feed

Write comment

busy
< Prev   Next >