SlideShare une entreprise Scribd logo

51_operational_risk

H
Hafeez Farooq

Operational risk is the risk of loss from inadequate or failed internal processes, people, and systems or from external events. This document provides a summary of operational risk, including: 1) It defines operational risk and provides examples such as business interruption, errors by employees, product failure, and IT systems failure. 2) Risks can be identified through various techniques like workshops and audits to assess processes. They are then assessed for impact and likelihood. 3) Operational risks are managed through techniques like risk acceptance, risk sharing, risk reduction, and risk avoidance such as purchasing insurance. Ongoing monitoring and review is important.

1  sur  14
Télécharger pour lire hors ligne
Operational riskTopic Gateway Series 1 Prepared by Helen Matthews and Technical Information Service September 2008 Operational Risk Topic Gateway series No. 51
Operational riskTopic Gateway Series About Topic Gateways Topic Gateways are intended as a refresher or introduction to topics of interest to CIMA members. They include a basic definition, a brief overview and a fuller explanation of practical application. Finally they signpost some further resources for detailed understanding and research. Topic Gateways are available electronically to CIMA members only in the CPD Centre on the CIMA website, along with a number of electronic resources. About the Technical Information Service CIMA supports its members and students with its Technical Information Service (TIS) for their work and CPD needs. Our information specialists and accounting specialists work closely together to identify or create authoritative resources to help members resolve their work related information needs. Additionally, our accounting specialists can help CIMA members and students with the interpretation of guidance on financial reporting, financial management and performance management, as defined in the CIMA Official Terminology 2005 edition. CIMA members and students should sign into My CIMA to access these services and resources. 2 The Chartered Institute of Management Accountants 26 Chapter Street London SW1P 4NP United Kingdom T. +44 (0)20 8849 2259 F. +44 (0)20 8849 2468 E. tis@cimaglobal.com www.cimaglobal.com
Operational riskTopic Gateway Series 3 Definition and concept What is business/operational risk? ‘Business/operational risk relates to activities carried out within an entity, arising from structure, systems, people, products or processes.’ CIMA Official Terminology, 2005 Operational risk has also been defined as: ‘The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.’ Basel Committee on Banking Supervision, 2004 Risk management is: ‘A process of understanding and managing the risks that the entity is inevitably subject to in attempting to achieve its corporate objectives. For management purposes, risks are usually divided into categories such as operational, financial, legal compliance, information and personnel. One example of an integrated solution to risk management is enterprise risk management.’ CIMA Official Terminology, 2005 Context In the current syllabus, CIMA students will learn and may be examined on this topic in Paper 3, Management Accounting Risk and Control Strategy. In the CIMA Professional Development Framework, risk (including operational risk) features in Governance, Enterprise Risk Management, and Business Skills, Business Acumen and Manage Risk. Related concepts Introduction to managing risk; enterprise risk management.
Operational riskTopic Gateway Series 4 Overview There is a huge variety of specific operational risks. By their nature, they are often less visible than other risks and are often difficult to pin down precisely. Operational risks range from the very small, for example, the risk of loss due to minor human mistakes, to the very large, such as the risk of bankruptcy due to serious fraud. Operational risk can occur at every level in an organisation. The type of risks associated with business and operation risk relate to: • business interruption • errors or omissions by employees • product failure • health and safety • failure of IT systems • fraud • loss of key people • litigation • loss of suppliers. Operational risks are generally within the control of the organisation through risk assessment and risk management practices, including internal control and insurance.
Operational riskTopic Gateway Series 5 Application Risk categorisation Risks can be categorised in a number of ways. A popular way is to use one of four main categories, namely operational risk, financial risk, environmental risk and reputational risk. It is important that risks are categorised in a way that is relevant to the needs of the organisation. Some of the benefits of categorisation include: • providing a framework that can be used to define who is responsible, to design appropriate internal controls and to assist in simplified risk reporting • assisting managers to identify how they can use their past experience to categorise risk • helping organisations to identify related risks in the same category • giving assistance in recognising which risks are inter-related. Operational risk identification Operational risk sources may be internal or external to the business and are usually generated by people, processes and technology. Identification is one of the most important areas of managing risk. Failure to identify risk will certainly mean that no action is taken to manage that risk. There are a number of different techniques that can be used to identify risk. A common method used in risk identification is the use of workshops to ‘brainstorm’. This can be used at different levels of the organisation and can identify a large number of risks in a short time. To keep ideas flowing, it is important to keep identification sessions focused on identifying risks and not to move on to evaluate the risks. Operational risks are largely based on procedures and processes, so this lends itself to the use of audit for risk identification purposes. Risk based audit can be used as a tool to identify risks, as well as a method of reporting to the board on the effectiveness of the organisation’s risk management framework.
