MAJOR RESEARCH PROJECT

On

OPERATIONAL RISK ANALYSIS IN BANKS

(A PERCEPTUAL STUDY OF PUBLIC & PRIVATE SECTOR BANKS)

Submitted in the partial fulfillment of Degree of

MBA (FT) (2011-2013)

Guided by:Dr. Swaranjeet Arora

Submitted by:
Hemant Singh Sisodiya
MBA (FT)

CONTENTS

Chapter :- 1
Introduction
- Conceptual framework
- Types of risk
- An overview of Operational Risk

Chapter :- 2
- Literature Review
Rational Of study

Chapter :- 3
- Objectives
- Research Methodology

Chapter :- 4
- Data Presentation & Interpretation

Chapter :- 5

- Findings
- Suggestions
- Limitations

Chapter :- 6
- Referance

Student declaration

I declare that the project entitled operational risk analysis by

banks(a Perceptual study of public & private sector banks).
Is an original done by me and no part of the project is taken from
any other project or material published or otherwise or submitted
earlier to any other college or university.

(Hemant Singh)

DECLARATION CERTIFICATE

This is to certify that the work presented in the project entitled Operational risk
analysis by banks (a Perceptual study of public & private sector banks). in
partial fulfilment of the requirement for the award of degree of M.B.A,
PRESTIGE INSTITUTE OF MANAGEMENT AND RESEARCH INDORE,
is an authentic work carried out under my supervision and guidance.
To the best of my knowledge, the content of this project does not form a basis for
the award of any previous degree to anyone else.

Date:
(Dr.Swarnjeet Arora )

INTRODUCTION
Conceptual framework
The financial sector especially the banking industry in most emerging economies
including India is passing through a process of change .As the financial activity has
become a major economic activity in most economies, any disruption or imbalance in its
infrastructure will have significant impact on the entire economy. By developing a sound
financial system the banking industry can bring stability within financial markets.
Deregulation in the financial sector had widened the product range in the
developed market. Some of the new products introduced are LBOs, credit cards, housing
finance, derivatives and various off balance sheet items. Thus new vistas have created
multiple sources for banks to generate higher profits than the traditional financial
intermediation. Simultaneously they have opened new areas of risks also. During the past
decade, the Indian banking industry continued to respond to the emerging challenges of
competition, risks and uncertainties. Risks originate in the forms of customer default,
funding a gap or adverse movements of markets. Measuring and quantifying risks in
neither easy nor intuitive. Our regulators have made some sincere attempts to bring
prudential and supervisory norms conforming to international bank practices with an
intention to strengthen the stability of the banking system.
Growing number of high-profile operational loss events worldwide have led banks
and supervisors to increasingly view operational risk management as an integral part of
the risk management activity. Management of specific operational risks is not a new
practice; it has always been important for banks to try to prevent fraud, maintain the
integrity of internal controls, reduce errors in transaction processing, and so on. However,
what is relatively new is the view of operational risk management as a comprehensive
practice comparable to the management of credit and market risk. 'Management' of
operational risk is taken to mean the 'identification, assessment, and / or measurement,
monitoring and control /mitigation' of this risk.
Banks in India work in a controlled regime similar to several other countries. The
focus of the research is to test the operational risk of sample banks operating in India and
identify the extent to which banks are capable of bearing operational risks. The capital
adequacy criteria to account for the operational risk using the Basic Indicator Approach
points out that several banks do not meet the regulatory requirements. Risk management
strategies of banks to reflect the price behaviour have been examined and banks that have
adequate exposure to risk cover have been contrasted with banks having inadequate risk
exposure cover. Growing number of high-profile operational loss events worldwide have
led banks and supervisors to increasingly view operational risk management as an
integral part of risk management activity.
Growing number of high-profile operational loss events worldwide have led banks
and supervisors to increasingly view operational risk management as an integral part of

