Academic journal article Global Business and Management Research: An International Journal

Internal Control System and Perceived Operational Risk Management in Malaysian Conventional Banking Industry

Academic journal article Global Business and Management Research: An International Journal

Internal Control System and Perceived Operational Risk Management in Malaysian Conventional Banking Industry

Article excerpt


Risk can lead to ambiguous future results and decisions (Doerig, 2003). However, risk is a common issue facing all organisations, particularly financial institutions. Although risk cannot be avoided, it can be managed with the use of a proper system. Risk management is one of the most important practices that needs to be implemented in banks. Risk management helps in guaranteeing the trustworthiness of the operations and procedures followed by banks. Credit risk, liquidity risk, currency risk, operational risk, market risk, and interest rate risk are several risks faced by banks which may jeopardise the sustainability of a bank (Shafiq & Nasr, 2010; Al-Tamimi & Al-Mazrooei, 2007). Thus, operational risk is one of the risks that is important and compulsory for banks to manage.

The Asian Institute of Chartered Bankers (AICB) (formerly known as Institute of Bankers Malaysia (IBBM) (2010), defines operational risk according to the context of the Malaysian local conventional banks, as (i) risks that are due to the weaknesses in information systems and internal control system or from external events such as fraudulent activities that lead to financial losses; (ii) risks that are caused by human errors, system failures, and flaws in procedures as a result from the failure in internal control procedures either in the front, middle and or back office activities that can lead to unforeseen losses.

Operational risk can be divided into three dimensions: cause, event, and effect (or consequence/impact). The definitions of the three risk dimensions including operational risk loss are summarised in Table 1 (Basel II, 2003):

Operational risk is a weakness to a bank that can be mitigated through a better management (Nicoletta & Cornelia, 2007). Thus, operational risk management provides the foundation to identify any operational risks in the organisation and disseminate information and rectification required to all relevant parties at different levels of management (Aung, 2008). Failure to properly manage operational risk can lead to negative consequences including the collapse of a bank (Sundmarcher & Ford, 2007).

Banking operation units in Malaysia are highly responsible for identifying, managing, and reporting risk or errors which transpired in a department (IBBM, 2010). Central Bank of Malaysia (BNM) is the highest authority that is committed to monitoring the implementation of banking institution risk management. Furthermore, BNM provides incentives for banking institutions that implement a resilient risk management system (BNM, 2010). Most importantly, the implementation of the Operational Risk Reporting System since January 2013 has proven that BNM is keen on encouraging Malaysian banks to manage operational risk efficiently (

Operational risk management is a continuous system that needs to be continuously enhanced for it to be effective. Thus, the insights and inputs from internal auditors are needed for the risk management team to measure operational risks (Allegrini & D'Onza, 2003). Hence, banks solely depended on the internal control mechanisms within the business boundaries and enhanced by audit functions in order to mitigate operational risk. A solid internal control system, detailed procedures and policies, and knowledgeable employees are the most imperative qualities in designing a strong operational risk management. Moreover, internal control functions as a defence mechanism between system errors or human and potentially damaging results (McPhail, 2003). Goodwin-Stewart and Kent (2006) further supported that there must be a strong relationship between internal audit and the level of commitment to risk management. Karagiorgos, Drogalas, Eleftheriadis, and Christodoulou (2010) encouraged more research on the possible applications of internal control system in risk assessment and to further explore how a risk management system based on the internal control system might be best deployed into the business entity. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.