Operational riskTopic Gateway Series Risk based audit can use the following methods to assess risks: • intuitive or judgemental assessment • risk assessment matrix • risk ranking. Another approach to identifying operational risk is to look for critical dependencies in people, processes, systems and external structures. Once identified, the dependencies can be managed or engineered by adding fail-safes and system redundancies. Other approaches include physical inspection and incident investigation. Once risks have been identified based on a suitable way of categorising them, it becomes possible to think of tools that may be used to measure and manage them. Risk assessment and measuring Various methods may be used to assess the severity of each risk once it has been identified. One of the reasons for measuring risk is that it allows the most significant risks to be prioritised. The result or impact of a risk occurring may be financial loss, damage to reputation, process change or a combination of these. One of the simplest ways to measure risks is to apply an impact and likelihood matrix which provides an overall risk rating. Adapted from: Emergency Preparedness (Guidance on part 1 of the Civil Contingencies Act 2004) 6
Operational riskTopic Gateway Series 7 One of the issues with measuring risk is that there are objective or subjective risks. Many risks are subjective and qualitative, rather than objectively identifiable and measurable. For example, the risks of litigation, economic downturn, loss of key employees, natural disasters and loss of reputation are all subjective judgements. There is an important distinction between objective, measurable risks and subjective, perceived risks. Some of the factors that influence this distinction are: • how recently the risk has occurred • how visible the risk is • how management perceives the risk • how the organisation establishes formal or informal ways of dealing with the risk. The analysis can be either quantitative or qualitative, but it should allow for comparison and trend analysis. One of the issues with risk assessment is that traditional risk assessment techniques often focus on those elements that can be quantified easily. Such techniques fail to address all critical drivers of successful risk management. Impact When considering the impact of operational risk there are three primary areas that affect the business activity. Property exposures – these relate to the physical assets belonging to or entrusted to the business. Personnel exposures – these relate to the risks faced by all those who work for and with the business, including customers, suppliers and contractors. Financial exposures – these relate to all aspects of the company’s ability to trade, whether profitability or not, and cover internal and external exposures of all types. Financial exposures also include intellectual property, goodwill and patents.
Operational riskTopic Gateway Series 8 Managing operational risks Risk evaluation is used to make decisions about the significance of the risks to the organisation and whether each specific risk should be accepted or treated. When looking at operational risk management, it is important to align it with the organisation’s risk appetite. The risk appetite will be influenced by the size and type of organisation, its capacity for risk and its ability to exploit opportunities and withstand setbacks. Once the severity of the risk has been established, one or more of the following methods of controlling risk can be applied: • accepting the risk • sharing or transferring the risk • risk reduction • risk avoidance. Insurance is a long established control method for transferring risk. This applies to a number of types of operational risk, for example, damage to buildings. However, more recently there has been an increase in the use of insurance combined with other methods such as business continuity management. One issue with measuring and managing subjective operational risks is that unless the risk occurs, it is not possible to be certain of the impact of the risk. The severity of the risk may be underestimated. One of the issues with operational risk is the continuously changing business environment. This is stressed in Internal control: guidance for directors on the Combined Code, also known as the Turnbull Report (1999), which states: ‘A company’s objectives, its internal organisation and the environment in which it operates, are continually evolving and, as a result, the risks it faces are continually changing. A sound system of internal control therefore depends on a thorough and regular evaluation of the risks to which it is exposed.’ Once a decision has been made about how to manage or control the risk, it is important to have a process in place to monitor actively and to review and report regularly on the risk management framework.
Operational riskTopic Gateway Series 9 Critical success factors in risk management are: • clearly identified senior management to support, own and lead on risk management • existence and adoption of a framework for risk management that is transparent and repeatable • risk is actively monitored and regularly reviewed • management of risk is fully embedded in the management process and consistently applied • clear communication with all staff • management of risks is closely linked to the achievement of objectives. Case studies Case: Managing business interruption – Lehman Brothers This case study looks at the lessons learned from 11 September 2001 in relation to business continuity management. Available from: http://digbig.com/4xewr [Accessed 17 July 2008] One of the key operational risks to any organisation is business interruption. To manage this risk, organisations must have a robust business continuity plan. There is a close link between business continuity management (BCM) and operational risk. There have been significant developments in the area of BCM. Earlier disaster recovery plans anticipated a failure and subsequent recovery from it, while many business operations now are so time critical that no outage whatsoever can be tolerated. BCM now embraces both the creation of a ‘non-stop’ infrastructure and operational capability, as well as recovery from operational failure. Five key steps in business continuity management: 1. Assessing and objective setting. 2. Critical process identification. 3. Business impact analysis. 4. Business continuity planning (BCP). 5. Monitoring, testing and improving.
Operational riskTopic Gateway Series 10 Other case studies The Confederation of British Industry (CBI) produces a variety of business guides. Included within these guides are a number of case studies covering the implementation of an operation risk management system. Available from: www.cbi.org.uk [Accessed 18 July 2008] Amersham PLC case study: business risk management in practice in Rock, S. (ed). Managing business risk – CBI Business Guide This article outlines the implementation and embedding of operation risk measures across an organisation. Thomas, D. Implementing a risk management programme, pp 23-27 in Rock, S. (ed.) Business risk – CBI Business Guide Woods, M., Kajuter, P. and Linsley, P. (ed.) (2007). The case of the Telecom Italia Group – from internal audit to enterprise risks management in International risk management systems, internal control and corporate governance. Oxford: Elsevier. This case study outlines the process of implementation and benefits of ERM relating to operational risk. Implementation of risk management in the public sector. This case study looks at the key risk management processes at the Department of Natural Resources and Environment (DNRE) in Victoria, Australia. It examines DNRE's drivers, implementation, successes, lessons learned, future directions and implications within a public sector arena. Available from: http://digbig.com/4xews [Accessed 17 July 2008] References DeLoach, J. (2000). Enterprise-wide risk management: strategies for linking risk and opportunity. Harlow: Financial Times/Prentice Hall McNeill, I. (2003). Business continuity in Jolly, A. (ed.) Managing Business Risk. London: Kogan Page Enterprise risk management: integrated framework. Executive summary. Committee of Sponsoring Organisations of the Treadway Commission (COSO), September 2004. Available from: http://digbig.com/4xeqm [Accessed 16 July 2008]
