operational risk management (2)
TRANSCRIPT
Minimizing Operational Risk& Optimizing Institutional
Performance
2
Interest in Enterprise-wide Risk Assessments is being driven by Financial & Economic Realities
• Global spotlight on risk and corporate governance– Sarbanes-Oxley Act of 2003 & COSO ERM Framework
• Increased involvement from the Audit Committee of the Board of Directors with regard to risk management– NYSE listing requirements
• Capital adequacy requirements and the need for efficient capital allocation– Basel Capital Accord
• Need for alternative risk solutions due to the current insurance environment
• Maximizing shareholder value• Sustaining a competitive advantage
3
“The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and
systems or from external events”
Operational risk can result in increased write-offs, additional expenses or loss of revenue
Basel Committee’s Definition of Operational Risk
4
Operational Risk Management & Shareholder Value
Examples of how operational risk managementdrives shareholder value?• Improving operating efficiency and thus operating margins,
by identifying and prioritising process improvement and de-risking opportunities
• Improving management effectiveness by enhancing the governance structure
• Enabling more effective capital usage by introducing processes to assess exposure & integrate this with an economic capital model
• Protecting assets by reducing losses through improved risk control environment and financing programme
• Enhanced organizational capabilities & subsequent competitive positioning through continuous improvement
5
How to Reduce Operational Risks?
Understand Risks• Benchmarking• Scenario Analysis• Key Risk Indicator’s (KRI)
De-Risking Operational Procedures• Define, Measure, Analyze, Improve, & Control
Risk Finance & Transfer• Mapping to Insurance Products• Developing New Products• Financing Retained Losses• Transferring Risk to the Insurance & Capital Markets
6
Op Risk/Lean Six Sigma Linkage
Op Risk Needs Six Sigma Can Provide Identification of critical processes and activities
Hierarchical, process view of a business
Monitoring of key indicators and warning of potential problems
Process Management & Control
Cure problems in existing processes
Process Improvement via DMAIC & Lean
Prevention of problems for new processes
Process Design via DFSS
7
Six Sigma Defined
• A data driven approach to understanding and eliminating process variation and defects
• Three, universal, methodologies for process management
• A performance target of 3.4 defects per million opportunities
8
Risk Management: How Can Six Sigma Help?
• Six Sigma provides three powerful methodologies for:– Designing robust processes– Fixing broken processes– Controlling processes on an ongoing basis (i.e.,
keeping them from decaying and producing errors)
9
Risk Management: How Can Six Sigma Help?
• Designing robust processes:– A structured methodology, DFSS (Design for Six
Sigma), assures that:• New processes have high capability (satisfy customers
and produce low defects) right from the start• New processes are designed to minimize the risk of
failure
10
• Fixing broken processes:– A structured methodology, DMAIC (Define,
Measure, Analyse, Improve, Control):• Uses powerful statistical (and non-statistical) tools to
locate and eliminate the root causes of otherwise intractable problems
• Focuses on removal and prevention of defects• Reduces process variability
Risk Management: How Can Six Sigma Help?
11
• Controlling processes, so that their behavior is predictable (within limits). Six Sigma provides:– Special tools and techniques including a framework:
• For measuring and judging process variation• For detecting special causes • To providing early warning of process changes
– The ability to calculate Process Sigma, an index of process performance
Risk Management: How Can Six Sigma Help?
12
Companies Pursue Six Sigma to …
• Accommodate customer demands• Drive out waste, cycle time and variability• Direct improvement resource to the most significant
opportunities• Establish a standard improvement methodology• Develop leaders• Reduce risk• Grow the top-line• Implement business strategy• Increase product reliability• Initiate cultural change• Accelerate improvement
13
Sigma is a Measure of Process Capability
Six Sigma is a level of process capability such that less than 3.4 “defects” are produced for every million opportunities.
Sigma
123456
DPMO
680,000298,00067,000
6,0004003.4
Performance boundary
Process performance
Requirement
12
3
45
6
14
Sigma Level
3
4
5
6
Cost of Quality
20-30% of Sales
15-20% of Sales
10-15% of Sales
< 10% of Sales
Defects Per Million
66,807
6,210
233
3.4
Harry, Mikel J., Six Sigma: A Breakthrough Strategy for Profitability, Quality Progress, May 1998
Sigma Level
3
4
5
6
Cost of Quality
20-30% of Sales
15-20% of Sales
10-15% of Sales
< 10% of Sales
Defects Per Million
66,807
6,210
233
3.4
Sigma Level
3
4
5
6
Cost of Quality
20-30% of Sales
15-20% of Sales
10-15% of Sales
< 10% of Sales
Defects Per Million
66,807
6,210
233
3.4
Harry, Mikel J., Six Sigma: A Breakthrough Strategy for Profitability, Quality Progress, May 1998
Estimating the Benefits of Six Sigma
15
Process Sigma Advantages
The Sigma Scale provides a common metric for comparisonThe Sigma Scale provides a common metric for comparisonthat includes the customer requirement and the degree of that includes the customer requirement and the degree of
variation. Addresses multiple occurrences.variation. Addresses multiple occurrences.