the risk management activity. Management of specific operational risks is not a new
practice; it has always been important for banks to try to prevent fraud, maintain the
integrity of internal controls, reduce errors in transaction processing,
and so on. However, what is relatively new is the view of operational risk management as
a comprehensive practice comparable to the management of credit and market risk.
'Management' of operational risk is taken to mean the 'identification, assessment, and / or
measurement, monitoring and control /mitigation' of this risk.
Management of specific operational risks is not a new practice; it has always been
important for banks to try to prevent fraud, maintain the integrity of internal controls,
reduce errors in transaction processing, and so on. However, what is relatively new is the
view that operational risk management is a comprehensive practice comparable to the
management of credit and market risks.Operational Risk differs from other banking risks
in that it is typically not directly taken in return for an expected reward but is implicit in
the ordinary course of corporate activity and has the potential to affect the risk
management process. However, it is recognised that in some business lines with minimal
credit or market risks, the decision to incur operational risk, or compete based on the
perceived ability to manage and effectively price this risk, is an integral part of a bank's
risk reward calculus. At the same time, failure to properly manage operational risk can
result in a misstatement of an institution's risk profile and expose the institution to
significant losses. 'Management' of operational risk is taken to mean the 'identification,
assessment or measurement, monitoring and control / mitigation' of this risk.
Operational Risk Management policies, processes, and procedures should be
documented and communicated to appropriate staff i.e., the personnel at all levels in units
that incur material operational risks. The policies and procedures should outline all
aspects of the institution's Operational Risk Management framework, including: The roles and responsibilities of the independent bank-wide Operational Risk
Management function and line of business management.
A definition for operational risk, including the loss event types that will be monitored.
The capture and use of internal and external operational risk loss data including data
potential events (including the use of Scenario analysis).
The development and incorporation of business environment and internal control factor
assessments into the operational risk framework.
A description of the internally derived analytical framework that quantifies the
operational risk exposure of the institution.
A discussion of qualitative factors and risk mitigants and how they are incorporated into
the operational risk framework.

 A discussion of the testing and verification processes and procedures.

A discussion of other factors that affect the measurement of operational risk.
Provisions for the review and approval of significant policy and procedural exceptions.
Regular reporting of critical risk issues facing the banks and its control/mitigations to
senior management and Board.
Top-level reviews of the bank's progress towards the stated objectives.
Checking for compliance with management controls.
Provisions for review, treatment and resolution of non-compliance issues.
A system of documented approvals and authorisations to ensure accountability at an
appropriate level of management.
Define the risk tolerance level for the bank, break it down to appropriate sublimits and
prescribe reporting levels and breach of limits.
Indicate the process to be adopted for immediate corrective action.

VARIOUS TYPE OF RISKS

a) Business Related Risk
Credit Risk
Market Risk
Country Risk
Business Environment Risk
Operational Risk
Group Risk
b) Control Related Risk

OPERATIONAL RISK :The risk of direct or indirect loss resulting from

inadequate or failed internal processes, people and systems or from external
events (BIS, 1988).
Always banks live with the risks arising out of human error, financial fraud and
natural disasters. The recent happenings such as WTC tragedy, Barings debacle etc. has
highlighted the potential losses on account of operational risk. Exponential growth in the use
of technology and increase in global financial inter-linkages are the two primary changes that
contributed to such risks. Operational risk, though defined as any risk that is not categorized
as market or creditrisk, is the risk of loss arising from inadequate or failed internal processes,
people and systems or from external events. In order to mitigate this, internal control and
internal audit systems are used as the primary means.
Growing number of high-profile operational loss events worldwide have led banks
and supervisors to increasingly view operational risk management as an integral part of the
risk management activity. Management of specific operational risks is not a new practice; it
has always been important for banks to try to prevent fraud, maintain the integrity of internal
controls, reduce errors in transaction processing, and so on. However, what is relatively new
is the view of operational risk management as a comprehensive practice comparable to the
management of credit and market risk. 'Management' of operational risk is taken to mean the
'identification, assessment, and / or measurement, monitoring and control /mitigation' of this
risk.
Risk education for familiarizing the complex operations at all levels of staff can also
reduce operational risk. Insurance cover is one of the important mitigators of operational
risk. Operational risk events are associated with weak links in internal control procedures.
The key to management of operational risk lies in the banks ability to assess its process for
vulnerability and establish controls as well as safeguards while providing for unanticipated
worst-case scenarios.
Operational risk involves breakdown in internal controls and corporate governance
leading to error, fraud, performance failure, compromise on the interest of the bank resulting
in financial loss. Putting in place proper corporate governance practices by itself would serve
as an effective risk management tool. Bank should strive to promote a shared understanding
of operational risk within the organization,especially since operational risk is often
interwined with market or credit risk and it is difficult to isolate.
Over a period of time, management of credit and market risks has evolved a more
sophisticated fashion than operational risk, as the former can be more easily
measured,monitored and analysed. And yet the root causes of all the financial scams and
losses are the result of operational risk caused by breakdowns in internal control mechanism
and staff lapses. So far, scientific measurement of operational risk has not been evolved.
Hence 20% charge on the Capital Funds is earmarked for operational risk and based on
subsequent data/feedback, it was reduced to 12%. While measurement of operational risk and
computing capital charges as envisaged in the Basel proposals are to be the ultimate goals,
what is to be done at present is start implementing the Basel proposal in a phased manner and
carefully plan in that direction.The incentive for banks to move the measurement chain is not