Operational riskTopic Gateway Series 11 (2008). Paper P3, Management accounting, risk and control strategy. CIMA Official Learning System. Oxford: Elsevier (2002). Risk management: a guide to good practice. London: CIMA (2000). Croner’s management of business risk. Kingston upon Thames: CCH Further information Articles Full text articles available to CIMA members from Business Source Corporate through My CIMA www.cimaglobal.com/mycima [Accessed 17 July 2008] Backhouse, T. Operational risk management: overcoming the hidden dangers. Credit Control, 2002, Volume 23, Issue 5, p. 28 Grody, A.D. Operational risk management to the rescue. Securities Industry News, 26/05/2008, Volume 20, Issue 21, pp 4-10 Hanssen, J. Corporate culture and operational risk management. Bank Accounting and Finance, February/March 2005, Volume 18, Issue 2, pp 35-38 Katz, D. How much of ‘operational’ risk management is hype? National Underwriter/Property and Casualty Risk and Benefits Management, 05/06/2000, Volume 104, Issue 23, p. 15 Lindseth, S. Operational risk management. DM Review, February 2005, Volume 15, Issue 2, pp 30-33 McCollum, T. Audit committees focus on operational risk. Internal Auditor, June 2008, Volume 65, Issue 3, pp 15-16 Sharon, B. Operational risk management: the difference between risk management and compliance. Business Credit, July/August 2006, Volume 108, Issue 7, pp 12-14 Shea, E.P. Establish operational risk and compliance management as a sustainable business process. Business Credit, May 2006, Volume 108, Issue 5, p. 16
Operational riskTopic Gateway Series 12 Books Alexander, C. (2003). Operational risk: regulation, analysis and management. Harlow: Pearson Education Barlow, Lyde and Gilbert. Scott, A. (ed). (2000). Risk management for accountants. London: ABG Professional Information Dowd, K. (1998). Beyond value at risk: the new science of risk management. Chichester: Wiley. (Wiley Series in Frontiers in Finance) Davis, E. (2006). The advanced measurement approach to operational risk. London: Risk Books Davis, E.L. (2005). Operational risk: practical approaches to implementation. London: Risk Books Hoffman, D. (2002). Managing operational risk: 20 firmwide best practice strategies. New York: Jonn Wiley and Sons. (Wiley Finance Series) Kaiser, T. (2006). An introduction to operational risk: a practitioner guide. London: Risk Books Loader, D. (2006). Operations risk: managing a key component of operational risk. Oxford: Elsevier. (Elsevier Finance Series) Nash, T. (ed.) (2003). Risk management: helping directors to identify and control business risks effectively. London: Director Publications (published for the Institute of Directors and AXA Insurance). (A Director’s Guide Series) Reuvid, J. (ed.) (2007). Managing business risk: a practical guide to protecting your business. 4th ed. London: Kogan Page Scandizzo, S. (2007). The operational risk manager’s guide: how to understand methodologies, policies and procedures. London: Risk Books Vinella, P. and Jin, J. (2006). Corporate governance and operational risk: a practical guide. New York: Wiley. (Wiley Finance Series) (2007). Management of risk: guidance to practitioners. 2nd ed. London: Stationery Office
Operational riskTopic Gateway Series 13 CIMA publications Collier, P., Berry, A. and Burke, G. (2006). Risk and management accounting: best practice guidelines for enterprise-wide internal control procedures. Research Executive Summary Series, Volume 2, No. 11, London: CIMA Available from: www.cimaglobal.com/researchexecsummaries [Accessed 16 July 2008] Collier, P.M. and Agyei-Ampomah, S. (2006) Management accounting: risk and control strategy. CIMA Official Study System. Oxford: Elsevier Epstein, M.J. and Buhovac, A.R. (2006). The reporting of organisation risk for internal and external decision makers. CIMA Management Accounting Guideline. Available from: http://digbig.com/4xeqc [Accessed 16 July 2008] Helliar, C. et al. (2005). Interest rate risk management: an investigation into the management of interest rate risk in UK companies. Research Executive Summary Series, Volume 2, No. 4. London: CIMA Available from: www.cimaglobal.com/researchexecsummaries [Accessed 16 July 2008] Krell, E. (2006). Business Continuity Management. CIMA Management Accounting Guideline. Available from: http://digbig.com/4xeqf [Accessed 16 July 2008] Other publications Muermann, A. and Oktem, U. The near-miss management of operational risk. Philadelphia: The Wharton School, University of Pennsylvania Available from: http://digbig.com/4xeqh [Accessed 16 July 2008] (2002). Managing risk to enhance shareholder value. IFAC/CIMA. Available from: http://digbig.com/4xeqg [Accessed 16 July 2008]
Operational riskTopic Gateway Series Websites The Business Continuity Institute (BCI) The BCI promotes business continuity management worldwide. Available from: www.thebci.org [Accessed 16 July 2008] The Journal of Operational Risk Subscription journal on operational risk. Available from: www.thejournalofoperationalrisk.com [Accessed 16 July 2008] KnowledgeLeader Subscription website that provides audit programmes, checklists, tools, resources and best practice information to help internal auditors and risk management professionals save time, manage risk, and add value. 30 day free trial available. Available from: http://digbig.com/4xeqb [Accessed 16 July 2008] 14 Printed in Great Britain Copyright ©CIMA 2008 First published in 2008 by: The Chartered Institute of Management Accountants 26 Chapter Street London SW1P 4NP United Kingdom All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means method or device, electronic (whether now or hereafter known or developed), mechanical, photocopying, recorded or otherwise, without the prior permission of the publishers. No responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication can be accepted by the authors or the publishers. Permission requests should be submitted to CIMA at tis@cimaglobal.com

