Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
• Certified Internal Auditor (IIA), Member and Trainer from PRMIA since 2012,
Fellow Member of the Institute of Operational Risk (FIOR) and Honorary
Member of the Institute of Risk Management (MIRM)
• Formerly
• Head of Operational Risk Management at ING Group SWE (Belgium)
• Head of Insight and Operational Risk Framework Analysis at Lloyds Banking
Group (UK)
• Owner and Director of Ariane Chapelle Consulting Ltd:
www.chapelleconsulting.com
Join audio:
• Choose “Mic & Speakers” to
use VoIP
• Choose “Telephone” and dial
using the information
provided
This material is the intellectual property of PRMIA and shall not be reproduced or used without the express written permission of PRMIA.
1. Click circle
next to your
answer
2. Click Submit
This material is the intellectual property of PRMIA and shall not be reproduced or used without the express written permission of PRMIA.
• Supervision
• Implementation of regulation
• Internal controls
• Undertaken by a financial institution to prevent or detect fraudulent
behaviour
© 2017 The Professional Risk Managers’ International Association 14
Basel II: Operational Risk
.. is the risk of loss resulting from inadequate or failed internal processes, people,
and systems or from external events. (Basel II, Solvency II)
Execution errors
Employment practice
ORM Handbook, p. 25
© 2017 The Professional Risk Managers’ International Association 18
Origin: CG Reports
• 1992 Cadbury Report – “The Financial Aspects of Corporate Governance: Final
Report”
• 1995 Greenbury Report – “Directors' Remuneration: Report of a Study Group
Chaired by Sir Richard Greenbury”
• 1998 Hampel Report – “Committee on Corporate Governance” that initiated The
Combined Code
• 1999 Turnbull Report – “Internal Control: Guidance for Directors on the
Combined Code”
• 2001 Myners Report – “Institutional Investment In The United Kingdom: A
Review On Institutional Investors”
• 2003 Higgs Report – “Review Of The Role And Effectiveness Of Non-Executive
Directors”
• 2009 Walker Review – “A Review Of Corporate Governance In UK Banks And
Other Financial Industry Entities”
• The starting point for Turnbull compliance is that the directors have
identified and assessed significant risks facing the company
© 2017 The Professional Risk Managers’ International Association 19
Turnbull Report:
Risk and Responsibilities
• “(Board) policies should take account of the risks faced by the company, its risk
appetite, the controllability of the risks and the cost/benefit of the controls
identified. The control system should be embedded and responsive, it should
include procedures for reporting failures and weaknesses, together with the
corrective action taken.”
• General Imperative
• [Listed] companies are expected to have a sound system of internal control in place to
safeguard shareholders’ investment and the company’s assets.
• Risk Review Process
• Management needs to review the effectiveness of internal controls on at least an annual
basis; The risks facing the organization should be regularly evaluated; Your review should
include risk management, operation and compliance, as well as financial controls.
• Board Responsibilities
• Risk management is the collective responsibility of the whole Board; The Board is
ultimately responsible for internal control, but may delegate aspects of the review work;
The Board needs to keep under review the need for an internal audit department.
Decision
Authority Group Recommend Board Risk
Board Committee
Strategic
Risk Appetite
Risk Governance & Escalation
Escalate
Implement Escalate
Risk Taking
Business Challenge Business
Function Risk/Control
Management Monitor Committees
Controlling
Board
ORM Handbook, p.32
• Under the OECD and other guidance, the board has full
responsibility for risk. The board should:
• confirm that the set of strategic risks and their priorities adequately
reflects the current environment;
• ensure that substantial audit processes are in place ;
• consider and then decide whether controls for identified areas of risk are
appropriate;
• ensure that outcomes from the risk management process form the basis
for the development of the strategic audit and annual audit work plans;
• review and comment on the annual risk management report by the chief
risk officer.
Risk Frequency
Division/
Activity
organisation, highlighting:
• Risks approaching or in excess of
risk appetite
•
Division/
Action plans for risk mitigation Activity
Implement the
Partnership between 1st LoD and 2nd LoD
ERMF Develop the ERMF
Assess changes in
Escalate Risk Appetite
Risk Profile against Agree Risk Appetite Agree Key Risk
breaches
Appetite Limits /Thresholds Indicators
Source: A. Y’Barra, Head of Risk BGMU, IOR presentation 2013, reproduced with permission
© 2017 The Professional Risk Managers’ International Association 32
Risk Management: Process
ORM Handbook, p. 39
! Be aware of information
quality to avoid misleading
results
For example, all computers fail eventually, but is it worth having a maintenance
contract, Association
© 2017 The Professional Risk Managers’ International or is it better to have a “chuck and replace” policy (i.e. throw the machine 34
Process: Viable System Model (VSM) in Control & Monitoring (System 3)