just to reduce regulatory capital but moreimportantly to provide assurance to the top
management that the bank holds the required capital.
Operational risk is defined as the risk of loss resulting from inadequate or
failed internal processes, people and systems, external events or reputational risk. The most
important types of operational risk involve breakdowns in internal controls and corporate
governance. 21st century business runs under clouds of technology, these clouds can rain
for survival and growth of business if managed properly or there can be catastrophe, which
destroy business, if risks management fails. Apart from many things, Corporate Governance
provides the high-level framework for IT governance. Corporate Governance lays down
framework for creating long-term trust between company and its stakeholders.This trust is
created by rationalizing and monitoring risks of a company, limiting liability of top management
by carefully articulating decision making process, ensuring integrity of financial reports, and
finally providing a degree of confidence necessary for proper functioning of an organization.
The exact approach for operational risk management chosen by banks will depend on a
range of factors. Despite these differences, clear strategies and oversight by the Board of
Directors and senior management, a strong operational risk management culture, effective
internal control and reporting, contingency planning are crucial elements for an effective
operational risk management framework. Initiatives required to be taken by banks in this regard
will include thefollowing:
The Board of Directors is primarily responsible for ensuring effective management of the
operational risks in banks. The bank's Board of Directors has the ultimate responsibility for
ensuring that the senior management establishes and maintains an adequate and effective system
of internal controls.
Operational risk management should be identified and introduced as an independent risk
management function across the entire bank/ banking group.
The senior management should have clear responsibilities for implementing operational risk
management as approved by the Board of Directors.
The board of directors and senior management are responsible for creating an awareness of
Operational Risks and establishing a culture within the bank that emphasises and demonstrates to
all the levels of personnel the importance of Operational Risk.
The direction for effective operational risk management should be embedded in the policies
and procedures that clearly describe the key elements for identifying, assessing, monitoring and
controlling / mitigating operational risk.
The internal audit function assists the senior management and the Board by independently
reviewing application and effectiveness of operational risk management procedures and practices
approved by the Board/ senior management.
The New Capital Adequacy Framework has put forward various options for calculating
operational risk capital charge in a "continuum" of increasing sophistication and risk sensitivity
and increasing complexity. Despite the fact that banks may adopt any one of these options for

computing capital charge, it is intended that they will benchmark their operational risk
management systems with the guidance provided in this Note and aim to move towards more
sophisticated approaches.

AN OVERVIEW OF THE OPERATIONAL RISK MEASUREMENT

METHODOLOGIES IN BASEL II
The Basel framework (2004) proposes a range of approaches for setting aside
regulatory capital for operational risk under Pillar 1: The Basic Indicator Approach (BIA),
The Standardised Approach (TSA) and the Advanced Measurement Approach (AMA). All
the three approaches differ in their complexity and the banks are encouraged to move along
the spectrum of approaches as they obtain more sophistication in their risk management
practices. The Basic Indicator Approach is the simplest approach for estimating regulatory
capital, wherein banks are required to set apart an amount equal to the average over the
previous three years of 15% of positive annual gross income. The Standardised Approach is a
slightly modified version of the Basic Indicator Approach. In The Standardised Approach,
banks activities are divided into eight business lines: Corporate finance, Trading & Sales,
Retail Banking, Commercial Banking, Payment & Settlement, Agency Services, Asset
Management and Retail Brokerage. While gross income continues to be the main indicator of
operational risk as under the Basic Indicator Approach, the specific amount to be set apart as
a percentage of the gross income varies between business lines, ranging from 12 to 18% , as
compared to the 15% overall under the Basic Indicator Approach. This approach is more
refined than the Basic Indicator Approach as it takes into the account the fact that some
business lines are riskier than others and therefore a higher proportion of capital has to be set
apart for those business lines. The Advanced Measurement Approach (AMA) is based on the
banks internal models to quantify operational risk. The framework gives flexibility to the
banks in the characteristics of the choice of internal models, though it requires banks to
demonstrate that the operational risk measures meet a soundness standard comparable to a
one-year holding period and a 99.9% confidence level, which means that a banks capital
charge should be equal to at least 99.9% quantile of their annual aggregate loss distribution.
Banks are required to factor in four key elements in designing their Advanced Measurement
Approach framework: internal loss data, external loss data, scenario analysis and bank
specific business environmental and internal control factors. The Accord also specifies the
standard matrix of business lines and risk types to facilitate validation across the Advanced
Measurement Approaches. The methodologies under the advanced approach are evolving
and there are a range of methods in practice in banks internationally (BCBS 2006).

