Tony Taylor and David Jones, Yorkshire Building Society

Tony Taylor is group risk manager and David Jones chief auditor for the Yorkshire Building Society, a £10 billion capital mutual society that focuses on residential lending.

In 1998, they began to develop an approach to operational risk management that complemented an increasing focus on risk within the internal auditing process, introducing advanced technology to automate risk/control assessment.

What prompted the Society to implement a new programme for op risk management?

The project was initially prompted by regulatory guidance. However, the first exercise only produced a static view of risks, and the Society realised the importance of using a more dynamic approach.

This new approach involved designated roles and responsibilities for risk management within an agreed structure, and establishing tools and techniques for the identification and assessment of risks.

What are the overriding aims of the initiative?

To improve corporate governance, risk awareness and its focus, and the business’s ability to tackle risks on a cross-functional basis.

How is your operational risk initiative structured in terms of reporting lines?

Tony’s position as group risk manager allows regular contact with senior management, enabling him to discuss emerging risks. He also produces reports for the Board Audit Committee and senior management, which identify the current high-level risks and how they are being managed.

David, as chief auditor, provides an independent assessment of whether the measures taken to manage risks have achieved the net risk position anticipated by line management.

What was wrong with more traditional audit programmes?

The previous audit approach focused on individual areas of the business and did not allow a view to be obtained of the cumulative impact of risks and controls. As a result, over-control was less easy to identify.

The new approach draws on line management’s experience to expand knowledge of risks to a process and ensure appropriate countermeasures are implemented.

What have been the tangible benefits of the new approach?

The enhanced information available at the start of an audit has resulted in a reduction in the average time spent on reviews. And the creation of a risk database allows the operational risk manager to provide management with tailored reports. Among other facilities, the software can produce reports showing risks by category, gross risk score, net risk score, owner etc.

When selecting the software to support this programme, a key consideration was whether it could be used as an audit tool as well as by the risk team. It was also important to ensure that it could supply all anticipated reports.

We are now planning to refine the risk policy to determine more precise parameters for decision making throughout the group.

Could larger financial organisations learn from your experience?

The Yorkshire Building Society is a relatively small, non-diversified financial institution, and this has undoubtedly made the process of implementing this approach easier. However, any organisation will benefit from adopting a structured approach to risk management.

Aside from the possibility of new capital charges for operational risk, we believe that, above all, the focus should be on emerging risks within our rapidly changing businesses.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Most read articles loading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here