Operational risk management (2)

Minimizing Operational Risk& Optimizing Institutional

Performance

2

Interest in Enterprise-wide Risk Assessments is being driven by Financial & Economic Realities

• Global spotlight on risk and corporate governance– Sarbanes-Oxley Act of 2003 & COSO ERM Framework

• Increased involvement from the Audit Committee of the Board of Directors with regard to risk management– NYSE listing requirements

• Capital adequacy requirements and the need for efficient capital allocation– Basel Capital Accord

• Need for alternative risk solutions due to the current insurance environment

• Maximizing shareholder value• Sustaining a competitive advantage

3

“The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and

systems or from external events”

Operational risk can result in increased write-offs, additional expenses or loss of revenue

Basel Committee’s Definition of Operational Risk

4

Operational Risk Management & Shareholder Value

Examples of how operational risk managementdrives shareholder value?• Improving operating efficiency and thus operating margins,

by identifying and prioritising process improvement and de-risking opportunities

• Improving management effectiveness by enhancing the governance structure

• Enabling more effective capital usage by introducing processes to assess exposure & integrate this with an economic capital model

• Protecting assets by reducing losses through improved risk control environment and financing programme

• Enhanced organizational capabilities & subsequent competitive positioning through continuous improvement

5

How to Reduce Operational Risks?

Understand Risks• Benchmarking• Scenario Analysis• Key Risk Indicator’s (KRI)

De-Risking Operational Procedures• Define, Measure, Analyze, Improve, & Control

Risk Finance & Transfer• Mapping to Insurance Products• Developing New Products• Financing Retained Losses• Transferring Risk to the Insurance & Capital Markets

6

Op Risk/Lean Six Sigma Linkage

Op Risk Needs Six Sigma Can Provide Identification of critical processes and activities

Hierarchical, process view of a business

Monitoring of key indicators and warning of potential problems

Process Management & Control

Cure problems in existing processes

Process Improvement via DMAIC & Lean

Prevention of problems for new processes

Process Design via DFSS

7

Six Sigma Defined

• A data driven approach to understanding and eliminating process variation and defects

• Three, universal, methodologies for process management

• A performance target of 3.4 defects per million opportunities

8

Risk Management: How Can Six Sigma Help?

• Six Sigma provides three powerful methodologies for:– Designing robust processes– Fixing broken processes– Controlling processes on an ongoing basis (i.e.,

keeping them from decaying and producing errors)

9

Risk Management: How Can Six Sigma Help?

• Designing robust processes:– A structured methodology, DFSS (Design for Six

Sigma), assures that:• New processes have high capability (satisfy customers

and produce low defects) right from the start• New processes are designed to minimize the risk of

failure

10

• Fixing broken processes:– A structured methodology, DMAIC (Define,

Measure, Analyse, Improve, Control):• Uses powerful statistical (and non-statistical) tools to

locate and eliminate the root causes of otherwise intractable problems

• Focuses on removal and prevention of defects• Reduces process variability

Risk Management: How Can Six Sigma Help?

11

• Controlling processes, so that their behavior is predictable (within limits). Six Sigma provides:– Special tools and techniques including a framework:

• For measuring and judging process variation• For detecting special causes • To providing early warning of process changes

– The ability to calculate Process Sigma, an index of process performance

Risk Management: How Can Six Sigma Help?

12

Companies Pursue Six Sigma to …

• Accommodate customer demands• Drive out waste, cycle time and variability• Direct improvement resource to the most significant

opportunities• Establish a standard improvement methodology• Develop leaders• Reduce risk• Grow the top-line• Implement business strategy• Increase product reliability• Initiate cultural change• Accelerate improvement

13

Sigma is a Measure of Process Capability

Six Sigma is a level of process capability such that less than 3.4 “defects” are produced for every million opportunities.