LITERATURE REVIEW
Literature Review
Bagchi (2003) examined the credit risk management in banks. He examined risk
identification, risk measurement, risk monitoring, risk control and risk audit as basic
considerations for credit risk management. The author concluded that proper credit risk
architecture, policies and framework of credit risk management, credit rating system,
monitoring and control contributes in success of credit risk management system.
Froot and Stein (1998) found that credit risk management through active loan purchase and
sales activity affects banks investments in risky loans. Banks that purchase and sell loans
hold more risky loans (Credit Risk and Loss loans and commercial real estate loans) as a
percentage of the balance sheet than other banks. Again, these results are especially striking
because banks that manage their credit risk (by buying and selling loans) hold more risky
loans than banks that merely sell loans (but dont buy them) or banks that merely buy
loans(but dont sell them).
Rajagopal (1996) made an attempt to overview the banks risk management and suggests a
model for pricing the products based on credit risk assessment of the borrowers. He
concluded that good risk management is good banking, which ultimately leads to profitable
survival of the institution. A proper approach to risk identification, measurement and control
will safeguard the interests of banking institution in long run
Ferguson (2001) analyzed the models and judgments related to credit risk management.The
author concluded that proper risk modelling provides a formal systematic and disciplined
way for firms to measure changes in the riskiness of their portfolio and help them in
designingproper strategic framework for managing changes in their risk
Powell (2002) has presented a review of the new proposals from the Basel Committee of
Banking Supervision to reform the 1988 Capital Accord from the standpoint of emerging
countries and identified that the 1988 Accord was a tremendous success and is probably the
most successful of all 'financial standards'. Tiwari (2004) has examined the impact of several
obstacles that exist in the path of a healthy banking system and includes narrow and broad
banking; various associated risks and bank failures and has identified CAR as a means to a
healthy banking system and explores other tools adopted by Reserve Bank Of India (RBI)
and other regulators in maintaining stability and efficiency of the banking system in India

Rationale of the study

There seems to be a gap in knowledge in terms of the nature of relationship between some
critically important variables. The propensity of such variables needs to be explored in order to
identify Risk management system in Indian banks and to highlight the approach of RBI towards
the risk management techniques. The Indian banking industry has come a long way since the
nationalization of banks in 1969. Reforms in the banking sector have enabled banks to
explore new business opportunities rather than remaining confined to generating revenues
from conventional streams, which has increased operational risk component into the banking
system. The Reserve Bank of India (RBI) has already instructed banks to take measures in
order to manage the operational risk and to identify the areas that need strengthening.
Various research studies have already been published about operational risk management
nationally as well as internationally but there are very few empirical studies, which have
been performed in this regard in India. To fill this void, the present study was undertaken
with an aim to study and analyze operational risk management system of Indian Banks. This
study would generate the roadmap for implementation of effective operational risk
management system in Public and Private Sector banks of India. This mass of knowledge
that could be meaningfully used by the policy makers and practitioners to provide incentives
for banks to enhance their operational risk measurement and management capabilities and
contribute in maintaining Indias position as a leading international financial center. It will
thereby augment market discipline thereby, fostering excellence in competitive environment.

Objective &Methodology

Objective of study
1. To explore operational risk management practices followed by the Indian public
sector and Private sector banks.
2. To compare whether Public & Private sector banks analyze operational risk
management Practices in Bank.
3. Explore the Factors contributing to operational risk management practices in bank.
4. To open up new vistas of research & develop a base for application of the findings in
terms of implication of study.

