RSK 4801 ASSIGNMENT 01 Topics 1 -3 Due date: 25 June 2013 Unique number: 772936 Student number: 46433597 Nameand last name: Byron Jason Topic 1. Comparing the roles and responsibilities of the board of Benchmark Bank Ltd with the requirements stipulated in King 3 Report for risk management and internal audit and corrective action that should be implemented that will ensure compliance with the King 3 requirements 2. Analyses of the reported losses and corrected information to reflect the losses more accurately for the annual report. 3. Brief to EXCO introducing an operational risk function at Broken Wing. 4. Distinguishing between risk indicators, control effectiveness, and performance indicators Page Number 2 5 8 11 5. References 13 1|Page represents the board should meet at least once a year with the internal and external auditors. Benchmark Main Board The risk appetite of the board was set in September 2009 and then adjusted in 2012 King 3 Requirement Corrective Action King 3 states that the Therefore. to correct this. the board needs to set the levels of risk tolerance once a year and monitor that the risks taken are within the tolerance and appetite level. it does not filter information that is of concern Issues which came up The board should ensure were not addressed the integrity of the therefore not included in company’s integrated the integrated report reporting 2|Page The audit committee should schedule meetings with internal and external audit without management being present The board needs to approve various limits and it should be disclosed The board should ensure that the internal audit activity is properly trained and that they can enforce the board to address disturbing issues The board needs to ensure that all matters of concern are addressed and included in the . The board should ensure that the implementation of the risk management plan is monitored continually The interaction of the King 2 states that the audit board with internal and committee which external audit was limited.1. but at least once a year. Benchmark board should set the levels bank is not complying with of tolerance once a year the code. Various limits were King 3 states that a increased without board change in risk appetite approval requires the approval of the board and disclosed in the integrated report There was no effective risk The board should be committee responsible for the governance of risk The board should ensure Internal audit does not that there is an effective meet with the audit risk based internal audit committee. The board should review its risk management plan regularly. Comparing the roles and responsibilities of the board of Benchmark Bank Ltd with the requirements stipulated in King 3 Report for risk management and internal audit and corrective action that should be implemented that will ensure compliance with the King 3 requirements. King 3 states that the board must review the charter of the audit committee Board needs to review and approve the revised charter. the financial controls of the company or to any related matter. King 3 states that ‘The audit committee must receive and deal appropriately with any concerns or complaints. The board needs to appoint a risk committee that will be able to discharge its duties The board needs to put . Board Audit Committee Concerns regarding traded market risk came to the attention of the BAC. they had a relaxed approach and did not address matters brought to their attention The audit committee King 3 states that there 3|Page There was no risk committee at the time. The BAC operated on a revised charter from September 2011 onwards. The BAC operated on a charter that was approved in May 2010. The BAC was ineffective King 3 states that the risk in reporting weaknesses in committee should evaluate controls to the board the risks of the organisation The audit committee did not allocate sufficient time to risk management issues The audit committee did not filter information to the board and they did not enforce corrective action The audit committee did not correct audit findings that were reported by the regulators.The audit committee did not understand governance and risk weakness issues The board should ensure that the company has an effective and independent audit committee intergrated report The audit committee members need to be replace with members who do understand. relating either to the accounting practices and internal audit of the company or to the content or auditing of its financial statements. and were not escalated to the board. The board should ensure that there is transparency within the organisation The Regulators The regulators brought up issues to the board which were not addressed. King 3 states that internal audit needs to discuss and disclose all issues of concern with the audit committee Internal audit needs to have a better relationship with the audit committee and should discuss issues of concerns The regulators need to ensure that the board addresses their concerns.members did not understand governance and risk weakness issues should be a basic level of qualification and experience for members on the audit committee