Recommandé

Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks ManagementTariq minhas
 
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsEMAC Consulting Group
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
The importance of risk management in business
The importance of risk management in businessThe importance of risk management in business
The importance of risk management in businessr2financial
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...Hassan Zaitoun
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAndre Knipe
 

Recommandé

Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks ManagementTariq minhas
 
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsEMAC Consulting Group
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
The importance of risk management in business
The importance of risk management in businessThe importance of risk management in business
The importance of risk management in businessr2financial
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...Hassan Zaitoun
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAndre Knipe
 
Enterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy JacobusEnterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy JacobusDeddy Jacobus
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCPRon Andrews
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Coso erm frmwrk
Coso erm frmwrkCoso erm frmwrk
Coso erm frmwrkRavinder Kumar Bhan
 
COSO ERM Topology
COSO ERM TopologyCOSO ERM Topology
COSO ERM TopologyJason Rusch - CISSP CGEIT CISM CISA GNSA
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820สปสช นครสวรรค์
 
Dtt Fsi Global Risk Management Survey Fifth Edition
Dtt Fsi Global Risk Management Survey Fifth EditionDtt Fsi Global Risk Management Survey Fifth Edition
Dtt Fsi Global Risk Management Survey Fifth Editionbartonp
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementContinuity and Resilience
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingveritama
 
Dubai Nov08 Erm Gs Khoo
Dubai Nov08 Erm Gs KhooDubai Nov08 Erm Gs Khoo
Dubai Nov08 Erm Gs KhooGuan Khoo
 
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Management Institution of Australasia
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeCareer Communications Group
 
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Hajar Mouatassim Lahmini
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
exhibition portfolio
exhibition portfolioexhibition portfolio
exhibition portfolioKatrina-Monica Zacarias
 
Sbs Why You Should Get Social
Sbs Why You Should Get SocialSbs Why You Should Get Social
Sbs Why You Should Get Socialjuliansteedman
 
Fraser Cumming Dec 09 2015
Fraser Cumming Dec 09 2015Fraser Cumming Dec 09 2015
Fraser Cumming Dec 09 2015Fraser Cumming
 
Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...
Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...
Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...Terrell Patillo
 
VLT micro drive FC51
VLT micro drive FC51VLT micro drive FC51
VLT micro drive FC51Công ty cổ phần OKS | Tổng thầu thi công Nhà máy GMP, Tổng thầu thi công Nhà kho GSP
 

Contenu connexe

Tendances

Enterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy JacobusEnterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy JacobusDeddy Jacobus
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCPRon Andrews
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Dtt Fsi Global Risk Management Survey Fifth Edition
Dtt Fsi Global Risk Management Survey Fifth EditionDtt Fsi Global Risk Management Survey Fifth Edition
Dtt Fsi Global Risk Management Survey Fifth Editionbartonp
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingveritama
 
Dubai Nov08 Erm Gs Khoo
Dubai Nov08 Erm Gs KhooDubai Nov08 Erm Gs Khoo
Dubai Nov08 Erm Gs KhooGuan Khoo
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeCareer Communications Group
 
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Hajar Mouatassim Lahmini
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 

Tendances (17)

Enterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy JacobusEnterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy Jacobus
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Coso erm frmwrk
Coso erm frmwrkCoso erm frmwrk
Coso erm frmwrk
 
COSO ERM Topology
COSO ERM TopologyCOSO ERM Topology
COSO ERM Topology
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820
 
Dtt Fsi Global Risk Management Survey Fifth Edition
Dtt Fsi Global Risk Management Survey Fifth EditionDtt Fsi Global Risk Management Survey Fifth Edition
Dtt Fsi Global Risk Management Survey Fifth Edition
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution training
 
