Create a plan that details a methodical approach to risk assessment (Why…
Create a plan that details a methodical approach to risk assessment
Why Assess Risk?
Understand Likelihood of risks
Understand impact of such risks
A quantitative baseline can be established of the potential risks that the business faces.
Assign responsibility for the management of risks
Can encourage Risk to rise to prominence within a organisation
The risk appetite for the firm can be established and the decision-making process improved.
A capital allocation figure with respect to operational risk can be established.
Why Measure Operating Risk?
Establish a quantitative baseline for operating and improving the control environment.
Ensure there is appropriate accountability and responsibility for risk management. By understanding where risk occurs and measuring how big it is, accountability and responsibility can be assigned to the people that are in the best position to manage it.
Provide an incentive for risk management and the development of a risk-aware culture within the business
Improve management decision-making. By knowing the size of risks they face, firms are in a position to decide how much risk they wish to take, as described in the last chapter.
Satisfy regulators and stakeholders that the firm is adopting a proactive and transparent approach to risk management.
Make an assessment of the financial risk exposure that can be used for capital allocation purposes.
Risk Measurement approaches
is the loss that is expected to arise on average in connection with an activity. It is an inherent cost of such activity and is budgeted and, where permitted, deducted directly from revenues
Statistical loss (also known as unexpected loss)
is an estimate of the amount that actual loss can exceed expected loss over a specified time horizon measured to a specific level of confidence (probability)
is the loss that could arise from extreme events. Stress situations can arise from many sources and when extreme events do occur, quantitative and qualitative risk assessments alone are not sufficient. In these cases, the essential elements are a tried and tested disaster recovery process and well-prepared business continuity plans. These will be discussed later on in the chapter dedicated to business continuity management.
Assessment v Measurement
Measurement: Objective assessment of data
Assessment: Subjective assessment of the data and it's appropriateness
Steps to be taken when assessing risk:
Review actual operational losses – or events that could have resulted in significant losses
Consider the effectiveness of controls
Undertake an internal assessment of risks inherent in its operations
Consider other risk indicators
Consider reported external operational losses and exposures
Review changes in its operational environment
Cause & Effect
a trigger for a risk to take place
the consequence of this event