which includes understanding of risk management and governance processes The risk committee should convene regularly but at least twice a year members on the audit committee which have an understanding of risk management and governance. The BRC should schedule at least two meetings for the year. there has not been another to date. Board Risk Committee The last BRC meeting was held in November 2011. Internal Audit Audit issues were not disclosed to the audit committee. Maybe every 6 months. Culture There is a culture of secrecy Filtering of information by the audit committee to the board was dismal The CIB’s attitude towards the findings of the regulators were non chalant The CIB had a negative attitude towards internal audit 4|Page . Incorrect 11/02/2012 calculation by clerk Duplicate payment to Lloyds 16/02/2012 bank Payment to Sumitomo into wrong act loss Y156312 due to 23/02/2012 change in currency Payment fraud by triade 28/02/2012 syndicate JSE penalty for late settlements. Loss on 11/01/2012 swap curve Bond options trader captured 18/01/2012 expiry date wrong SAFEX penalty for late margin calls. Clearing House official did 23/01/2012 not contact broker for payment JSE penalty for late bond 30/01/2012 settlements. Recon outstanding for cleared 06/03/2012 funds Goodwill payment to Big Shot Ltd because business online was 11/03/2012 down over month end Fraud due to sharing of 18/03/2012 passwords by payment staff 23/03/2012 Teller Difference 30/03/2012 Teller Difference 04/04/2012 Teller Difference 11/04/2012 Teller Difference-New Teller 16/04/2012 Staff fraud 23/04/2012 Staff fraud Fraudulent payment by staff 28/04/2012 member 05/05/2012 Armed robbery 5|Page Amount Risk Type Risk Subcategory People Rand Value 151976 21351 Operational Risk 1573035 Market Risk 52314 Operational Risk Market Risk People 1573035 604980 100000 Operational Risk 150000 Operational Risk 150000 Operational Risk People Process People 100000 150000 150000 35000 Operational Risk 20000 Operational Risk People People 249129 231288 156312 Operational Risk 6500000 Operational Risk People External events 14553 6500000 450000 Operational Risk Process 450000 600000 Operational Risk 300000 15687 5962 1114 214509 100250 56000 Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk Systems People People People People People People People People External events 600000 300000 15687 5962 1114 214509 100250 56000 30000 15600000 30000 Operational Risk 15600000 Operational Risk . Analyses of the reported losses and corrected information to reflect the losses more accurately for the annual report. Customer claim for bad 04/02/2012 derivatives investment advice Interest on late Citi bank collateral calls. Date Description Trader on the FX desk 06/01/2012 processed incorrectly AML function wrong directional view on interest rates.2. card cloned Charge back recon differences 753451 Operational Risk 2567000 Credit Risk 654789 Credit Risk 5000 Operational Risk 5000 Operational Risk 5000 Operational Risk 105678 10300 53800 23749 43671 Operational Risk Operational Risk Operational Risk Operational Risk Operational Risk 73421 Operational Risk 44576 Operational Risk 150000 Operational Risk 15000 Operational Risk 256896 Operational Risk 15352 Operational Risk 1100 Operational Risk 7000000 Operational Risk 11890650 Operational Risk People People Process External events Process People People External events External events 73421 317291 150000 15000 256896 15352 7830 7000000 11890650 Interest claim due to late swift 01/10/2012 transfer Processing official used 08/10/2012 incorrect rate Damage to premises due to 31/12/2012 ATM bombings 31/12/2012 26 ATM bombings 6|Page .10/05/2012 17/05/2012 22/05/2012 BA800 submitted incorrectly Teller Difference Teller Difference 5000 Operational Risk 32418 Operational Risk 35167 Operational Risk 10000 Operational Risk 235145 342190 500000 10000 Operational Risk Operational Risk Operational Risk Operational Risk People People People External events People People Process People People Credit Risk Credit Risk People People People People People People People People 5000 32418 35167 10000 235145 342190 500000 10000 753451 2567000 654789 5000 5000 5000 105678 10300 53800 23749 43761 Stolen cheque book Bob 29/05/2012 Mugabe Loaded incorrect atm fee 03/06/2012 increased for July 10/06/2012 Staff fraud 15/06/2012 Lost guarantee P Pompies 22/06/2012 BA800 submitted incorrectly Irrecoverable losses due to not 27/06/2012 follow up of excess reports Bad debts written off: JMM 04/07/2012 construction Bad debts written off: JBC 09/07/2012 construction supplies Access payment for motor car 16/07/2012 accident claim Access payment for motor car 21/07/2012 accident claim Access payment for motor car 28/07/2012 accident claim Late registration of bonds due 02/08/2012 to strike 09/08/2012 Staff fraud 14/08/2012 Staff fraud 14/08/2012 Teller difference 26/08/2012 Teller difference Interest claim by client because of bad service (customer not informed of interest rate 02/09/2012 changes) Commodities trader captured 07/09/2012 incorrect amount Write off due to incorrect 14/09/2012 model parameters. 19/09/2012 26/09/2012 Embossing fraud . 