RESEARCH METHODOLOGY
The Study
The present study is exploratory and examines the Operational Risk management System in
public and Private sector banks.
The Sample
The present research is to be conducted on a sample of 140 employees of public and private
sector banks of Chhatarpur / Indore region (Madhya Pradesh).The respondents will be selected
on a convenient sampling basis.
The Tools
(A) USED FOR DATA COLLECTION
The primary data would be collected through survey method with the help of self-developed
structured, non-disguised questionnaire based on 5 point Likert scale on which the respondents
would be asked to indicate the degree of agreement. The secondary data would be collected
through various research magazines, journals and newspapers.

(B) USED FOR DATA ANALYSIS

Statistical Tools- graphs & charts
Cross Tabulation Of Data

Data Presentation & Analysis

 Series donates the no. of question

No. of respondent in each compression in
35
0 donated none
1 donated Strongly Disagree
2 donated Disagree
3 donated Neutral
4 donate Agree
5 donates Strongly Agree

UNDERSTANDING THE OPERATION RISK IN DIFFERENT BANKING SECTORS

IN SBI & ASSOCIATE:

IN OTHER PUBLIC SECTORS

IN PRIVATE BANKINGS (OLD)

IN PRIVATE BANKINGS (NEW)

INTERPRETATION;The understanding power of new private sector banks is much higher than other banking
sectors. New private banks try to reduce the orerational risk during the orperations.

OPERATION RISK INDIFICATION

SBI AND ASSOCIATION

OTHER PUBLIC SECTOR BANKS

PRIVATE SECTOR BANKS (OLD)

PRIVATE SECTORBANKS(NEW)

INTERPRETATION:-

Risk identification is much better in SBI & Accosiation compare than other public & private
sectors.

OPERATION RISK ASSESSMENT AND ANALYSIS

SBI AND ASSOCIATION

OTHER PUBLIC SECTOR BANKS

PRIVATE SECTOR BANKS (OLD)

PRIVATE SECTORBANKS(NEW)

INTERPRETATION

In addition to identifying the risk events, banks should assess their vulnerability to these risk
events. Effective risk assessment allows a bank to better understand its risk profile and most
effectively target risk management resources. It applicable on the only in New Private banks

OPERATION RISK MONITORING AND ANALYSIS

SBI AND ASSOCIATION

OTHER PUBLIC SECTOR BANKS

PRIVATE SECTOR BANKS (OLD)

PRIVATE SECTORBANKS(NEW)

INTERPRETATION
Banks may develop risk assessment techniques that are appropriate to the size and complexities
of their portfolio, their resources and data availability. A good assessment model must cover

certain standard features.Both private banks performs very smoothly the assessment policy and
they obey the guide line given by RBI.

OPERATION RISK MANAGEMANT PRACTICES

SBI AND ASSOCIATION

OTHER PUBLIC SECTOR BANKS

PRIVATE SECTOR BANKS (OLD)

PRIVATE SECTORBANKS(NEW)

INTERPRETATION
An effective monitoring process is essential for adequately managing operational risk. In SBI &
association Regular monitoring activities can offer the advantage of quickly detecting and
correcting deficiencies in the policies, processes and procedures for managing operational risk.
Promptly detecting and addressing these deficiencies can substantially reduce the potential
frequency and/or severity of a loss event. Compare than the others

Findings & Conclusion

FINDINGS
The operational risk management framework provides the strategicdirection and ensures
that an effective operational risk m anagement and measurement process is adopted
throughout the institution. Each institution's operational risk profile is unique and requires a
tailored risk management approach appropriate for the scale and materiality of the risk present,
and the size of the institution. There is no single framework that would suit every
institution; different approaches will be needed for different institutions. In fact, many
operational risk management techniques continue to evolve rapidly to keep pace with new
technologies, business models and applications. Operation risk is more a risk management than
measurement issue. The key elements in the Operational Risk Management process include
Appropriate policies and procedures;
Efforts to identify and measure operational risk
Effective monitoring and reporting
A sound system of internal controls; and
Appropriate testing and verification of the Operational Risk Framework.