The Sigma Scale provides a common metric for comparisonThe Sigma Scale provides a common metric for comparisonthat includes the customer requirement and the degree of that includes the customer requirement and the degree of
variation. Addresses multiple occurrences.variation. Addresses multiple occurrences.
PROCESS PERFORMANCE
Call servicing 32 seconds ASA vs goal of 35
Billing 98% accuracy, on time, right location
Accounts Receivable 33 days average aging vs goal of 40
Customer Service 82% rated 4 or 5 responsiveness
16
The Antecedents of Six Sigma
• Six Sigma is the latest and most powerful in a long line of process management and process improvement methods, e.g.:– Guilds– The Scientific Method– Quality Circles– TQM
• Six Sigma has built on these ideas and added powerful tools
• It is specially useful for transactional processes
17
Principle 1
The board of directors should be aware of the major aspects of the bank’s operational risks as a distinct risk category that should be managed, and it should approve and periodically review the bank’s operational risk management framework. The framework should provide a firm-wide definition of operational risk and lay down the principles of how operational risk is to be identified, assessed, monitored, and controlled/mitigated.
Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)
Sound Practices inOperational Risk Management
18
Principle 2
The board of directors should ensure that the bank’s operational risk management framework is subject to effective and comprehensive internal audit by operationally independent, appropriately trained and competent staff. The internal audit function should not be directly responsible for operational risk management.
Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)
Sound Practices inOperational Risk Management
19
Principle 3Senior management should have responsibility for implementing the operational risk management framework approved by the board of directors. The framework should be implemented throughout the whole banking organization, and all levels of staff should understand their responsibilities with respect to operational risk management. Senior management should also have responsibility for developing policies, processes and procedures for managing operational risk in all of the bank’s products, activities, processes and systems.
Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)
Sound Practices inOperational Risk Management
20
Principle 4
Banks should identify and assess the operational risk inherent in all material products, activities, processes and systems. Banks should also ensure that before new products, activities, processes and systems are introduced or undertaken, the operational risk inherent in them is subject to adequate assessment procedures.
Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)
Sound Practices inOperational Risk Management
21
Principle 5
Banks should implement a process to regularly monitor operational risk profiles and material exposure to losses. There should be regular reporting of pertinent information to senior management and the board of directors that supports the proactive management of operational risk.
Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)
Sound Practices inOperational Risk Management
22
The 6Process
IMPROVE
Operational Risk Assessment & Analysis
New Process
Capability
Project Selection
SIPOC
Capability Baseline
Measurement System Validation
Establish Controls
Measurement System Validation
Process Specifications
New Process Pilot
New Policies & Procedures
Identify Key Risk DriversCorrelation
Analysis
Confirm Impact
Process Risk Mapping
Key Risk Indicators (Dashboards)
Creating Management Awareness Identification & Risk Mapping Quantification & Modelling Risk Profiling Risk Solutions Monitoring & Updating
Level
1 B
usines
s Lin
es
• Natural Linkage to Operational Risk Management Framework
• Operates at Level 1, Level 2 and Activity Group Level (All Business Lines)
• Linked to All Products, Activities, Processes, and Systems
• DMAIC Employed to Improve Existing Policies, Procedures, and Processes….DFSS Leveraged to Design New Ones
• Natural Linkage to Operational Risk Management Framework
• Operates at Level 1, Level 2 and Activity Group Level (All Business Lines)
• Linked to All Products, Activities, Processes, and Systems
• DMAIC Employed to Improve Existing Policies, Procedures, and Processes….DFSS Leveraged to Design New Ones
Operational Risk Definition & Analysis
Lev
el 2
& A
ctiv
ity
Gro
up
s Operational Risk Management Framework
Mapping 6 to Operational Risk Framework
24
Operational Risk Management Using 6
Business Line DescriptionPotential Risk
FactorsPotential Failure
EffectsPotential Causes
Current Controls
Business Line Risk
(Exposure Indicator - EI)
Probability of Loss
Event (PE)
Loss Given Event
Occurs (LGE)
Expected Loss (EL)
1 Corporate Finance - - - - 0.50 0.10 100 5.00
2 Trading and Sales - - - - - - - -
3 Retail Banking - - - - - - - -
4 Commercial Banking - - - - - - - -
5 Payment and Settlement - - - - - - - -