Dubai Nov08 Erm Gs Khoo
Dubai Nov08 Erm Gs KhooDubai Nov08 Erm Gs Khoo
Dubai Nov08 Erm Gs Khoo
 
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation Age
 
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 

En vedette

Sbs Why You Should Get Social
Sbs Why You Should Get SocialSbs Why You Should Get Social
Sbs Why You Should Get Socialjuliansteedman
 
Fraser Cumming Dec 09 2015
Fraser Cumming Dec 09 2015Fraser Cumming Dec 09 2015
Fraser Cumming Dec 09 2015Fraser Cumming
 
Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...
Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...
Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...Terrell Patillo
 
Modelo pedagogico-cognitivo-y-el-constructivismo-humano
Modelo pedagogico-cognitivo-y-el-constructivismo-humanoModelo pedagogico-cognitivo-y-el-constructivismo-humano
Modelo pedagogico-cognitivo-y-el-constructivismo-humanocaice04
 

En vedette (8)

exhibition portfolio
exhibition portfolioexhibition portfolio
exhibition portfolio
 
Sbs Why You Should Get Social
Sbs Why You Should Get SocialSbs Why You Should Get Social
Sbs Why You Should Get Social
 
Fraser Cumming Dec 09 2015
Fraser Cumming Dec 09 2015Fraser Cumming Dec 09 2015
Fraser Cumming Dec 09 2015
 
Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...
Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...
Vietnam Veterans Newsletter 12/15 page 18. PA Government Officials commit fra...
 
VLT micro drive FC51
VLT micro drive FC51VLT micro drive FC51
VLT micro drive FC51
 
mlt
mltmlt
mlt
 
Divina Proportio1
Divina Proportio1Divina Proportio1
Divina Proportio1
 
Modelo pedagogico-cognitivo-y-el-constructivismo-humano
Modelo pedagogico-cognitivo-y-el-constructivismo-humanoModelo pedagogico-cognitivo-y-el-constructivismo-humano
Modelo pedagogico-cognitivo-y-el-constructivismo-humano
 

Similaire à 51_operational_risk

project risk management
project risk managementproject risk management
project risk managementAshima Thakur
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
Risk management Phase 1-5 Individual Project.docx
Risk management Phase 1-5 Individual Project.docxRisk management Phase 1-5 Individual Project.docx
Risk management Phase 1-5 Individual Project.docxjoellemurphey
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
Management of risks and implication on the nigerian manufacturing sector
Management of risks and implication on the nigerian manufacturing sectorManagement of risks and implication on the nigerian manufacturing sector
Management of risks and implication on the nigerian manufacturing sectorAlexander Decker
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
 
Table of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docxTable of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docxmattinsonjanel
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk managementInfosys
 
Risk management osh
Risk management oshRisk management osh
Risk management oshjaycatubig
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfRobert Serena, FSA, CFA, CPCU
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introductionSpyros Ktenas
 

Similaire à 51_operational_risk (20)

Risk Management in Business
Risk Management in BusinessRisk Management in Business
Risk Management in Business
 
Risk management
Risk managementRisk management
Risk management
 
project risk management
project risk managementproject risk management
project risk management
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Risk management Phase 1-5 Individual Project.docx
Risk management Phase 1-5 Individual Project.docxRisk management Phase 1-5 Individual Project.docx
Risk management Phase 1-5 Individual Project.docx
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
Management of risks and implication on the nigerian manufacturing sector
Management of risks and implication on the nigerian manufacturing sectorManagement of risks and implication on the nigerian manufacturing sector
Management of risks and implication on the nigerian manufacturing sector
 
Essay On Risk Management
Essay On Risk ManagementEssay On Risk Management
Essay On Risk Management
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
 
Table of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docxTable of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docx
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Dealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem RiskDealing with Operational and Ecosystem Risk
Dealing with Operational and Ecosystem Risk
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
Risk management osh
Risk management oshRisk management osh
Risk management osh
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
Risk management standard 030820
Risk management standard 030820 Risk management standard 030820
Risk management standard 030820
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introduction
 

