What is Operational Risk?



Similar documents
Operational Risk Management Policy

How To Improve Your Salary At The Finance Sector Union Of Ustralia

RESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT

Circular to All Licensed Corporations on Information Technology Management

Vendor Management. Outsourcing Technology Services

BUSINESS CONTINUITY PLAN (BCP)

NCUA LETTER TO CREDIT UNIONS

Advent. Disaster Recovery: Options for Investment Managers. A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc.

ViewTrade Securities, Inc. Business Continuity Plan (BCP) 2015

ICASAS505A Review and update disaster recovery and contingency plans

Module # 2 Management/Key Employee Assessment

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

PART 10 COMPUTER SYSTEMS

BARRAMUNDI L IMITED RISK MANAGEMENT POLICY

Job title: Staff Accountant Receivables

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Business Continuity Plan Summary

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs

NCUA LETTER TO CREDIT UNIONS

JANSSEN PARTNERS, INC. Business Continuity Plan (BCP)

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS

Introduction. Conducting a Security Review

a Disaster Recovery Plan

BERMUDA MONETARY AUTHORITY

Operational Risk Publication Date: May Operational Risk... 3

Internal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned

Risk Management guide

Continuity of Operations Planning. A step by step guide for business

Risk Management. Risk Management Overview. Credit Risk

EASY FOREX TRADING LTD DISCLOSURE AND MARKET DISCIPLINE IN ACCORDANCE WITH CAPITAL ADEQUACY AND THE REQUIREMENTS ON RISK MANAGEMENT

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK

Business Continuity. Disaster Recovery Plan

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship

LOCAL GOVERNMENT MANAGEMENT ASSESSMENT OVERVIEW AND QUESTIONNAIRE

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

Risk Management. Risk Policy and Procedures. Risk Management Framework

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

Relevant COSO Principles. Policies and procedures are maintained. Policies and Procedures. Roles and responsibilities are identified

Business Plan for Implementing Electronic Commerce

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

Operational risk in Basel II and Solvency II

Hair and Beauty. Policy Summary

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Paper MA2. Managing Costs and Finance FOUNDATIONS IN ACCOUNTANCY. Specimen Exam applicable from June 2014

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

Internal Control Guide & Resources

Adopted by the Board of Directors on 23 April 2015 with entry into force as of 24 April OPERATIONAL RISK MANAGEMENT POLICY

Business Continuity Planning for Risk Reduction

Planning and Implementing Disaster Recovery for DICOM Medical Images

Auditing Standard 5- Effective and Efficient SOX Compliance

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers

BCP (Business Continuity Plan)

Fundamentals Level Skills Module, F8 (IRL)

Sound Practices for the Management of Operational Risk

Department of Information Technology Software Change Control Audit - Mainframe Systems Final Report

Competing more effectively with a Managed Services Provider.

Internet Banking Internal Control Questionnaire

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

OPERATIONAL RISK RISK ASSESSMENT

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

CROWDFUNDING WHAT IS CROWDFUNDING?

COLLEGE OF BUSINESS & ECONOMICS 2014 JOURNAL LIST

Business Continuity Planning. Presentation and. Direction

INFORMATION TECHNOLOGY CONTROLS

LOGISTICS FREIGHT FORWARDERS SUPPLEMENTAL APPLICATION

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Disaster Recovery 81 Success Secrets. Copyright by Michelle Stein

DEVELOPING A KRI PROGRAM: GUIDANCE FOR THE OPERATIONAL RISK MANAGER SEPTEMBER Mayowa BabatolaMayowa BabatolaBITS 2004 September 2

ISO Controls and Objectives

CONTINUITY OF OPERATIONS PLANNING

SECTION 15 INFORMATION TECHNOLOGY

Transcription:

Operational Risk Management DeMP Workshop with E St. Kitts & Nevis March 18-20, 2009 What is Operational Risk? Traditional View Market Risk IR & FX redit Risk Operational Risk Everything Else asel II Definition: The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events. 1

