Operational Risk Managment, ORM refined,approved.pptx
shiferaw9
22 views
32 slides
Jun 13, 2024
Slide 1 of 32
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
About This Presentation
ERM, ORA
Slide Content
6/13/2024 COOPERATIVE BANK OF OROMIA | https://coopbankoromia.com.et/ 1
Operational Risk Assessment Training 03 01 02 Risk Identification Risk Analysis Risk Matrix 2 May 2024 04 Risk Treatment 05 Risk Monitoring
Overview 6/13/2024 COOPERATIVE BANK OF OROMIA | https://coopbankoromia.com.et/ 3
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 4 The Institute of Risk Management (IRM) Institute of Internal Auditors The ISO 31000: 2009 Risk Management – Principles and Guidelines standard HM Government: The Orange Book. Management of Risk – Principles and Concepts 20201 defines risk as the combination of the probability of an event and its consequence. Consequences range from positive to negative. The uncertainty of an event occurring that could have an impact on the achievement of the objectives. Risk is measured in terms of consequences and likelihood. defines risk quite simply as: The effect of uncertainty on objectives events, and their consequences. The effect of uncertainty on objectives. Risk is usually expressed in terms of causes, potential Overview Cont.…
Overview Cont.… 6/13/2024 COOPERATIVE BANK OF OROMIA | https://coopbankoromia.com.et/ 5 Risk management is the is a process of proactively identifying, measuring, controlling/mitigating, monitoring and reporting of risks using various techniques. Financial risk is a risk which directly affects the financial performance of the Bank. E.g. Credit risk, Market risk, & Liquidity risk Non-financial risk is a risk which indirectly affects the financial performance of the Bank. E.g. Operational risk, Cyber risk, strategic risk, Regulatory risk, Reputational risk.
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 6 Overview Cont.…
Operational Risk Factors Process Risk People Risk The risk of loss is caused by piracy, theft, failure, breakdown, or other technology disruption . IT problems, i.e. hardware or software failures & computer hacking or viruses; Unreliable information & security system; Network failures; Utility outages. System Risk The risk of loss arises due to damage of physical property/asset from natural or non-natural causes . Criminal activities (theft, terrorism, vandalism); Political and military events (wars, sanctions); Changes in political, legal, regulatory, tax environment; Natural events such as fire, earthquake & floods; External Risk Introduction cont.… Risk related to the execution and maintenance of transaction and the various aspects of running a business . Transaction errors, i.e. Execution, registration settlement and documentation errors; Errors in models & methods; Accounting and taxation errors; Inadequate internal procedures; Inadequate definition and attribution of responsibilities . Risk related to the execution and maintenance of transaction and the various aspects of running a business . Fraud , Criminal activities; Violation of internal & external rules; Errors related to competence or negligence; Illness, injury and problems in retaining employees;
Detective Authorization of transactions Retention of records (source documents) Supervision or monitoring of operations Physical safeguards IT Security Limit setting . Directive Directive: Accessible, detailed, written, systems and procedures, Training to ensure understanding of procedures Detective Account reconciliations Timely preparation of financial statements Review of performance reports Inventories Cash count Operational Risk & Internal Control Overview Cont.… Submit corrective journal entries after discovering an error. Implement a full restoration of a system from backup tapes after evidence is found that someone has improperly altered the payment data . Corrective
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 9 Overview Cont.…
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 10 Objectives, Risk and Internal Control Relationship Overview Cont.…
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 11 Operational Risk & Internal Control Overview Cont .…
. 6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 12 Introduction cont … Three Lines of Defence
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 13 Operational Risk Management Process
01 Risk Identification 6/13/2024 COOPERATIVE BANK OF OROMIA | https://coopbankoromia.com.et/ 14 Risk identification is the process by which banks find out potential threats to the achievement of their objectives by determining: Encompasses: Events which have occurrence history Events do not have occurrence history
Data/Information Required for Risk Identification Loss event data, Policies, procedures , guidelines … Audit reports, prior risk assessment reports, Strategic document loss experience of the industry, competitors, NBE reports other external environmental factors. 01 Risk Identification cont …
Major Risk Identification techniques Self-Assessment Questionnaire 01 Process and Risk Mapping 02 Brainstorming 03 Scenario Analysis 04 01 Risk Identification cont …
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 17 Level 1 Risks Level 2 Risks Level 3 Risks Level 4( Risk Events) Operational Risk Internal fraud Fraud and Theft Inactive account fraud Unauthorized activity Misuse of authorities and access rights External fraud First party fraud Misrepresenting identity Second party fraud Money mulling Third party fraud Robbery Agent/broker/intermediary fraud Unauthorized fee by agents Employment Practices and Workplace Safety Risk Ineffective Employment and Employee relation Insufficient number of employees Health and safety failure Pandemic Client and business process risk Client/account mismanagement failure to fulfil duties to customers Product/service quality risk Delay in product launch Business process mismanagement Deficient/Ineffective risk culture Damage to physical assets Natural disaster Earthquake, flood, Non-natural disaster Terrorist attack, civil riot Execution, delivery, & process management Risk Process design or execution failure Unclear roles and responsibilities Transaction and business process error Failure to execute transaction Monitoring and reporting failure Failed mandatory reporting obligation Process control failure Poor performance management system Process support failure Ineffective and inefficient use of staff Third party Risk (Vendor and outsourcing) Concentration Risk in outsourcing/third party Service provider concentration Country/offshore risk Communication and cultural barriers Engagement & delivery risk Low vendor reputation Vendor/supplier failure Vendor/service provider constant delay Management control failure Poor governance system Change and project management risk Change execution risk High level of resistance Project management failure Poor project/program management Legal risk Contractual risk Breach of existing contract Non-contractual obligation risk Failure to register property right Litigation risk Missing legal documentation Interpretation risk Defective application on ambiguous or untested part of the law/regulation 01 Risk Identification cont…