51_operational_risk

  • 1. Operational riskTopic Gateway Series 1 Prepared by Helen Matthews and Technical Information Service September 2008 Operational Risk Topic Gateway series No. 51
  • 2. Operational riskTopic Gateway Series About Topic Gateways Topic Gateways are intended as a refresher or introduction to topics of interest to CIMA members. They include a basic definition, a brief overview and a fuller explanation of practical application. Finally they signpost some further resources for detailed understanding and research. Topic Gateways are available electronically to CIMA members only in the CPD Centre on the CIMA website, along with a number of electronic resources. About the Technical Information Service CIMA supports its members and students with its Technical Information Service (TIS) for their work and CPD needs. Our information specialists and accounting specialists work closely together to identify or create authoritative resources to help members resolve their work related information needs. Additionally, our accounting specialists can help CIMA members and students with the interpretation of guidance on financial reporting, financial management and performance management, as defined in the CIMA Official Terminology 2005 edition. CIMA members and students should sign into My CIMA to access these services and resources. 2 The Chartered Institute of Management Accountants 26 Chapter Street London SW1P 4NP United Kingdom T. +44 (0)20 8849 2259 F. +44 (0)20 8849 2468 E. tis@cimaglobal.com www.cimaglobal.com
  • 3. Operational riskTopic Gateway Series 3 Definition and concept What is business/operational risk? ‘Business/operational risk relates to activities carried out within an entity, arising from structure, systems, people, products or processes.’ CIMA Official Terminology, 2005 Operational risk has also been defined as: ‘The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.’ Basel Committee on Banking Supervision, 2004 Risk management is: ‘A process of understanding and managing the risks that the entity is inevitably subject to in attempting to achieve its corporate objectives. For management purposes, risks are usually divided into categories such as operational, financial, legal compliance, information and personnel. One example of an integrated solution to risk management is enterprise risk management.’ CIMA Official Terminology, 2005 Context In the current syllabus, CIMA students will learn and may be examined on this topic in Paper 3, Management Accounting Risk and Control Strategy. In the CIMA Professional Development Framework, risk (including operational risk) features in Governance, Enterprise Risk Management, and Business Skills, Business Acumen and Manage Risk. Related concepts Introduction to managing risk; enterprise risk management.
  • 4. Operational riskTopic Gateway Series 4 Overview There is a huge variety of specific operational risks. By their nature, they are often less visible than other risks and are often difficult to pin down precisely. Operational risks range from the very small, for example, the risk of loss due to minor human mistakes, to the very large, such as the risk of bankruptcy due to serious fraud. Operational risk can occur at every level in an organisation. The type of risks associated with business and operation risk relate to: • business interruption • errors or omissions by employees • product failure • health and safety • failure of IT systems • fraud • loss of key people • litigation • loss of suppliers. Operational risks are generally within the control of the organisation through risk assessment and risk management practices, including internal control and insurance.
  • 5. Operational riskTopic Gateway Series 5 Application Risk categorisation Risks can be categorised in a number of ways. A popular way is to use one of four main categories, namely operational risk, financial risk, environmental risk and reputational risk. It is important that risks are categorised in a way that is relevant to the needs of the organisation. Some of the benefits of categorisation include: • providing a framework that can be used to define who is responsible, to design appropriate internal controls and to assist in simplified risk reporting • assisting managers to identify how they can use their past experience to categorise risk • helping organisations to identify related risks in the same category • giving assistance in recognising which risks are inter-related. Operational risk identification Operational risk sources may be internal or external to the business and are usually generated by people, processes and technology. Identification is one of the most important areas of managing risk. Failure to identify risk will certainly mean that no action is taken to manage that risk. There are a number of different techniques that can be used to identify risk. A common method used in risk identification is the use of workshops to ‘brainstorm’. This can be used at different levels of the organisation and can identify a large number of risks in a short time. To keep ideas flowing, it is important to keep identification sessions focused on identifying risks and not to move on to evaluate the risks. Operational risks are largely based on procedures and processes, so this lends itself to the use of audit for risk identification purposes. Risk based audit can be used as a tool to identify risks, as well as a method of reporting to the board on the effectiveness of the organisation’s risk management framework.
  • 6. Operational riskTopic Gateway Series Risk based audit can use the following methods to assess risks: • intuitive or judgemental assessment • risk assessment matrix • risk ranking. Another approach to identifying operational risk is to look for critical dependencies in people, processes, systems and external structures. Once identified, the dependencies can be managed or engineered by adding fail-safes and system redundancies. Other approaches include physical inspection and incident investigation. Once risks have been identified based on a suitable way of categorising them, it becomes possible to think of tools that may be used to measure and manage them. Risk assessment and measuring Various methods may be used to assess the severity of each risk once it has been identified. One of the reasons for measuring risk is that it allows the most significant risks to be prioritised. The result or impact of a risk occurring may be financial loss, damage to reputation, process change or a combination of these. One of the simplest ways to measure risks is to apply an impact and likelihood matrix which provides an overall risk rating. Adapted from: Emergency Preparedness (Guidance on part 1 of the Civil Contingencies Act 2004) 6
