The publication by the Financial Services Authority (FSA) of Consultation Papers (CP) 140 and 142 has increased the need for management of all types of risk, including operational risk. The CPs focus on the FSA’s requirements in the form of management information and processes, but do not offer guidelines for implementation. This article explores the difficulties of implementing risk management and proposes a framework to ensure best practice risk management is achieved throughout the organisation.
Regardless of the regulatory need, a governing board wants to know that all the risks inherent in its business are identified and quantified. Where appropriate, the risks should be mitigated efficiently, so that the extent and cost of the mitigation is commensurate with the risk impact. A high-level summary of the risk-management process can be described as follows:
– Identify each risk.
– Quantify each risk’s significance as:
the probability of the risk occurring; and
the magnitude of the potential loss.
– Quantify the effectiveness of the mitigating controls.
– Take appropriate steps to reduce either the probability or the amount of the net loss to a level that can be retained.
In practice this process presents many difficulties, which we will illustrate by examining some of the questions that arise. - See more at: http://www.theactuary.com/archive/old-articles/part-6/risk-identificati…