operational risk | assessing and mitigating operational risk in a changing environment
TRANSCRIPT
![Page 1: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/1.jpg)
OPERATIONAL RISKAssessing and Mitigating Operational Risk
in a Changing Environment
NICSA Compliance and Risk Management
Committee
April 2009
![Page 2: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/2.jpg)
ABSTRACT
The business, legal, technological, and regulatory environment in which the mutual
fund industry operates is increasingly dynamic.
The identification and mitigation of operational risks in such an environment
presents challenges for investment management firms in the industry and their
service providers.
NICSA’s Compliance and Risk Management Committee attempts to assist by
categorizing, analyzing, and recommending the best practices in addressing these
risks.
![Page 3: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/3.jpg)
DEFINITION
OPERATIONAL RISK
The risk of direct or indirect loss
resulting from inadequate or failed
internal processes, controls, and systems,
or from external events
![Page 4: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/4.jpg)
BACKGROUND
• The business, legal, technological, and regulatory environment in which the
mutual fund industry operates is increasingly dynamic.
• Clear articulation of the risks is necessary for the consistent application of risk
management techniques across business lines.
• Risk is "owned" by all employees of mutual fund investment management firms.
• An effective risk management program does not require the elimination or even the exhaustive mitigation of operational risk.
![Page 5: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/5.jpg)
DEFINITION
GOAL
Foster an environment and a process for the
knowledgeable and comprehensive assessment
and acceptance of risks posed by the internal
processes, people, and systems of any enterprise in
the mutual fund industry
![Page 6: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/6.jpg)
DESIGNING AN OPERATIONAL
RISK FRAMEWORK
A RISK FRAMEWORK
• Formalizes the identification, measurement, and reporting of operational risks
• Provides an easy‐to‐use system of recording and reporting risk events and trends
![Page 7: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/7.jpg)
IDENTIFYING EMERGING RISKS
• Metrics that alert managers to potential risk exposures within a risk category
• Must be measurable and well documented
• Monitor the results over time
Key Risk Indicators
• Develop a continuous process to monitor changes in legislation, regulations, and industry practicesEnvironmental Scan
• Consider developing consistent practices across the organization to capture and track incidents and events
Issue / Incident / Event Tracking
![Page 8: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/8.jpg)
IDENTIFYING EMERGING RISKS
• Periodically review the risk assessment results to reflect changes in the organization, business process, and business environment
Periodic Review of Risk Assessments
• Include senior management in the periodic discussionsPeriodic Interviews
of Management
• Involve board members in discussions about risk from multiple perspectives
Interaction with the Funds’ Board
![Page 9: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/9.jpg)
RISK CONTROL ASSESSMENTS
OF SERVICE PROVIDERS
INTERNAL
• Internal Audit
• Periodic certifications from service providers
• Results of due diligence meetings or due diligence questionnaires
• Periodic meetings with management and compliance and operational personnel of service providers
• Trend reporting regarding critical operational and compliance areas
EXTERNAL
• SAS-70 (now SSAE 16) Type I: Control assessment
• SAS-70 (now SSAE 16) Type II: Control assessment plus testing
![Page 10: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/10.jpg)
OTHER KEY COMPONENTS
• Policies specify the requirements and obligations to be addressed
• Procedures specify how the requirements are to be fulfilled
Policies and Procedures
• Standard framework, risk ratings, and common terms
• Formal training plan
• Communication plan
Training and Communication
• Periodic audit reviews
• TestingPeriodic Review
![Page 11: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/11.jpg)
MORE INFORMATION
Read the complete white paper on the NICSA website
APPENDICES
Risk Categories and Definitions
Example Tools and Techniques for Risk Assessment
Example Risk Assessment Template
Risk Convergence
![Page 12: Operational Risk | Assessing and Mitigating Operational Risk in a Changing Environment](https://reader035.vdocuments.net/reader035/viewer/2022071815/55a9de641a28ab04178b4569/html5/thumbnails/12.jpg)
DISCLAIMER
Although the techniques, tools, observations, thoughts, and conclusions contained in this white
paper represent the best thoughts of the individuals comprising the NICSA Compliance and Risk
Management Committee, they do not necessarily reflect the views of the National Investment
Company Service Association or any of its member organizations. Similarly, although the
matters addressed in this white paper relate to operational risk management within
organizations, nothing herein is intended to be or should be construed as legal advice. You
should contact your own counsel to get legal advice regarding this or any other matter.
©2009 NICSA – National Investment Company Service Association