A workable risk taxonomy – often referred to as risk categorisation – is one of the key challenges facing firms in their development of an operational risk framework. It can be regarded as the foundation upon which an operational risk framework is constructed.
The approach to risk categorisation is fundamental to the effective management of operational risk. It is applied across all operational risk framework components and risk management activities, crucially providing a common frame of reference for reporting which is the basis for subsequent attention and action and upon which meaningful quantification will depend.
It is important to recognise that risk categorisation will always need to be tailored to suit each individual organisation because, to be of benefit, it must be relevant to the business concerned and align to delivery infrastructure such as supporting IT systems.
De facto benchmarks, such as the Basel II Loss Event Type Classification adopted in the financial services sector, provide a useful starting point but are rarely implemented without modification as to do so would involve challenges in selecting the most appropriate category for a given event. Therefore the “mapping” of bespoke categories to the standard categories is a widely adopted practice – for example in order to participate in the sharing of information through loss data consortia.
The IOR Sound Practice Guidance paper highlights the benefits of a well-designed and properly implemented categorisation framework; explores different approaches to categorisation, the implementation of the framework and a number of challenges involved, together with solutions drawn from the practical experience of a variety of organisations.
The full paper is available ONLY to IOR Members in the Presentations and Papers section.
Members may view the full guide click here: Risk Categorisation (1002 downloads)