15/01/2013 Branch teller differences 165631 Operational Risk People 165631 Consolidation of total value per risk and event occurrences Risk Credit Risk External events Market Risk People Process Systems Grand Total Amount (R.) Event Occurrence 3221789 41015650 1573035 4470632 1506896 600000 52388002 2 6 1 35 5 1 50 Rand value of risk 45000000 40000000 35000000 30000000 25000000 20000000 15000000 10000000 5000000 0 Credit Risk External events Market Risk People Process Systems 3221789 4470632 1573035 1506896 600000 41015650 Number of event occurrences per risk 40 35 30 25 20 15 10 5 0 Credit Risk External events Market Risk People Process Systems 2 6 1 5 1 35 7|Page . should an event occur. Brief to EXCO introducing an operational risk function at Broken Wing. the reputation of Broken Wing will be enhanced. 2009) Basel II defines operational risk as “The risk of loss resulting from inadequate or failed internal processes. 2010:8 sourced from Operational Risk: The next frontier. and a higher quality of customer service and improved financial controls. Been able to make informed decisions (Governance) 2. Insurance – By managing operational risk Broken Wing can know the appropriate cost of transferring the risk and whether a particular insurance is appropriate 3. or external events. 4. Been able to understand the operational risk context of decisions 8|Page . Outsourcing – By managing operational risk Broken Wing can outsource certain activities that can be performed more efficiently. Outsourcing should enable Broken Wing to have higher transaction levels. or systems or from external events” Including legal risk. improved speed. by doing this Broken Wing can get back to business quickly. (Blunden & Thirlwell. Broken Wing can prevent a risk occurring. Successful operational risk management reduces risk and improves business effectiveness Benefits of operational risk management 1. people. by managing risk practises it will enhance the shareholders’ value by been able to minimise the likelihood and impact of risk occurrences that could decrease shareholder value and exploit opportunities to create value when they arise. whereas competitors are unable to. If Broken Wing can avoid the risk. Business continuity – By managing operational risk Broken Wing can identify its vulnerabilities. systems. Reputation Risk. there will be no operational risk to deal with. people will become Broken Wings greatest asset. people. 2. People Risk – By managing operational risk and creating a good people environment where people are open to change and are able to respond to flexibly and quickly to business opportunities as well as threats to the business. and excludes strategic and reputational risk. RMA/PricewaterhouseCoopers. Broken Wing will also benefit by: 1.3. Benefits of Operational Risk Management The benefits of operational risk management could be an increase in the value of the business.By managing operational risk correctly. Definition of Operational Risk Operational risk can be defined as the risk of loss resulting from inadequate or failed processes. 5. as well as setting the tone as to how the bank should go about implementing the operational risk framework. Getting the right information on past events. the present state of the operational risk environment and its possible future state Operational risk framework that should be introduced at Broken Wing Governance: This is the process where the board of directors define key goals for the bank and overseas the progression towards achieving the goals. and execution. It defines overall operational risk culture at the organisation. tools and tactics of the bank. Strategy: Benchmark Bank strategy for operation risk drives the other components within the management framework. Distinguishing and differentiating between operational risks 4. structure. It provides clear guidance on risk appetite. policies. The successful risk strategy should be firmly embedded in the vision. and process for day to day risk management. Been able to evaluate and assess past problems 5. strategies.3. Knowing where the organisation is now and where the organisation is heading 6. 9|Page . Governance sets the precedence for strategy. Allocating capital on an operational risk basis 7. 10 | P a g e . this will lead to informed business decisions. assess. audit. developing risk measurement models that assess regulatory and economic capital. adequate procedures should be designed and implemented to ensure execution of the policies. implement. The policies should be communicated at all levels of the bank. Evaluations based on internal and external changes: The risk management process should improve risk performance. and allocating economic capital against the actual risk confronted.Appetite and policy: The risk management process should ensure that the bank behaviour is driven by its risk appetite. Execution: Once the operational risk management framework has been established by the bank. The operational risk management goals should be evaluated periodically taking into consideration internal and external factors. and supervise their strategic risks. decide. Structure: The design of the operational risk management structure should have taken the overall risk scenario of the bank as a guideline. The bank should adopt an operational risk strategy that is aligned to the risk appetite that is set. There should be a strategic policy at the board level that focusses on managing risks at all levels. Clear definition and communication of policy: The banks senior management should identify. It should include a hierarchy structure that balances current risk processes. Risk indicators tell us about changes in the likelihood or impact of a key risk and can be linked to a risk and control assessment. as it can change over time from the perspective of the users of the indicator. indicators of controls which mitigate an individual risk and. Risk indicators should be reviewed periodically for relevance. number. profitability. which is focuses on a single exposure area 2. Distinguishing between risk indicators. control effectiveness. Argue the characteristics that you will consider to develop risk indicators Relevance: Risk indicators should be relevant and linked to the organisations operational risk exposure and it should provide management with the quantum regarding the levels of exposure and degree to which such exposures are changing over time. Performance indicators are commonly used in business to assess the current level of performance. A control effectiveness indicator tells us about the change in the design or performance of controls and is linked to a risk or control assessment. Performance Indicators: This is a metric that measures performance or the achievement of targets. the risk indicator should meet the following criteria: 1. Common or generic. or count.g. They are linked to the business objectives e. Specific focus. Must be comparable over time. which covers a specific area of activity and provide a general impression of current exposure levels or activity. There are three indicators to determine relevance: 1. Must have values which are reasonably precise and a definite quantity. 2. ratio. General focus. 11 | P a g e .4. sales. usually adding specific context. staff costs. Measurable: Risk indicators must be able to be measured repeatedly and with certainty. 3. percentage. indicators of controls which mitigate a number of risks. Must be quantifiable as an amount. which can be used anywhere in the organisation. revenues. total costs. 4. and performance indicators Risk Indicators: This is a metric that provides information at the level of exposure to a given risk which the organisation has at a particular point in time. To be measurable. Control Effectiveness: This is a metric that provides information on the extent to which a given control is meeting its intended objectives. 3. Control effectiveness indicators fall into two categories namely. Must be reported with primary values and be meaningful without interpretation or some subjective measure. or current perspective of the operational risk exposure. and monitor. Easy to monitor: In order for the organisation to the source data which can be used for risk indicators: 1. Leading indicators are the most difficult to develop a simple projection of the future based on historical events thus sacrificing accuracy and reliability. lagging. complete. the internal audit function should include it as part of their audit coverage. The data should be relatively easy to interpret. 12 | P a g e . Comparability: The indicator identification and selection process of an organisation should assess the level of comparability with the benchmarks in and across the industry to ensure that the users for the indicators have a better understanding of the exposure levels that the indicator relates to. Lagging indicators provides useful information regarding the historical causes of loss or exposure.Predictive: Indicators can provide a leading. The data should be simple and relatively cost effective to collect. The operational risk management department should be satisfied with the quality and as a governance measure. understand. Auditable: It is important that risk indicators are accurate. 2. Current indicators provide a current view of operational risk exposures and may identify a situation that requires attention to reduce an exposure or minimise a loss. It can also be useful where losses are initially hidden or where changes in historical trends may reflect changes in circumstances that may have some predictive qualities. quality assured and distributed. and timely because management will place significant reliance on them. Operational Risk and Resilience. References All answers derive from the prescribed textbook and study guide unless otherwise stated. J. C. 2. Operational Risk Management (ORM) Framework in Banks and Financial Institutions [online]. Prentice Hall.Available from http://www.htm [15 June 2013] 13 | P a g e .2000.2010. 2008. Buttersworth 3. Question 3 adapted from Author Unknown. T. Frost. Blunden. 1st Edition. & Allen. & Thirlwell.com/solution_briefs/ORM. Great Britain.1st Edition. Mastering Operational Risk. United States of America. D.metricstream.5. 1.
Report "RSK4801 Assignment 01 Byron Jason 46433597"