Sigma

123456

DPMO

680,000298,00067,000

6,0004003.4

Performance boundary

Process performance

Requirement

12

3

45

6

14

Sigma Level

3

4

5

6

Cost of Quality

20-30% of Sales

15-20% of Sales

10-15% of Sales

< 10% of Sales

Defects Per Million

66,807

6,210

233

3.4

Harry, Mikel J., Six Sigma: A Breakthrough Strategy for Profitability, Quality Progress, May 1998

Sigma Level

3

4

5

6

Cost of Quality

20-30% of Sales

15-20% of Sales

10-15% of Sales

< 10% of Sales

Defects Per Million

66,807

6,210

233

3.4

Sigma Level

3

4

5

6

Cost of Quality

20-30% of Sales

15-20% of Sales

10-15% of Sales

< 10% of Sales

Defects Per Million

66,807

6,210

233

3.4

Harry, Mikel J., Six Sigma: A Breakthrough Strategy for Profitability, Quality Progress, May 1998

Estimating the Benefits of Six Sigma

15

Process Sigma Advantages

The Sigma Scale provides a common metric for comparisonThe Sigma Scale provides a common metric for comparisonthat includes the customer requirement and the degree of that includes the customer requirement and the degree of

variation. Addresses multiple occurrences.variation. Addresses multiple occurrences.

The Sigma Scale provides a common metric for comparisonThe Sigma Scale provides a common metric for comparisonthat includes the customer requirement and the degree of that includes the customer requirement and the degree of

variation. Addresses multiple occurrences.variation. Addresses multiple occurrences.

PROCESS PERFORMANCE

Call servicing 32 seconds ASA vs goal of 35

Billing 98% accuracy, on time, right location

Accounts Receivable 33 days average aging vs goal of 40

Customer Service 82% rated 4 or 5 responsiveness

16

The Antecedents of Six Sigma

• Six Sigma is the latest and most powerful in a long line of process management and process improvement methods, e.g.:– Guilds– The Scientific Method– Quality Circles– TQM

• Six Sigma has built on these ideas and added powerful tools

• It is specially useful for transactional processes

17

Principle 1

The board of directors should be aware of the major aspects of the bank’s operational risks as a distinct risk category that should be managed, and it should approve and periodically review the bank’s operational risk management framework. The framework should provide a firm-wide definition of operational risk and lay down the principles of how operational risk is to be identified, assessed, monitored, and controlled/mitigated.

Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)

Sound Practices inOperational Risk Management

18

Principle 2

The board of directors should ensure that the bank’s operational risk management framework is subject to effective and comprehensive internal audit by operationally independent, appropriately trained and competent staff. The internal audit function should not be directly responsible for operational risk management.

Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)

Sound Practices inOperational Risk Management

19

Principle 3Senior management should have responsibility for implementing the operational risk management framework approved by the board of directors. The framework should be implemented throughout the whole banking organization, and all levels of staff should understand their responsibilities with respect to operational risk management. Senior management should also have responsibility for developing policies, processes and procedures for managing operational risk in all of the bank’s products, activities, processes and systems.

Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)

Sound Practices inOperational Risk Management

20

Principle 4

Banks should identify and assess the operational risk inherent in all material products, activities, processes and systems. Banks should also ensure that before new products, activities, processes and systems are introduced or undertaken, the operational risk inherent in them is subject to adequate assessment procedures.

Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)

Sound Practices inOperational Risk Management

21

Principle 5

Banks should implement a process to regularly monitor operational risk profiles and material exposure to losses. There should be regular reporting of pertinent information to senior management and the board of directors that supports the proactive management of operational risk.

