Trad. vs. Modern Op'al RM

Differences

Risk ID

Trad: all risks (average)

Modern

Define risk universe => exhaustive and mutually exclusive

Use hard or soft data

Risk measures

Trad

Modern

Frequency and severity

Likelihood and impact

Expected loss and unexpected loss

Aggregation

Trad => likelihood can't

Modern => frequency can

Goal

Trad: RM of current threats

Modern: key risks, optimization of risk-reward, risk-control and risk-transfer in a context of cost-benefit analysis

Cost

Trad: resource intensive

Key risks

Modern: much less resource intensive

Key Concepts

Likelihood vs frequency

Expected loss vs unexpected loss

Risk measurement vs assessment

Risk Universe

Trad

Modern

Imprecise classification (financial reporting risk)

Operational risk should be embedded in other risks

No principal-agent risk

Four dimensions

Events

Controllable factors => liquidity risk

Risk factors => beyond control, e.g. interest rate risk

Effects

Factors(frequency) => Events => Factors(severity) => Effects

Risk taxonomy

Modern ORM

Goals (3pts)

Provide framework, tools,infrastructure and methodologies to allow key decision makers to manage operational risks, in conformity with cost-benefit analysis, and within risk tolerance

Ensure transparency in decision making process

Embed a risk culture that harmonizes between decision makers and external stakeholders

In practice

Cost of risk = expected loss + cost of capital * unexpected loss

Strategic risk-control optimization => invest new system

Strategic risk-reward optimization

On risk-adjusted basis

Measurement

Goals

Strategic risk-reward optimization

Analyze principal-agent risk

Strategic risk-control optimization

Estimate reg. and econ. capital

Key metrics

Aggregate expected loss => mean

Aggregate unexpected loss = Total agg. risk exposure - agg. expected loss

N% level total aggregate risk exopsure

Total cost of risk

Actuarial approach

Frequency

Severity

Data

External or internal

Hard or soft