Academic journal article ABA Banking Journal

Better Defining Your Risk Profile

Academic journal article ABA Banking Journal

Better Defining Your Risk Profile

Article excerpt

When it comes to assessing operational risk, there are generally two schools of thought on how to get the best results. The first, often referred to as the "direct report" approach, involves use of traditional audits and inspections. A team evaluates an operation during an assessment period. All potential risks, from routine to the most detrimental come under the collective radar of the auditing team (or so a company hopes, anyway). A report is issued sometime later, and management is expected to respond and rectify all areas of noncompliance. Typically, there is no follow-up to see whether specific breaches have been repaired.

The philosophy behind this approach says that the net risk to an organization can be best identified by treating all factors equally (at least while they are being identified), and by measuring actual practices against established best practice. With this method, though, the relentless looking at every infraction can wind up obscuring the more significant risks.

An alternative relies both on technology and periodic self-examination. Essentially, this method is based on three assumptions: 1. that the employees themselves are in the best position to assess and prioritize risk affecting their department, division, or unit, on a daily basis; 2. some risk should be ignored because it poses little threat to key objectives; and 3. a more accurate picture of risks is "painted" when handled on an ongoing basis--that is, with more of a "risk diary" then a once or twice-yearly effort.

One advocate of this alternative is CARDdecisions, Inc. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.