Source: Sound Practices for the Management & Supervision of Operational Risk (Basel Committee – July 2002)

Sound Practices inOperational Risk Management

22

The 6Process

IMPROVE

Operational Risk Assessment & Analysis

New Process

Capability

Project Selection

SIPOC

Capability Baseline

Measurement System Validation

Establish Controls

Measurement System Validation

Process Specifications

New Process Pilot

New Policies & Procedures

Identify Key Risk DriversCorrelation

Analysis

Confirm Impact

Process Risk Mapping

Key Risk Indicators (Dashboards)

Creating Management Awareness Identification & Risk Mapping Quantification & Modelling Risk Profiling Risk Solutions Monitoring & Updating

Level

1 B

usines

s Lin

es

• Natural Linkage to Operational Risk Management Framework

• Operates at Level 1, Level 2 and Activity Group Level (All Business Lines)

• Linked to All Products, Activities, Processes, and Systems

• DMAIC Employed to Improve Existing Policies, Procedures, and Processes….DFSS Leveraged to Design New Ones

• Natural Linkage to Operational Risk Management Framework

• Operates at Level 1, Level 2 and Activity Group Level (All Business Lines)

• Linked to All Products, Activities, Processes, and Systems

• DMAIC Employed to Improve Existing Policies, Procedures, and Processes….DFSS Leveraged to Design New Ones

Operational Risk Definition & Analysis

Lev

el 2

& A

ctiv

ity

Gro

up

s Operational Risk Management Framework

Mapping 6 to Operational Risk Framework

24

Operational Risk Management Using 6

Business Line DescriptionPotential Risk

FactorsPotential Failure

EffectsPotential Causes

Current Controls

Business Line Risk

(Exposure Indicator - EI)

Probability of Loss

Event (PE)

Loss Given Event

Occurs (LGE)

Expected Loss (EL)

1 Corporate Finance - - - - 0.50 0.10 100 5.00

2 Trading and Sales - - - - - - - -

3 Retail Banking - - - - - - - -

4 Commercial Banking - - - - - - - -

5 Payment and Settlement - - - - - - - -

6 Agency Services - - - - - - - -

7 Asset Management - - - - - - - -

8 Retail Brokerage - - - - - - - -

Operational Risk Internal Measurement Analysis (ORIMA)

Six Sigma Focus• Identify Risks• Describe Outcome of Failure• Determine Cause & Effect• Evaluate Current Controls

Expected Loss Factors ORIMA Drills-Down From Top Level

Business Line to the Processes Within Each Activity Group

ORIMA Drills-Down From Top Level Business Line to the Processes

Within Each Activity Group

5004003002001000

150

100

50

Observation Num ber

Ind

ivid

ual

Val

ue

I Chart for Approval

1

Mean=98.13

UCL=156.0

LCL=40.23

17015013011090705030

UBUB

Process Capability Analysis for Approval CT_

PPM Total

PPM > UB

PPM < LSL

PPM Total

PPM > UB

PPM < LSL

PPM Total

PPM > UB

PPM < LSL

Ppk

PPL

PPU

Pp

Cpm

Cpk

CPL

CPU

Cp

StDev (Overall)

StDev (Within)

Sample N

Mean

LSL

Target

Upper Bound

*

*

*

*

*

*

133962.26

133962.26

*

*

*

*

*

*

*

*

*

*

19.5817

19.2991

530

98.126

*

*

120.000

Exp. "Overall" PerformanceExp. "Within" PerformanceObserved PerformanceOverall Capability

Potential (Within) Capability

Process Data

Within

Overall

Receive Loan Application

Review Application

Enter in System

Loan Approval

Notify Bank Manager & Customer

NO

YES

Approve Loan Amount

Prepare Documents

Notify Bank & Customer

Customer Signs

Paperwork

Enter in System

Disperse Funds

Material

Fast Loan Approval

Methods

Machine Environment

# of loan processors

Internet capability

Easy to understand instructions

Manager approval

Processor Review

# of underwriters

Disclosures

Application

Create approval letter

Remote Printing

Credit Score

Loan amount

Material

Fast Loan Approval

Methods

Machine Environment

# of loan processors

Internet capability

Easy to understand instructions

Manager approval

Processor Review

# of underwriters

Disclosures

Application

Create approval letter

Remote Printing

Credit Score

Loan amount

254 164 53 38 2147.9 30.9 10.0 7.2 4.0

47.9 78.9 88.9 96.0 100.0

0

100

200

300

400

500

0

20

40

60

80

100

Defect

CountPercentCum %

Per

cen

t

Cou

nt

Pareto Chart for Loan Amount

Business Line DescriptionPotential Risk

FactorsPotential Failure

EffectsPotential Causes

Current Controls

Business Line Risk

(Exposure Indicator - EI)