  • 7. Operational riskTopic Gateway Series 7 One of the issues with measuring risk is that there are objective or subjective risks. Many risks are subjective and qualitative, rather than objectively identifiable and measurable. For example, the risks of litigation, economic downturn, loss of key employees, natural disasters and loss of reputation are all subjective judgements. There is an important distinction between objective, measurable risks and subjective, perceived risks. Some of the factors that influence this distinction are: • how recently the risk has occurred • how visible the risk is • how management perceives the risk • how the organisation establishes formal or informal ways of dealing with the risk. The analysis can be either quantitative or qualitative, but it should allow for comparison and trend analysis. One of the issues with risk assessment is that traditional risk assessment techniques often focus on those elements that can be quantified easily. Such techniques fail to address all critical drivers of successful risk management. Impact When considering the impact of operational risk there are three primary areas that affect the business activity. Property exposures – these relate to the physical assets belonging to or entrusted to the business. Personnel exposures – these relate to the risks faced by all those who work for and with the business, including customers, suppliers and contractors. Financial exposures – these relate to all aspects of the company’s ability to trade, whether profitability or not, and cover internal and external exposures of all types. Financial exposures also include intellectual property, goodwill and patents.
  • 8. Operational riskTopic Gateway Series 8 Managing operational risks Risk evaluation is used to make decisions about the significance of the risks to the organisation and whether each specific risk should be accepted or treated. When looking at operational risk management, it is important to align it with the organisation’s risk appetite. The risk appetite will be influenced by the size and type of organisation, its capacity for risk and its ability to exploit opportunities and withstand setbacks. Once the severity of the risk has been established, one or more of the following methods of controlling risk can be applied: • accepting the risk • sharing or transferring the risk • risk reduction • risk avoidance. Insurance is a long established control method for transferring risk. This applies to a number of types of operational risk, for example, damage to buildings. However, more recently there has been an increase in the use of insurance combined with other methods such as business continuity management. One issue with measuring and managing subjective operational risks is that unless the risk occurs, it is not possible to be certain of the impact of the risk. The severity of the risk may be underestimated. One of the issues with operational risk is the continuously changing business environment. This is stressed in Internal control: guidance for directors on the Combined Code, also known as the Turnbull Report (1999), which states: ‘A company’s objectives, its internal organisation and the environment in which it operates, are continually evolving and, as a result, the risks it faces are continually changing. A sound system of internal control therefore depends on a thorough and regular evaluation of the risks to which it is exposed.’ Once a decision has been made about how to manage or control the risk, it is important to have a process in place to monitor actively and to review and report regularly on the risk management framework.
  • 9. Operational riskTopic Gateway Series 9 Critical success factors in risk management are: • clearly identified senior management to support, own and lead on risk management • existence and adoption of a framework for risk management that is transparent and repeatable • risk is actively monitored and regularly reviewed • management of risk is fully embedded in the management process and consistently applied • clear communication with all staff • management of risks is closely linked to the achievement of objectives. Case studies Case: Managing business interruption – Lehman Brothers This case study looks at the lessons learned from 11 September 2001 in relation to business continuity management. Available from: http://digbig.com/4xewr [Accessed 17 July 2008] One of the key operational risks to any organisation is business interruption. To manage this risk, organisations must have a robust business continuity plan. There is a close link between business continuity management (BCM) and operational risk. There have been significant developments in the area of BCM. Earlier disaster recovery plans anticipated a failure and subsequent recovery from it, while many business operations now are so time critical that no outage whatsoever can be tolerated. BCM now embraces both the creation of a ‘non-stop’ infrastructure and operational capability, as well as recovery from operational failure. Five key steps in business continuity management: 1. Assessing and objective setting. 2. Critical process identification. 3. Business impact analysis. 4. Business continuity planning (BCP). 5. Monitoring, testing and improving.
  • 10. Operational riskTopic Gateway Series 10 Other case studies The Confederation of British Industry (CBI) produces a variety of business guides. Included within these guides are a number of case studies covering the implementation of an operation risk management system. Available from: www.cbi.org.uk [Accessed 18 July 2008] Amersham PLC case study: business risk management in practice in Rock, S. (ed). Managing business risk – CBI Business Guide This article outlines the implementation and embedding of operation risk measures across an organisation. Thomas, D. Implementing a risk management programme, pp 23-27 in Rock, S. (ed.) Business risk – CBI Business Guide Woods, M., Kajuter, P. and Linsley, P. (ed.) (2007). The case of the Telecom Italia Group – from internal audit to enterprise risks management in International risk management systems, internal control and corporate governance. Oxford: Elsevier. This case study outlines the process of implementation and benefits of ERM relating to operational risk. Implementation of risk management in the public sector. This case study looks at the key risk management processes at the Department of Natural Resources and Environment (DNRE) in Victoria, Australia. It examines DNRE's drivers, implementation, successes, lessons learned, future directions and implications within a public sector arena. Available from: http://digbig.com/4xews [Accessed 17 July 2008] References DeLoach, J. (2000). Enterprise-wide risk management: strategies for linking risk and opportunity. Harlow: Financial Times/Prentice Hall McNeill, I. (2003). Business continuity in Jolly, A. (ed.) Managing Business Risk. London: Kogan Page Enterprise risk management: integrated framework. Executive summary. Committee of Sponsoring Organisations of the Treadway Commission (COSO), September 2004. Available from: http://digbig.com/4xeqm [Accessed 16 July 2008]
