Operational risk continues measured progress


The fourth annual operational risk survey, conducted by Op Risk & Compliance magazine and Protiviti, suggests that financial institutions across sizes, geographies and business focus are continuing to make progress on developing their operational risk programmes. The drivers of progress range beyond the Basel II mandate. Although 61% of respondents indicated that Basel II and other related domestic regulation were the most significant influences in the development of their operational risk programmes, 90% of respondents cited internal best practices benchmarking and 75% pointed to concern over levels of internal losses as other key drivers. While the approach and maturity of programmes varies considerably between organisations, they are starting to see the added benefits of a robust operational risk management programme.

In sharp contrast to last year's survey, where less than one in three respondents indicated that they believed their operational risk programmes would reduce operational losses over the next 12 months, this year almost 55% indicated as such. Additionally, over 70% expect significant benefits in four of the seven areas surveyed, and expected benefits were higher in every category in 2006 except one (see figure 1). Respondents are now expecting true value well beyond just the regulatory mandates. Organisations now expect their operational risk programmes to help them fundamentally manage the business better and protect against losses.

With organisations expecting more benefits, they are putting more focus on making operational risk part of their culture. Regular reporting to the board, business units, and senior management are all still very widely used (each used in 60% or more of all organisations). However, there was also a noticeable increase in employee communication programmes and inclusion of operational risk management responsibility in the general code of conduct. Where only 18% of organisations included operational risk responsibility in the employee code of conduct in 2005, 40% included it in this year's survey, a 122% increase year over year. Additionally, there was a 76% increase in the percentage of organisations using operational risk information for annual budgeting purposes from our previous survey. It appears that financial organisations are using the operational risk data not only for management reporting purposes, but also to increase accountability across the organisation and manage the business more effectively.

Continued investment

While most respondents indicated that their operational risk programmes are still in their relative infancies (

In doing so, banks are also making significant progress gathering operational risk data, with the largest concentration of responses stating they had 3-5 years of history (28.8%) versus 1-2 years (28.6%) in our last survey. Improvements in data acquisition appear to have increased banks' confidence in applying a more quantitative approach to their operational risk measurement systems. Respondents reported more frequently using a combination of approaches to modelling economic capital for operational risk, with 31% reporting using this approach today versus only 4% in our last survey. Additionally, the respondents indicated increased use of additional resources in calculating economic capital including KRIs, control effectiveness data, scenario analysis, and near-miss data.

Will the improvements in operational risk management continue? While it appears banks see clear benefits they also see significant obstacles. When rating the significance of obstacles to implementation there was an increase in every area. And, despite the improvements in data, the top four obstacles in terms of significance all related to data issues. Perhaps the increased recognition of these obstacles is the best proof of all that banks are working hard to improve their operational risk programmes and are committed to moving towards increased quantitative measurements in this area. As operational risk data becomes more robust and ORM programmes continue to prove value to the organisation in the form of reduced losses and more precise measures, we expect to see further investment and innovation in these programmes.

Protiviti (www.Protiviti.com) is a leading provider of independent business and technology risk consulting and internal audit services. Protiviti helps clients identify, assess and manage operational and technology-related risks encountered in their industries, and assists in the implementation and the processes and controls to enable their continued monitoring. Protiviti, with more than 45 offices in North America, Europe, Asia and Australia, is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.

For more information on the results of this survey, please contact the author at Michael.schuchardt@protiviti.com

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here