The IOR is delighted to announce the release of the latest in a series of Sound Practice Guides (SPGs) for risk managers. These guides explain how risk culture may be identified, assessed, and controlled to help reduce the frequency and severity of operational risk events.The need for effective operational risk management is more acute than ever. Events such as the global financial crisis or the COVID-19 pandemic highlight the far-reaching impacts of operational risk and the consequences of management failure. In the light of these and numerous event organisations must ensure that their policies, procedures, and processes for the management of operational risk meet the needs of their stakeholders.Aidan Brock, PIOR, SIRM, Operational Resilience SPG author and Institute of Operational Risk Advisory Committee member said:“Covid-19 has forced organisations to be more proactive in how they approach and manage operational resilience. Practical implementation can take many forms depending on the size, scale and complexity of an organisation and the industry in which it operates, nevertheless the most effective leverage and build on existing risk management frameworks and practice, particularly operational risk.This guide outlines the key elements of operational resilience and provides practical guidance to assist those building and embedding better resilience in their organisations”.This guidance is designed to complement existing standards and codes for risk management (e.g. ISO31000). Readers looking for a general understanding of the fundamentals of operational risk management should start with the IOR’s Certificate in Operational Risk Management.View the SPG here »
These guides are part of a series of updated Sound Practice Guidance (SPG’s) documents for risk managers, designed to complement existing standards and codes for risk management (e.g. ISO31000).The aim is to provide guidance that is both focused on the management of operational risk and practical in its application.Although there is no one-size-fits-all approach to the management of operational risk, organisations must benchmark and improve their practice regularly. This series of papers provides practical guidance on a range of important topics that span the discipline of operational risk management.The objectives of these papers are to:
- Explain how to design and implement a ‘sound’ (robust and effective) operational risk management framework
- Demonstrate the value of operational risk management
- Reflect the experiences of risk professionals, including the challenges involved in developing operational risk management frameworks
The documents focus on:
- Risk Culture
- Embedding an Operational Risk Management Framework
- Operational Loss Events (Internal and External)
- Operational Risk Categorisation
- Operational Risk and Control Self-Assessment
- Operational Key Risk Indicators
- Operational Risk Scenario Analysis, Stress and Reverse Stress Testing
- Operational Risk Appetite and Tolerance
- Operational Risk Governance
Rainer Sprengel, Executive Director at IBM D Financial Markets Services, and Head of the IOR German Chapter said:“The need for effective operational risk management is more acute than ever. Events such as the global financial crisis or the COVID-19 pandemic highlight the far-reaching impacts of operational risk and the consequences of management failure.In the light of these and numerous other events organisations have to ensure that their policies, procedures, and processes for the management of operational risk meet the needs of their stakeholders.We hope that making these guides available more widely in the *DACH region will help provide those working in risk with a set of practical reference guides on which to build their knowledge.IBM was delighted to sponsor the translation of these guides and we’d also like to thank the German Association for Operational Risk Management (DGOR e.V.) for their partnership on this project.Final thanks must go to Prof. Simon Ashby, FIOR, Professor of Financial Services, Vlerick Business School for his valuable work writing the original SPGs”.Not all the guidance in these sound practice papers will be relevant for every organisation or sector. However, it has been written with the widest possible range of organisations and sectors in mind. Readers should decide for themselves what is relevant for their current situation. What matters is gradual, but continuous improvement.Readers looking for a general understanding of the fundamentals of operational risk management should start with the IOR’s Certificate in Operational Risk.Operational risk management is vital in preventing, managing, and assessing the risk of direct or indirect loss resulting from inadequate or failed internal processes, people, systems or external events. In recent years, the importance of operational risk management is exemplified by the greater variety and severity of business disruptions, frauds or other operational incidents.English versions are also available from both the IOR and IRM websites. *DACH countries: Germany (D), Austria (A), and Switzerland (CH).