Probability of Loss

Event (PE)

Loss Given Event

Occurs (LGE)

Expected Loss (EL)

1 Corporate Finance - - - - 0.50 0.10 100 5.00

2 Trading and Sales - - - - - - - -

3 Retail Banking - - - - - - - -

4 Commercial Banking - - - - - - - -

5 Payment and Settlement - - - - - - - -

6 Agency Services - - - - - - - -

7 Asset Management - - - - - - - -

8 Retail Brokerage - - - - - - - -

Operational Risk Internal Measurement Analysis (ORIMA)

7.27.17.0

150

100

50

pH

PL

T.Y

LD

.

S = 18.7123 R-Sq = 42.5 % R-Sq(adj) = 40.0 %

+ 1327.06 pH**2

PLT.YLD. = 68371.0 - 19042.9 pH

Regression Plot

Quadratic Model

7.27.17.0

150

100

50

pH

PL

T.Y

LD

.

S = 18.7123 R-Sq = 42.5 % R-Sq(adj) = 40.0 %

+ 1327.06 pH**2

PLT.YLD. = 68371.0 - 19042.9 pH

Regression Plot

Quadratic Model

The Discipline and Its Approach, Combined With a Rich Set of Analysis Tools, Makes Six Sigma a Perfect Fit

for Operational Risk Management

The Discipline and Its Approach, Combined With a Rich Set of Analysis Tools, Makes Six Sigma a Perfect Fit

for Operational Risk Management

Operational Risk Assessment & Analysis

New Process Capability

IMPROVEIMPROVEIMPROVE

Project Selection

SIPOC

Capability Baseline

Measurement System Validation

Establish Controls

Measurement System Validation

Process Specifications

New Process Pilot

New Policies & Procedures

Identify Key Risk DriversCorrelation

Analysis

Confirm Impact

Process Risk Mapping

Key Risk Indicators (Dashboards)

Operational Risk Assessment & Analysis

New Process Capability

IMPROVEIMPROVEIMPROVE

Project Selection

SIPOC

Capability Baseline

Measurement System Validation

Establish Controls

Measurement System Validation

Process Specifications

New Process Pilot

New Policies & Procedures

Identify Key Risk DriversCorrelation

Analysis

Confirm Impact

Process Risk Mapping

Key Risk Indicators (Dashboards)

Operational Risk Management Using 6

26

A Way Forward

Outside In or Inside Out

• Outside In:1. Review statistics for comparable businesses and identify risk

by type

2. Identify the processes that lie behind the risk (hierarchy)

3. Perform risk analysis on the key processes (FMEA)

4. Identify key measures inside and outside of the process

5. Collect data

6. Monitor, using dashboards and control charts. Search for signals

7. Take action as required (DMAIC, Lean, DFSS or other)

27

• Inside Out:

A Way Forward

1. Inventory all processes

2. Identify those presenting the greatest risk

3. Identify the sub-processes that lie behind the risk (process hierarchy)

4. Perform risk analysis on the key processes and sub-processes (FMEA)

5. Identify key measures inside and outside of the process

6. Collect data

7. Monitor, using dashboards and control charts. Search for signals

8. Take action as required (DMAIC, Lean, DFSS or other)

28

Further Questions / Information:

Lori MarinTelephone: 312-381-4420

Email: [email protected]

Questions?

29

30