Professional Documents
Culture Documents
RMN 2005
RMN 2005
Risk Management
July 2005 – Issue 5
Risk Management ◗ July 2005
Operational Risk
O
perational risk can sometimes be a tation. Others are measuring strategic impacts
broad and elusive concept. A defini- as well. Others are becoming interested in as-
tion is thus necessary. The accepted sessing risks that pertain to projects.
definition within the financial community is to
define operational risk as the risk of direct and These projects can be new products, new geo-
indirect losses resulting from inadequate or graphic locations, new ventures, overhaul of ex-
failed internal processes, systems, people or isting operations, new IT software development,
external events. This is also the definition that etc. They involve many people, many steps,
is used by the majority of financial institutions many processes, many systems and are affected
that estimate the amount of economic capital by external events. Thus, assessing and manag-
required to cover this unexpected conse- ing the many risks faced by any project will help
quence of this risk, as mandated by some new an organization reduce the likelihood of its fail-
regulatory standards. ure and contribute to a better use of its limited
human and monetary resources to the manage-
However, for internal purposes, institutions ment of the most risky ones.
may want to add other risks to the definition of
operational risk in order to satisfy additional A possible approach to assess the riskiness of a
business goals. For example, some institutions project is the scorecard approach in risk man-
want to assess the qualitative or quantitative im- agement. It has a lot of similarities to traditional
pacts resulting from events affecting their repu- actuarial and underwriting of risk. The first
Table 1
• Number of providers
• Level of technological reliability
IT Systems
• Technical complexity
• Number of links to existing and future systems
• Number of providers
• Relative size of the project
• Team diversity
Process and Human
• Length of project
(Direct Implementation)
• Definition of roles
• Number of steps in the project
• Team expertise
• Number of changes to the processes
Process and Human
• Expertise of the uses of the IT systems
(Indirect use)
Michel Rochette, FSA,
MAAA, MBA, is an actuary • Number of internal and external users
specializing in risk man-
agement for CDP Capital in Credit • Financial capacity of the IT providers
◗ Page 38
July 2005 ◗ Risk Management
Number of Providers
are put in place to mitigate its failure. Then, the
riskiness of the project—the project risk This newsletter is free to section members.
score—is measured as the rated frequency A subscription is $15.00 for nonmembers.
ticles on the subject over the years. the organization, the overall impact of the IT qThis newsletter was printed on recylcled
project was scored on a scale of null, weak, mod- paper.
Each risk driver was scored as a null, weak, erate and high risk (see Table 4 on page 40). Copyright © 2005 Society of Actuaries.
moderate or high risk (see Table 2). Then, a
number was assigned for calculation purposes.
The risk scoring reflects knowledge of the IT ex-
perts and the risk tolerance of the organization,
as well as taking into account the size and scale
of the organization. Over time, these scores will All rights reserved.
Printed in the United States of America.
continued on page 40 ◗
Page 39 ◗
Risk Management ◗ July 2005
Operational Risk
Operational Risk Category Monetary Impacts So far, 14 IT projects in 2005 have been ana-
Process and Human Budget for the internal and external human
ranked above moderate. Given these risk
Total Monetary Impacts (Exposure) Score Finally, this has been an interesting project to
demonstrate to different groups in my company
Less than $50,000 Null (0) how my actuarial background, along with the
0 Null
◗ Page 40