The Institute of Operational Risk is delighted to announce the release of the following papers (available on this site via a log in.)Risk CultureRisk AppetiteEmbedding an Operational Risk Management FrameworkOperational Risk GovernanceRisk CategorisationRisk and Control Self-AssessmentOperational Loss Events (Internal and External)Operational Risk Scenario AnalysisStress Testing and Reverse Stress Testing and Key Risk Indicators.These are part of a series of updated Sound Practice Guidance (SPG’s) documents for risk managers.We are grateful to Sword GRC for kindly sponsoring the series and to Simon Ashby, FIOR, Professor of Financial Services, Vlerick Business School for his valuable work writing these SPGs.IOR members can view the SPG’s here. (By logging into the members area).
Bank of the Future – Minimise Technology Risk, Maximise Business Return – Kannan Subramanian R and Dr. Chithra SelvarajPosted on September 28, 2018, in Publications
About the Book Banks are facing several challenges from emerging technology, non-banking companies and changing lifestyle of their customers. The book articulates the view that successful leveraging of Information Technology Governance minimises risks and improves return on capital employed. The book has numerous case studies and examples on the usage of technology in commercial banks. The book takes the reader through the evolution of banking technology and elaborates on Technology Risks and Enterprise IT Risk Management. NIST, TARA, OCTAVE and CRAMM technology risk management methodologies are explained. The need for a bank to focus on preventive controls and counter-offensive strategies is emphasised. Enterprise I.T. Risk Management is now a core component of Operational Risk Management. The authors emphasises on the need for taking an enterprise approach for designing the business delivery architecture. The authors provide the guidance for implementing a data centric approach to Enterprise Architecture and Security. The books draws from the Banking Industry Architecture Network (BIAN’s) framework, Enterprise Data Management Council’s recommendations and the principles for effective risk data aggregation and risk reporting, BCBS 239, suggested by the Basel Committee on Banking Supervision. The book provides guidance on moving from an As-is Business & Technology architecture to a ‘To Be’ Target Business & Technical Architecture. It elaborates with examples the business justification for a Transformation It explains a unique approach to measuring a bank’s Enterprise I.T. Governance Maturity using a building block approach in which Process Maturity, People Skill Maturity and Data Management Maturity are core elements. Recent advancement in technology provide a bank with a unique opportunity, a checkpoint in their journey, to make a paradigm shift in the manner in which they conceive their business model and deliver value to their customers. Experts have opined that this is a very useful book for banks seeking to transform its operating and business model in order to stay competitive.(more…)
The recent financial crisis has led to unprecedented levels of operational risk losses. In Managing Operational Risk: New Insights and Lessons Learnt, Michael Grimwade, author and head of operational risk for MUFG’s International Securities Businesses, argues that these operational risk losses are readily explicable and could be repeated in the near future.Managing Operational Risk: New Insights and Lessons Learnt examines the ways in which market and credit risks were transformed into operational risk losses, and how the current actions of both central banks and regulators may be unwittingly sowing the seeds for a new wave of losses.
