Overseeing an operational risk programme never ceases to fascinate me. There are aspects to op risk that are overwhelmingly unique from any other risk discipline. As I have said previously, it has the most moving parts. It involves every single person in the company, without exception. It is constantly in motion, involving an ever-changing set of assumptions and forces. And it is, ironically, sometimes unfortunately, and perhaps more importantly, the most intuitive.
Eric singles out the large mistake many organizations have made. Certification of controls for SOX 404 misses many of the OP risk factors and is all to focused on the financial control itself. Operational Risk assessments properly look at the potential and the likelihood of failures in the process so far, as well as potential threats to the process in a high moving parts environment.
The hint in his article about evaluation of core processes under the "heat lamp" is most critical. When people and systems are concerned, there are all too many opportunities for a failure and potential losses to occur. And those people are exactly who are the ones to be in the drivers seat to analyze those places that the proper tools in the right hands could exploit a known vulnerability. They may not know all of the ways to mitigate the threat, yet they are where you are going to get your "intuition" on what could happen.
As Eric says, "Operational Risk is constantly in motion", and assumptions change as often as the weather.
As the discipline of OPS Risk matures in the white collar world of Wall Street and the blue collar world of small community banking one thing is certain. No one will ever be able to predict or provide a scenario analysis that prepares exactly for the next incident. Mother Nature may act the same over and over to some degree and that helps us think in terms of magnitudes and categories. What about the person sitting in the next office who makes a random decision to inflate last months expense report? What about that electrical fire in the storage room?
Those who can master the art of change and rapidly adapt as unforeseen events occur will be here tomorrow to take on that next unplanned scenario.
operational risk
No comments:
Post a Comment