Sources of Operational Risk Processes People Sytems Internal Fraudulent ctivities Operational Risk in Execution Policies and Guidelines External Natural Disasters/ Terrorist ttacks Laws and Regulations utomated vs Manual Processes utomated Processes PROS Reduce opportunities for human error Fast Less need for staff (Free staff to do other things) ONS Fewer opportunities for detective controls Heavy reliance on having right systems/system security Greater Systemic Risk OMPUTER LETS YOU MKE MORE MISTKE FSTER THN NY INVENTION IN HUMN HISTORY - Mitch Ratliffe 2

Systems dequate and well functioning systems are at the core of a good control environment High level of dependence on spreadsheets outside of core systems introduces high level of risk Inability to trace and track the history of changes Restricting access to spreadsheets Selecting a Debt System: Develop in-house or purchase one off-the-shelf? Systems apacity Planning Hardware and software selection should be considered during growth projections Over/under utilization Scalability 3

People - Staffing Related Risks Staff person is unusually bad. Mitigated by: Existence of clear written procedures Two-person sign-offs for important functions Mentoring and regular training Staff person is unusually good Key Person Risk: dependence and repository of institutional memory Mitigated by: Encouraging key people to record processes/past experiences in writing in accessible form Working in teams People - Internal Fraud Internal Fraud Generally for direct financial gain (embezzlement) or to cover losses Nick Leeson arings ank ase Other reasons Royal ank of Scotland ase: GP 21 million fraud at Royal ank of Scotland in 2006 employee created 1,400 false accounts to be named business manager of the year. Defenses gainst Internal Fraud Restricting access to information and systems to need to know staff Segregation of duties Requiring two-person sign-offs Proper audit trail Required 2 week leave policies (NSD, JSD) Establish culture where staff feel comfortable reporting errors 4

External Fraud External Fraud ccess of systems/corruption of system by external parties: robbery, computer hacking ollusion of staff with external parties: bribery Fraud by dealers or other market intermediaries Defenses gainst External Fraud uild adequate security and controls in the financial systems that interfaces with external vendors or counterparties uild awareness among staff of the importance of safeguarding the institutions' systems (no downloading of programs on external sites) External Events Damage to Physical ssets Terrorism, Vandalism, Earthquakes, Fires, Hurricanes, Floods, etc Systems Failures Hardware and Software Failures, Telecommunication Problems May be Low Probability but Very High Severity Events Need usiness ontinuity Plans lternative Work Sites ack-up Systems Ensure that Key Market ounterparties also have such plans in place 5

World ank HQ Position Legal & Regulatory Environment pproval by Local Securities Regulator ( Registration ) On-going disclosure Requirements nti-fraud Provisions 6

nti-fraud Provisions Liability (penal/civil) for materially false statements or omissions Meaning: information that would influence a reasonable investor s decision to purchase or sell the security. INTERNL PROEDURES RE KEY The DeMP scoring methodology emphasizes Debt administration and data security (DPI 12) Segregation of duties, staff capacity, and business continuity (DPI 13) 14 7

Debt dministration and Data Security Dim1 Procedures manual for processing debt service Updated every 2 Years Electronic Payment Orders STP Payment Systems DeM Entity Procedures manual for debt recording and validation Independent confirmation of data conducted annually External reditors Major Investors Dim2 Updated every 2 years 15 Debt dministration and Data Security Dim3 Procedures for accessing debt and payment systems Updated when staff changes occur udit Trails of System ccess DeM Entity Daily data back-ups Monthly data back-ups Dim4 Secure Fireproof Location Weekly data back-ups 16 8

Segregation of Duties, Staff apacity, and usiness ontinuity Dedicated compliance monitoring staff Risk Monitoring and ompliance Unit Dim1 Payments ccounting reditors Market One compliance monitoring staff Payment and ccounting Staff Debt Recordin g System Negotiating and ontracting Staff DeM Entity Data Entry and hecking Staff 17 Segregation of Duties, Staff apacity, and usiness ontinuity Dim2 ode-of-conduct and conflict-ofinterest guidelines Job descriptions DeM Entity Training and development plans, plus yearly performance assessments DR/ plan Dim3 Tested in past 3 years Recovery Site nnual testing Operational risk management procedures 18 9

Thank you! http://go.worldbank.org/4vx651fh0 World ank ccc@worldbank.org 19 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information