  • 11. Operational riskTopic Gateway Series 11 (2008). Paper P3, Management accounting, risk and control strategy. CIMA Official Learning System. Oxford: Elsevier (2002). Risk management: a guide to good practice. London: CIMA (2000). Croner’s management of business risk. Kingston upon Thames: CCH Further information Articles Full text articles available to CIMA members from Business Source Corporate through My CIMA www.cimaglobal.com/mycima [Accessed 17 July 2008] Backhouse, T. Operational risk management: overcoming the hidden dangers. Credit Control, 2002, Volume 23, Issue 5, p. 28 Grody, A.D. Operational risk management to the rescue. Securities Industry News, 26/05/2008, Volume 20, Issue 21, pp 4-10 Hanssen, J. Corporate culture and operational risk management. Bank Accounting and Finance, February/March 2005, Volume 18, Issue 2, pp 35-38 Katz, D. How much of ‘operational’ risk management is hype? National Underwriter/Property and Casualty Risk and Benefits Management, 05/06/2000, Volume 104, Issue 23, p. 15 Lindseth, S. Operational risk management. DM Review, February 2005, Volume 15, Issue 2, pp 30-33 McCollum, T. Audit committees focus on operational risk. Internal Auditor, June 2008, Volume 65, Issue 3, pp 15-16 Sharon, B. Operational risk management: the difference between risk management and compliance. Business Credit, July/August 2006, Volume 108, Issue 7, pp 12-14 Shea, E.P. Establish operational risk and compliance management as a sustainable business process. Business Credit, May 2006, Volume 108, Issue 5, p. 16
  • 12. Operational riskTopic Gateway Series 12 Books Alexander, C. (2003). Operational risk: regulation, analysis and management. Harlow: Pearson Education Barlow, Lyde and Gilbert. Scott, A. (ed). (2000). Risk management for accountants. London: ABG Professional Information Dowd, K. (1998). Beyond value at risk: the new science of risk management. Chichester: Wiley. (Wiley Series in Frontiers in Finance) Davis, E. (2006). The advanced measurement approach to operational risk. London: Risk Books Davis, E.L. (2005). Operational risk: practical approaches to implementation. London: Risk Books Hoffman, D. (2002). Managing operational risk: 20 firmwide best practice strategies. New York: Jonn Wiley and Sons. (Wiley Finance Series) Kaiser, T. (2006). An introduction to operational risk: a practitioner guide. London: Risk Books Loader, D. (2006). Operations risk: managing a key component of operational risk. Oxford: Elsevier. (Elsevier Finance Series) Nash, T. (ed.) (2003). Risk management: helping directors to identify and control business risks effectively. London: Director Publications (published for the Institute of Directors and AXA Insurance). (A Director’s Guide Series) Reuvid, J. (ed.) (2007). Managing business risk: a practical guide to protecting your business. 4th ed. London: Kogan Page Scandizzo, S. (2007). The operational risk manager’s guide: how to understand methodologies, policies and procedures. London: Risk Books Vinella, P. and Jin, J. (2006). Corporate governance and operational risk: a practical guide. New York: Wiley. (Wiley Finance Series) (2007). Management of risk: guidance to practitioners. 2nd ed. London: Stationery Office
  • 13. Operational riskTopic Gateway Series 13 CIMA publications Collier, P., Berry, A. and Burke, G. (2006). Risk and management accounting: best practice guidelines for enterprise-wide internal control procedures. Research Executive Summary Series, Volume 2, No. 11, London: CIMA Available from: www.cimaglobal.com/researchexecsummaries [Accessed 16 July 2008] Collier, P.M. and Agyei-Ampomah, S. (2006) Management accounting: risk and control strategy. CIMA Official Study System. Oxford: Elsevier Epstein, M.J. and Buhovac, A.R. (2006). The reporting of organisation risk for internal and external decision makers. CIMA Management Accounting Guideline. Available from: http://digbig.com/4xeqc [Accessed 16 July 2008] Helliar, C. et al. (2005). Interest rate risk management: an investigation into the management of interest rate risk in UK companies. Research Executive Summary Series, Volume 2, No. 4. London: CIMA Available from: www.cimaglobal.com/researchexecsummaries [Accessed 16 July 2008] Krell, E. (2006). Business Continuity Management. CIMA Management Accounting Guideline. Available from: http://digbig.com/4xeqf [Accessed 16 July 2008] Other publications Muermann, A. and Oktem, U. The near-miss management of operational risk. Philadelphia: The Wharton School, University of Pennsylvania Available from: http://digbig.com/4xeqh [Accessed 16 July 2008] (2002). Managing risk to enhance shareholder value. IFAC/CIMA. Available from: http://digbig.com/4xeqg [Accessed 16 July 2008]
  • 14. Operational riskTopic Gateway Series Websites The Business Continuity Institute (BCI) The BCI promotes business continuity management worldwide. Available from: www.thebci.org [Accessed 16 July 2008] The Journal of Operational Risk Subscription journal on operational risk. Available from: www.thejournalofoperationalrisk.com [Accessed 16 July 2008] KnowledgeLeader Subscription website that provides audit programmes, checklists, tools, resources and best practice information to help internal auditors and risk management professionals save time, manage risk, and add value. 30 day free trial available. Available from: http://digbig.com/4xeqb [Accessed 16 July 2008] 14 Printed in Great Britain Copyright ©CIMA 2008 First published in 2008 by: The Chartered Institute of Management Accountants 26 Chapter Street London SW1P 4NP United Kingdom All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means method or device, electronic (whether now or hereafter known or developed), mechanical, photocopying, recorded or otherwise, without the prior permission of the publishers. No responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication can be accepted by the authors or the publishers. Permission requests should be submitted to CIMA at tis@cimaglobal.com