The wording of Basel II is sufficiently vague that banks are in danger of developing internal ORM systems that run the risk of not complying with interpretations of Basel II by local supervisors.
However, there are mature frameworks2 from other industries upon which the processes of Operational Risk Management could be based.
In particular, there are two risk management standards - AS/NZS 4360/2004 and COSO/ERM – that, alone or in combination, could satisfy the requirements of Basel II for systems that are ‘conceptually sound’; and
The adoption of operational risk management processes that are based on proven, practical and usable standards, should reduce the overall costs to the industry of complying with Basel II.
COSO notes that the ERM Framework is “purposefully broad”, capturing “key concepts fundamental to how companies and other organizations manage risk, and may be applied across “organizations, industries, and sectors.”