The United Nation’s Vienna & Palermo resolutions, the UN’s convention against corruption, the UN’s Protocol against the illicit Manufacturing and Trafficking in Firearms and the recommendations of the Financial Action Task Force, form the foundation for the book. It explains the methods, mechanisms, techniques and instruments of money laundering by analyzing elaborately over a hundred and fifty case studies from across the globe.The economic consequences of money laundering, the size of the shadow economy, the link between organized crime and the financing of terrorism.A risk-based approach in managing operations is explained for the different sectors of the eco-system and for a national AML-CFT program. Globally accepted methodologies, best practices to prevent and detect money laundering are explained.The World Bank, IMF and Basel approaches to conduct a National Money Laundering & Financing of Terrorism risk assessment are used to explain the approach to measure the effectiveness of a national’s AML-CFT program.The national AML-CFT program is an essential component of a governance model. The benefits of implementing a National Integrity System that some countries have already adopted are explained.Expert CommentsMr. T.S. KrishnamurthyFormer Chief Election Commissioner, Chief Commissioner of Income Tax-MumbaiGovernment of India.This book not only examines thoroughly the problem of money laundering and financing of terrorism in a comprehensive manner with interesting case studies but also provides governance measures to mitigate the evil. The author has rightly stressed the need for proper evidence gathering, domestic co-ordination of various agencies and international co-operation to deal with this global priority. His suggestions such as implementation of National Integrity System, strong political will including electoral integrity and more effective governance are indeed worth the attention of any democratic government in order to protect, preserve and promote democracy for posterity.Dr. S.RamamurthyFCIS (UK), FCCA (UK) and PhD in Economics (USA)Fiscal Management expert, formerly with the IMFThe book provides an insight into the different typologies of money laundering and financing of terrorism. It also throws light on relevant methodologies and tools to mitigate the adverse impact of money laundering. It explains a risk-based approach to mitigate the risks at the entity and national levels. It is very valuable book to those practitioners combating money laundering and countering the financing of terrorism world-wide.Available at all e_bookstores.The e-book is available for only USD10 and, for a limited time only (until 7 August 2016), the printed version is available to IOR members at a special discounted price of GBP59 (+ delivery).
The latest newsletter is now available to download. Highlights include:
- Status update on the IOR Education Programme;
- News of a new Sound Practice Guidance paper “Embedding an Operational Risk Framework” and a refreshed KRI paper;
- IOR’s response to the Basel Committee’s consultation paper on SMA;
- Updates from the IOR Chapters;
- Systemic Operational Risk – a special feature article;
- Risk Books special discount offer for IOR members; and
- CIR magazine’s new Operational Risk awards.
Systemic Operational Risk: Theory, Case Studies and Regulation by Dr. Patrick McConnellSystemic operational risk means operational risks that are not related to one firm only but arise simultaneously across the financial system. Examples include LIBOR, PPI, mortgage mis-selling, and FX benchmark manipulation. It includes, but is not limited to, conduct risks.Large systemic operational risk events are starting to get significant attention from banks' boards of directors, forcing the top executives at these firms to find ways to provide assurance that internal controls will stop such events happening again. One of the main challenges operational risk managers face these days is to develop a risk control framework that would allow senior management to understand where the hot spots are and confirm that policies and procedures are in place and being followed by their employees worldwide.Author Dr Patrick McConnell, who has over thirty years of professional experience as a senior manager and consultant working with major international financial institutions, provides an understanding of what causes these risks and how they may be tackled at macro- and micro-prudential levels of regulation.More information about the book can be found via the link below:http://riskbooks.com/systemic-operational-risk-theory-case-studies-and-regulation?utm_source=IOR&utm_medium=IOR&utm_campaign=IORIOR has negotiated a 25% discount for its members on this book and all other Risk Books titles until 31st July 2016. Please click the button below to download your discount code... Special Book Offer for IOR Members until 31st July 2016 (49 downloads)
People Risk Management – A Practical Approach to Managing the Human Factors That Could Harm Your BusinessPosted on August 10, 2015, in Publications
People Risk Management provides unique depth to a topic that has garnered intense interest in recent years. Based on the latest thinking in corporate governance, behavioural economics, human resources and operational risk, people risk can be defined as the risk that people do not follow the organization's procedures, practices and/or rules, thus deviating from expected behaviour in a way that could damage the business's performance and reputation. From fraud to bad business decisions, illegal activity to lax corporate governance, people risk - often called conduct risk - presents a growing challenge in today's complex, dispersed business organizations.Framed by corporate events and challenges and including case studies from the LIBOR rate scandal, the BP oil spill, Lehman Brothers, Royal Bank of Scotland and Enron, People Risk Management provides best-practice guidance to managing risks associated with the behaviour of both employees and those outside a company. It offers practical tools, real-world examples, solutions and insights into how to implement an effective people risk management framework within an organization.