For most risk managers, Operational Risk means just five things.
- KRI
- Losses
- RCSA
- Incident Management
- Regulatory Capital
First, and possibly most usefully, it means Key Risk Indicators (KRIs), quantitative metrics that capture variance of Key Performance Indicators (KPIs). These might simple counts of incidents over a time period, like the number of payment exceptions over the month, or perhaps the number of overtime days. Second, Operational Risk means loss capture, how much money in terms of opportunity costs have we incurred over the last period. Third, Risk Control Self Assessment (RCSA) allows multiple organizational actors to estimate qualitatively the risks associated with different businesses, processes, incidents in their domain. Incident Management, is the most underused of the techniques - it focuses on how specific problems can be handled adroitly and efficiently, it's priority is internal training and facilitating workflow and efficient processes. Last and probably least useful, is the move towards capital calculation of an operational risk loss distribution, either simplistically through rough approximations like the Basic Indicator Approach and the Standardized Approach, or more ambitiously (but probably no more accurately) with the Advanced Measurement Approach which actually estimates capital by building a loss distibution model based on loss magnitude and loss frequency distributions.
No comments:
Post a Comment