one or more factors that leads to risk event Cause is the anticipated direct outcome if a given risk event is materialized. Effect is a single incident that leads directly to one or more effects/consequences; Event 01 Risk Identification cont … Cause-event-effect relationship
Inadequate employee Mgt. Obsolete computer system Large transaction volumes Inadequate due diligence Cause High employee turnover System failure Failed/inaccurate reporting Financing illegible customers Event Loss of skilled manpower Loss of revenue/customer Fines (regulatory action) Legal costs (Legal Liability) Impact Examples 01 Risk Identification cont …
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 20 01 Risk Identification cont …
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 21 01 Risk Identification cont …
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 22 Source : Protecht ERM System 01 Risk Identification cont …
A Analysis of how control effectiveness is perceived. Control Analysis B C Impact is the damage or loss (net of recoverable amount +opportunity cost) of a given risk event Impact Analysis Estimation of the probability of occurrence; Likelihood Analysis 02 Risk Analysis 6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 20
Control Analysis Control Status Score Excessive 100% Effective 80% Adequate 60% Deficient 30% Ineffective 10% Description A preventive control, which is automated and has proved accurate and reliable. The existing controlling mechanism is too firm that require update. A preventive control, which is performed manually. A detective control, which is automated, or manual. Control identifies errors most of the time but exceptions are common. The control may be unstructured, not understood or poorly supervised. A missing or weak control or performed rarely. Unlikely to prevent or detect errors. Untrained or inappropriate person performing the control or insufficient information available to perform properly. 02 Risk Analysis cont.… 6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 21
Likelihood Analysis Descriptor Likelihood Almost certain above 60% Likely 40 to 60% Possible 20 to 40% Unlikely 10 to 20% Rare 0 to 10% Explanation of Historical Basis of Likelihood May occur at least once a month May occur at least once a quarter May occur at least once semi‐annually May occur at least once a year May occur once every 5 years 02 Risk Analysis Cont.…. 22 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 6/13/2024
Impact Analysis Score Rating Financial loss Health and safety Reputation and Image Performance Regulatory 1. Insignificant Less than 0.005% of the Bank’s capital. No or only minor personal injury or health impact; First aid needed but no days lost. No local media attention or coverage Up to 5% variation on objectives accomplishment. No noticeable regulatory impacts; 2. Minor [0.005% to 0.01%] of the Bank’s capital. Minor injury; Medical treatment and up to 1 week incapacity to resume work. Low local news coverage but not appearing on news headlines or not shared by social media; but quickly remedied. (5% - 10%] variation on objectives accomplishment. Temporary non-compliance with regulatory requirements; verbal corrective advice or warning from regulatory organ. 3. Moderate (0.01% to 1%] of the Bank’s capital. Noticeable or significant injuries or health impacts; Possible hospitalization and up to 1 month incapacity to resume work. Moderate local news coverage, (national short period of time negative media coverage). Appearing on news headlines of less than three mass media or shared by one social media. (10%-25%] variation on objectives accomplishment Short period of time non-compliance with significant regulatory requirements. Written warnings from regulatory organ. 4. Major (1% to 5%] of the Bank’s capital. Single death and/or long-term illness or multiple serious injuries or health impacts. High local news profile, (National long period of time negative media coverage); Appearing on news headlines of more than three mass media and shared by more than one social media. Significant loss of market share. (25%-50%] variation on objectives accomplishment Significant non-compliance with essential regulatory requirements. Financial loss and imprisonment of staff. 5. Extreme Greater than 5% of the Bank’s capital. Multiple deaths or very sever health crises/injuries/ disabilities Widespread local and international news coverage, and almost all social medias; international long period of time negative media coverage; game-changing loss of market share More than 50% variation on objectives accomplishment Long period of time or indefinite non-compliance with essential regulatory requirements; Partial or full business closure/business discontinuation 02 Risk Analysis Cont.…. 6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 23
03 Risk Matrix 6/13/2024 COOPERATIVE BANK OF OROMIA | https://coopbankoromia.com.et/ 27 1-3 4-6 8-12 15-25 Low Risk Moderate Risk High Risk Very High Risk
04 Risk Treatment 6/13/2024 COOPERATIVE BANK OF OROMIA | https://coopbankoromia.com.et/ 5
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 29 04 Risk Treatment Cont …. Action Plans
2002 is tracking how well the overall ORM is doing in line with the predefined framework. helps banks to identify operational gaps and control weaknesses so that appropriate adjustments could be carried out. Action plan implementation and ORA status (Progress) Follow-up 05 Risk Monitoring
6/13/2024 COOPERATIVE BNAK OF OROMIA | https://coopbankoromia.com.et/ 31 05 Risk Monitoring Cont.…
6/13/2024 COOPERATIVE BANK OF OROMIA | https://coopbankoromia.com.et/ 32 Thank you
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 22
- Slides 32
- Age 536 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views