process based risk management

ProcessProcess--basedbased RiskRisk ManagementManagementBeyond Compliance

Why is it so important?

People

Operational Risk Management

EnvironmentEnvironment

TechnologyProcess

2009.05.11. Péter Fehér - Corvinno Technology Transfer Center 3

Loss event categories

Business

Disruption &

System FailuresClients, products

and business

practices

Damage to

Physical Assets

External Fraud

Internal Fraud

Loss

Ris

k

Physical Assets

Employment

practices and

workplace

safety

Execution,

Delivery &

Process

Management


Pro

cess

Ris

k

Risks in processes

• Payment, settlement, reconciliation, modeling, pricing, capacity…

• Dealing with vendors and suppliers, including oursourcingsuppliers, including oursourcing

• Documentation requirements

• Internal and external complianceissues

• Customer management


Current ORM Challenges

• Focusing more on compliance and less on risk management

• Risk management• Risk management

– Low visibility, hidden risks

– High complexity

– Interdependency

– High impact


Process classification

• Operational risk should be examined in all level

Management Strategy, Controlling, SHRM


Business Lines

Value adding activities

Support, back office

IT, HR, Legal, Finance…

Process problems

• Do not exist

• If exist, were not documented

• If exist, documented, are not followedare not followed

• If exist, documented and followed, are not measured and controlled


Process-based RiskManagement ApproachManagement Approach

Integrating risk and processmanagement

RiskProcess

Process-based risk management


RiskProcess

Risk-based process management

Process and risk

• Integrates tasks and resources

– Human

– Technical solutions

– Information (documents, databases)– Information (documents, databases)

• Records cross-unit processes

• Manages responsibilities


Helps to identify hidden risks!

Process and risk

• Loss related to a specific process or activity

– Process based risk management

• Inadeqate performance of a process or a service

– Outage of business services– Outage of business services

– Outage of IT services

– Incident management

– Business continuity management

• ( and )


Corpo

rate

finan

ce

Tradin

g an

d sale

s

Retail b

ankin

g

Commer

cial b

ankin

g

Paymen

t and

settle

ment

Agenc

y ser

vices

Asset

man

agem

ent

Retail b

roke

rage

Internal Fraud

External Fraud

Execution, Delivery & Process Management

Employment practices and workplace safety

Damage to Physical Assets

Clients, products and business practices

Business Disruption & System Failures

Üzleti kategóriák

Veszteség kategóriák

Osztályok

Business Disruption & System Failures

Emberek

Folyamatok

TechnológiaKülső tényezők

Key Risk Indicator 1



Risk 1

Risk 2

Risk 3

Process-based risk management

• Who, what, when, how

• Resources

Identifying and modelling processes

• What could prevent us to perform this task?

• What requires for achieving quality results?

Risk identification and assessment • What requires for achieving quality results?and assessment

• Can’t eliminate every risk

• Embedded controls

Control planning and deployment

• As a tool for risk management

• As a tool for organisational efficiency

Process development


Process modelling

Process map

Process model

Organisational model

Documents

IT Systems

Products

Risks and Controls


Risk analysis

• Related to

– Activity

– Resources

• Human• Human

• IT

• Information

• Where and Why?


Process Models created by the ADONIS system.

Risk assessment

• Experts

– Previous experiences

– Existing knowledge

• Collected historical data• Collected historical data

• Quantifying expected loss

• Indicators (KPI, KRI)

• Modelling risk


Risk overview

• Summarising risks

• Analysing interdependencies

• Scenario analysis:

– Exceptional events– Exceptional events

– Simulations based on processmodel

– Capacities, trends, pathanalysis


Controls

• Activity or process

• Ideal control: preventive and automatic

• Human accountability and responsibility

• Workflow• Workflow


Process Models created by the ADONIS system.

Process development

• Tool for risk management

• Developing general controls

• Combining with process management requirements– Time

– Quality

– Resources

• Achievable objectives– Where are we now (AS-IS)?

– Where do we want to go (TO-BE)?

• Output can be a policy


Challenges

• Developing the process-based approach requires a systematic approach

• Conscious business process management is a requirementrequirement

• Continuous maintenance is required

• Cooperation of front-office and back-office


Summary

• Why use the process-based approach?

– Measurement of losses is not risk management

– Helps to identify hidden and soft risks

– Helps to analyse risks is details– Helps to analyse risks is details

– Controls processes and risks

– Can involve every stakeholder in the development

– Provides the possibility of conscious risk management


Thank You!

Péter Fehér

Corvinno Technology Transfer CenterH-1093 Budapest, Közraktár utca 12/a.

Tel/Fax: 06 1 210 80 62 http://www.corvinno.com

process based risk management

Business

process process

risk loss

risk analysis

activity process

risk management development

specific process

process problems

processbased approach