6 Agency Services - - - - - - - -
7 Asset Management - - - - - - - -
8 Retail Brokerage - - - - - - - -
Operational Risk Internal Measurement Analysis (ORIMA)
Six Sigma Focus• Identify Risks• Describe Outcome of Failure• Determine Cause & Effect• Evaluate Current Controls
Expected Loss Factors ORIMA Drills-Down From Top Level
Business Line to the Processes Within Each Activity Group
ORIMA Drills-Down From Top Level Business Line to the Processes
Within Each Activity Group
5004003002001000
150
100
50
Observation Num ber
Ind
ivid
ual
Val
ue
I Chart for Approval
1
Mean=98.13
UCL=156.0
LCL=40.23
17015013011090705030
UBUB
Process Capability Analysis for Approval CT_
PPM Total
PPM > UB
PPM < LSL
PPM Total
PPM > UB
PPM < LSL
PPM Total
PPM > UB
PPM < LSL
Ppk
PPL
PPU
Pp
Cpm
Cpk
CPL
CPU
Cp
StDev (Overall)
StDev (Within)
Sample N
Mean
LSL
Target
Upper Bound
*
*
*
*
*
*
133962.26
133962.26
*
*
*
*
*
*
*
*
*
*
19.5817
19.2991
530
98.126
*
*
120.000
Exp. "Overall" PerformanceExp. "Within" PerformanceObserved PerformanceOverall Capability
Potential (Within) Capability
Process Data
Within
Overall
Receive Loan Application
Review Application
Enter in System
Loan Approval
Notify Bank Manager & Customer
NO
YES
Approve Loan Amount
Prepare Documents
Notify Bank & Customer
Customer Signs
Paperwork
Enter in System
Disperse Funds
Material
Fast Loan Approval
Methods
Machine Environment
# of loan processors
Internet capability
Easy to understand instructions
Manager approval
Processor Review
# of underwriters
Disclosures
Application
Create approval letter
Remote Printing
Credit Score
Loan amount
Material
Fast Loan Approval
Methods
Machine Environment
# of loan processors
Internet capability
Easy to understand instructions
Manager approval
Processor Review
# of underwriters
Disclosures
Application
Create approval letter
Remote Printing
Credit Score
Loan amount
254 164 53 38 2147.9 30.9 10.0 7.2 4.0
47.9 78.9 88.9 96.0 100.0
0
100
200
300
400
500
0
20
40
60
80
100
Defect
CountPercentCum %
Per
cen
t
Cou
nt
Pareto Chart for Loan Amount
Business Line DescriptionPotential Risk
FactorsPotential Failure
EffectsPotential Causes
Current Controls
Business Line Risk
(Exposure Indicator - EI)
Probability of Loss
Event (PE)
Loss Given Event
Occurs (LGE)
Expected Loss (EL)
1 Corporate Finance - - - - 0.50 0.10 100 5.00
2 Trading and Sales - - - - - - - -
3 Retail Banking - - - - - - - -
4 Commercial Banking - - - - - - - -
5 Payment and Settlement - - - - - - - -
6 Agency Services - - - - - - - -
7 Asset Management - - - - - - - -
8 Retail Brokerage - - - - - - - -
Operational Risk Internal Measurement Analysis (ORIMA)
7.27.17.0
150
100
50
pH
PL
T.Y
LD
.
S = 18.7123 R-Sq = 42.5 % R-Sq(adj) = 40.0 %
+ 1327.06 pH**2
PLT.YLD. = 68371.0 - 19042.9 pH
Regression Plot
Quadratic Model
7.27.17.0
150
100
50
pH
PL
T.Y
LD
.
S = 18.7123 R-Sq = 42.5 % R-Sq(adj) = 40.0 %
+ 1327.06 pH**2
PLT.YLD. = 68371.0 - 19042.9 pH
Regression Plot
Quadratic Model
The Discipline and Its Approach, Combined With a Rich Set of Analysis Tools, Makes Six Sigma a Perfect Fit
for Operational Risk Management
The Discipline and Its Approach, Combined With a Rich Set of Analysis Tools, Makes Six Sigma a Perfect Fit
for Operational Risk Management
Operational Risk Assessment & Analysis
New Process Capability
IMPROVEIMPROVEIMPROVE
Project Selection
SIPOC
Capability Baseline
Measurement System Validation
Establish Controls
Measurement System Validation
Process Specifications
New Process Pilot
New Policies & Procedures
Identify Key Risk DriversCorrelation
Analysis
Confirm Impact
Process Risk Mapping
Key Risk Indicators (Dashboards)
Operational Risk Assessment & Analysis
New Process Capability
IMPROVEIMPROVEIMPROVE
Project Selection
SIPOC
Capability Baseline
Measurement System Validation
Establish Controls
Measurement System Validation
Process Specifications
New Process Pilot
New Policies & Procedures
Identify Key Risk DriversCorrelation
Analysis
Confirm Impact
Process Risk Mapping
Key Risk Indicators (Dashboards)
Operational Risk Management Using 6
26
A Way Forward
Outside In or Inside Out
• Outside In:1. Review statistics for comparable businesses and identify risk
by type
2. Identify the processes that lie behind the risk (hierarchy)
3. Perform risk analysis on the key processes (FMEA)
4. Identify key measures inside and outside of the process
5. Collect data
6. Monitor, using dashboards and control charts. Search for signals
7. Take action as required (DMAIC, Lean, DFSS or other)
27
• Inside Out:
A Way Forward
1. Inventory all processes
2. Identify those presenting the greatest risk
3. Identify the sub-processes that lie behind the risk (process hierarchy)
4. Perform risk analysis on the key processes and sub-processes (FMEA)
5. Identify key measures inside and outside of the process
6. Collect data
7. Monitor, using dashboards and control charts. Search for signals
8. Take action as required (DMAIC, Lean, DFSS or other)
28
Further Questions / Information:
Lori MarinTelephone: 312-381-4420
Email: [email protected]
Questions?
29
30