The document discusses risk assessment and mitigation strategies for a bank. It outlines the process of assessing risk, which includes identifying prevalent risks, assessing their impact and frequency, developing controls, and reassessing exposures. It also evaluates options for mitigating risk, such as periodic assessments, maintaining a risk register, and reviewing contingency plans. Key considerations for selecting mitigation actions include ensuring effectiveness, cost efficiency, alignment with business operations, and consistency with regulatory requirements.
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Assessment Of Risk Mitigation
1. Assessment of Risk Mitigation
Strategies
Presented b y:
Eneni Oduw ole
Group Head, Operational Risk Mgt.
Guaranty Trust Bank Plc
2. Outline
What is Risk Assessment
Case Study
Process for Assessing Risk
Options for Evaluating Risk
Evaluation of Mitigation Strategies
3. What is Risk Assessment?
A logical and objective (qualitative / quantitative)
approach to analyzing and interpreting data with the
purpose of PREDICTING possible adverse eff ects
A formal way to CALCULAT E risk so that informed
decisions can be made; it bears an element of
uncertainty
Risk = Exposure .
Exposure Limit
4. Case Study
In 2007, the senior management of CSBank Ltd decided to
look for better ways to use its IT infrastructure and
investments to prudently and effectively support growth
The Bank had grown rapidly as a result of both acquisitions
and the entrepreneurial cultures in its lines of business which
resulted in difficulties in managing the organization s IT
landscape
It hopes to achieve first mover advantage with new business
opportunities that emerge, the use of initiative is encouraged
amongst business unit heads
What are the major risks faced by this Bank?
5. Process for Assessing Risk
Review strategy & business model
Identify gaps between desired and actual results
Conduct risk assessment (identi fies prevalent risks)
f2
Assess impact & f requency
Develop & implement controls
Reassess risk exposures and controls
Communicate and document f indings
7. Options for Evaluati ng Risk
Conducting Periodic Risk Assessments
Risk Mapping
Maintaining a Risk Register
Periodic Revie w of Contingency Plans
8. Evaluation of mitigation strategies
How to assess risk miti gation
Identification of risk exposures
Critical evaluation of exposures
Dealing with the exposures
(terminate, tolerate, treat or transfer)
Establishment of action plans
9. Features of
Risk Mitigation Strategies
Effectiveness at business unit level: Reduction of risk
exposure
Cost effectiveness: Risk mitigation strategy must be cheaper
than the likely loss estimate
Alignment with business model: Risk controls must
seamlessly fit into the work culture and business profile of the
organisation
Complexit y: The simpler the strategies, the higher the chances of
adoption by stakeholders
Consistenc y with regulatory / legal & ethical
requirements
10. Methods of
identifying risk exposures
Interview with stakeholders: one on one chats
Trend analysis: Key Risk Indicator / data analysis
Brain-storming: with a group of experts
Review completed checklists, templates and surveys:
should be closely monitored
Nominal Group Technique: risk manager facilitates the session but
does not lead the discussion
Delphi Technique: reduces chaos
18. Critical evaluation of Risk
Exposures
Define Exposure Groups ( EGs)
Define Exposure Profiles
Ascertain likel y frequency of occurrence
Determine estimated impact on business (w hether
financial or non -financial)
Determine overall risk rating
Decide acceptabilit y of the risk profile For each EG
19. Dealing with the Risk Exposur es
Terminate : when cost is higher than benefit; no competencies for
managing risk
Tolerate: when cost is within risk appetite levels or insignificant to
benefit; no brainer
Treat: when benefit from business venture is seriously threatened;
staff and business model / structure can implement and support
control
Transfer: when benefit is threatened but staff / business model
may not support required control (risk may be shared or transferred
completely)
20. Considerations for selecting
Action Plans
Policy Changes: Consider regulatory / legal / ethical issues such as
modifications of banking & related policies
In-House Actions: Consider appropriate plans that would fit into
the organization s business strategy / model / structure, and culture
Simplicity: Action plans should be rid of complexities / complex
methodologies which might sabotage the correction process; new process
/ control should be easy for auditors to review
Implementation: Incorporation of related activities into routine
business processes should be seamless; relevant parties should be
carried along
Review: Tracking of implementation should be easy; effectiveness of
control should be tested periodically