proactive management of operational risk
DESCRIPTION
TRANSCRIPT
Proactive Management of Operational Risk
April 19th, 2012
Page 2
Evolution of Risk
MarketRisk
Credit Risk
Operational Risk
Page 3
Operational Risk
Internal fraud
External fraud
Safety violatio
n
Failed produc
tsPhysical asset damag
e
System failure
Execution
Page 4
Operational Risk
“The risk of loss resulting from inadequate or failed internal processes, people and systems
or from external events.”
Source: Basel Committee
Page 5
Areas of Loss
Processes SystemsPeople External Events
Internal Fraud
External Fraud
Employment Practices and Workplace Safety
Clients, Products, and Business Practices
Damage to Physical Assets
Business Disruption and System Failures
Execution, Delivery, andProcess Management
Insider trading, employee theft
Robbery, computer hacking
Discrimination, violation of organized labor activities, safety violations
Negligent failure to meet a professional obligation
Natural disaster, terrorism
Hardware/software failures, utility outages
Data entry errors, incomplete legal documentation, incorrect valuation, exceeding limits or controls , compliance violations
Basel Committee’s Potential Areas of
Loss
Page 6
Cost of Losses
Cost to fix: Internal investment or payments to third-parties
Write-downs: Loss or impairment of assets
Resolutions: Correcting the consequences
Public relations: Cost to address loss with stakeholders
Direct CostsEnhancement of controlsPreventative actionSystem upgrades or
enhancementProcess improvementLost or forgone revenueBrand value loss
Indirect Costs
Page 7
2007
2008
2009
2010
2011
2012
0
50
100
150
200
250
300
Potential Loss – FERC Penalties
FERC Civil Penalties ($MM)
Page 8
Potential Loss – Dodd Frank Impact
The Edison Electric Institute recently estimated that Dodd-Frank
mandates, which may require electric utilities to post margin on
over-the-counter transactions, would have a negative average annual cash flow impact of $250-$400
million per utility
Page 9
Potential Loss / Expense – Cyber Threats
In January 2012, US FBI director Robert Mueller testified before the
US Senate Select Committee on Intelligence that cyber threats,
both espionage and disruption, by both rogue hackers and foreign
governments, would surpass terrorism as the country’s top
concern
Page 10
Planning for Risk
Requirements & Impact
Gap Analysis“Snapshot” Roadmap
Operational Risk
Capability
Page 11
Accountability and oversight model
Supporting processes
Technology architecture
In-flight efforts
Take a “Snapshot”
Requirements & Impact
Gap Analysis
“Snapshot”
Roadmap
Page 12
Business requirements−Strategy−Process−Technology−Capabilities
Pending regulation or market change
Risks to organization, process, and technology
Qualify the Impact
Requirements & Impact
Gap Analysis
“Snapshot”
Roadmap
Page 13
Approximate costs and potential benefits
Identify big opportunities and low hanging fruit
Prioritize gaps
Map the Gaps
RequirementsGap
Analysis“Snapshot
”Roadmap
Page 14
Develop enhancement strategy
Estimate budget
Develop business case
Develop implementation plan
Plan Ahead
RequirementsGap
Analysis“Snapshot
”Roadmap
Page 15
What Will Your Future Look Like?
Regulatory changes
Market volatility
Competitive pressures
Industry dynamics
Page 17
Appendix - Case Study Example
Communication Risk Assessment
SituationThe power merchant group within a global energy company needed an executive-level view of operational processes, with a focus on key nodes of communication and potential risks due to outages of those nodes
Outcome
Detailed risk assessment
Risk heat map
Path forward