SUGGESTION
Operational Risk Management policies, processes, and procedures should be documented and
communicated to appropriate staff i.e., the personnel at all levels in units that incur material
operational risks. The policies and procedures should outline all aspects of the institution's
Operational Risk Management framework, including: The roles and responsibilities of the independent bank-wide Operational Risk Management
function and line of business management.
A definition for operational risk, including the loss event types that will be monitored.
The capture and use of internal and external operational risk loss data including data potential
events (including the use of Scenario analysis).
The development and incorporation of business environment and internal control factor
assessments into the operational risk framework.
A description of the internally derived analytical framework that quantifies the operational risk
exposure of the institution.
A discussion of qualitative factors and risk mitigants and how they are incorporated into the
operational risk framework.
A discussion of the testing and verification processes and procedures.
A discussion of other factors that affect the measurement of operational risk.
Provisions for the review and approval of significant policy and procedural exceptions.
Regular reporting of critical risk issues facing the banks and its control/mitigations to senior
management and Board.
Top-level reviews of the bank's progress towards the stated objectives.
Checking for compliance with management controls.
Provisions for review, treatment and resolution of non-compliance issues.
A system of documented approvals and authorisations to ensure accountability at an appropriate
level of management.
Define the risk tolerance level for the bank, break it down to appropriate sublimits and
prescribe reporting levels and breach of limits.

 Indicate the process to be adopted for immediate corrective action.

Limitations
The research study is however,is imposed with some limitations inherent to it . They are:1. The conclusions arrived at are just a simple of the universe and as such cannot be relied
heavily on. Its very small part of the small universe ,which might have a very different
view point on the same object.
2. The response of the respondents are not free from limitations. These are few who do not
wish to give an honest reply on the question directed to them and as such give false
replies which males the result faulty
.
3. Few respondents go further to the extent of not answering the question
4. The research study is quickie report on the issue as it as a time boundation and can not be
done leisurely. There for not very reliable
5. The geographical area coverd is only Chhatarpur & Indore and hence the view point of
the bankers of the other part could not be coverd.
6. Cost factor has also impaired the reliability of the project report

Chapter 6

REFERENCES
1. Al-Tamimi, H. (2002), Risk management practices: an empirical analysis of the UAE
commercial banks, Finance India, Vol. 16 No. 3, pp. 1045-57.
2. Bellu, G. (2003), Basel II: The Challenge of the Decade, Tata Consultancy Services
3. BIS, Basel Committee on Banking Supervision (2000) "The Internal Ratings-Based
Approach" Consultative Document, Bank for International settlements, Switzerland.
4. BIS, Basel Committee on Banking Supervision (2001) "Operational Risk Consultative
Document, Bank for International settlements, Switzerland.
5. Carey, A. (2001), Effective risk management in financial institutions: the Turnbull
approach, Balance Sheet, Vol. 9 No. 3, pp. 24-7.
6. Gupta, V and Srinivasan, K. (2005), Basel II Accord: impact on Indian Banks ICRA
Rating Feature, pg.1-8
7. Kothari, C. (2000), Research Methodology, Wishwa Prakashan
8. Leeladhar, V. (2005), Basel II Accord and its implications Speech at Bankers Club,
Mangalore
9. Leeladhar, V. (2006), seminar on Indian Banks and the Global Challenges, organized
jointly by the Indian Merchants Chamber and the Indian Banks Association, Mumbai.
10. Machiraju , H. (2003), Modern Commercial Banking, Vikas publishing house Ltd.,
New Delhi
11. Shrivastava, O.S (2002), Bank Management, Kalyani Publishers, 1e.
12. Toor, NS and Arundeep (2002), Credit Risk Management, Skylark Publications, New
Delhi.1e.
13. Upadhyay, S. (2006), Basel Norms- New Challenges for Indian Banks Investime,
pg.52-54
14. Justin paul And padmalatha
ServicesPearson Education.

Managemantt

of

Banking

And

Financial

15. Raghu Palat Retial Banking Indian Book Distributers

16. Basel Committee on Banking Supervision, Sound Practices for the Management and
Supervision of Operational Risk, February 2003.
17. Basel Committee on Banking Supervision, International Convergence of Capital
Measurement and Capital Standards A Revised Framework, June 2004
18. Basel Committee on Banking Supervision, Framework for Internal Control Systems in
Banking Organisations, September 1998
19. Ashby, S. (2008). Operational risk: lessons from non-financial organizations. Journal of
RiskManagement in Financial Institutions 1(4), 406415.
20. Grody, A. D. (2008). The financial crisis and or management: unfinished business. Journal
of Risk Management in Financial Institutions 2(1), 46.