Risk/reward evaluation of mitigation and control effectiveness

Rafael Cavestany and Javier Martinez Moguerza

In Chapter 14, we introduced the integration of the operational risk profile into the business plan and the monitoring of the plan execution using an operational risk appetite framework. Here, we examine examples of the evaluation of controls and mitigation plans that have an impact on the risk profile, and which can be used for measuring the consumption of, and/or adjusting the risk limits defined by, the operational risk appetite (ORA) framework.

The impact of the mitigation and controls on the risk levels, ORA, limits, and so on, should be evaluated as they change the risk profile of the institution, which is measured by the operational risk capital model. Far too often, the operational risk analysis is single-sided, evaluating only the threats and potential losses. In this chapter we examine various examples of joint analysis of the risk impacts and the benefits of their mitigation.

The chapter is structured into the following sections describing the risk/reward evaluation of the mitigation actions that can be included in an operational risk business plan.

    • “Insurance programmes: Evaluation of their mitigation impact”.

    • Risk/reward evaluation of the

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: