Operational Risk Management

Click here to Request a Demo

Overview

Our operational risk management solution helps you collect incident data, assess risk, and follow up on action items to:

  • Ensure your organization’s compliance with Basel III and Solvency II
  • Improve the quality and effectiveness of your operational risk management processes
  • Automate the consolidation and communication of your organization’s exposure to risk

For risk management departments in the finance and insurance industries, complying with regulations like Basel III and Solvency II while making operational risk management a part of everyday operations is a major challenge.

Based on the best practices outlined in international standards and frameworks like COSO, ISO 31000, and ISO 27000, our operational risk management (ORM) solution covers all operational risk management processes and can be configured to fit your particular organization with a personalized interface for each user profile.

Incident data collection and risk quantification phase: Managing incidents and calculating capital allocations

When an incident is entered into the solution by a member of your operational staff, it can be associated with losses, provisions, and recoveries and linked to events, business lines, and risks. Once incident data has been entered, it is submitted to risk managers via a workflow for analysis and consolidation. Our solution offers several approaches to measuring risk - basic indicator approach (BIA), the standard approach (TSA), and the advanced measurement approach (AMA) - which can be used independently or in combination - to meet Basel III and Solvency II requirements.

Risk and control self-assessment phase: Identifying, measuring, and consolidating risk

Risks can be identified in one of two ways: top-down or bottom-up. In both cases, risk managers are the ones responsible for setting up a risk library. This entails identifying risks, categorizing them, associating them with a given situation, and determining the appropriate control systems to mitigate them. Our ORM solution offers a user-friendly interface and graphical mapping capabilities that make completing these tasks easy. Risks are assessed by experts and by own risk and solvency assessment (ORSA) processes where risk owners are asked to complete questionnaires on a regular basis to ensure that the organization has an updated picture of its exposure. One of the main advantages of our ORM solution is that risk can be assessed for a particular process or business unit. Measurements are then aggregated by situation and by risk.

Risk treatment phase: Monitoring risks and following up on action plans

When exposure to a given risk is high, risk managers can decide to either accept the risk as-is, reduce it, provision for it, or insure it. If a risk manager decides to reduce a risk, then the appropriate controls and action plans must be implemented. Controls are generally preventive and long-term in nature, while action plans are corrective and time-bound. With our ORM solution, users can submit action plans, approve them through a workflow, and track progress via reports.

Our ORM solution is powered by the HOPEX, our signature platform that supports all our enterprise governance solutions. Our comprehensive approach gives you a more complete vision of your organization by incorporating risks into representations of your company’s assets, capabilities, and strategy, thus enabling more informed decision-making that takes potential threats into account.
Used in conjunction with our other corporate governance solutions, our operational risk management solution gives your risk managers an enterprise-wide governance framework and your top executives a 360° view of your operations.

Features

Our operational risk management (ORM) solution is powered by the HOPEX platform. Secure data access, workflows, and reports can be configured for each user profile. The solution is designed to support risk managers and risk owners at every stage of risk management process implementation.

The solution’s collaborative workspace and shared repository ensure that all of the data and documentation required to execute and track operational risk management are shared, traceable, and secure.

The standard configuration is based on recommendations and best practices developed by leading professional organizations, international standards, and MEGA’s extensive experience in the field of operational risk management. Our turnkey solution can also be configured to fit your risk management department’s particular structure and methods.

Our ORM solution covers the entire operational risk management process. The standard configuration offers the following features for each user profile.

1. Incident data collection and risk quantification phase: Managing incidents and calculating capital allocations

Collecting incident data

  • Incidents are entered manually via the solution or imported from a third-party application
  • Losses, provisions, and recoveries can be associated with each incident
  • Incidents can be linked to types of events, business lines, and risks
  • The incident approval process is automated by a workflow

Calculating capital allocations

  • Capital-at-Risk (CaR) is calculated using three approaches: BIA, TSA, and AMA
  • For AMA, a capital model is built based on the incident and loss matrix
  • Value-at-Risk (VaR) is estimated based on past losses using the Monte Carlo method and advanced statistical analysis methods like the log-normal, Weibull, and Poisson distributions

2. Risk and control self-assessment phase: Identifying, measuring, and consolidating risk

Identifying risks – Risk managers and risk owners

  • Risks identified using a top-down approach: Risk managers identify risks and ask risk owners to assess them
  • Risks identified using a bottom-up approach: Risks are identified by risk owners and submitted to the risk managers
  • Risks are mapped in relationship to their context (business processes and business units) using the solution’s graphical risk mapping capabilities

Managing the risk library – Risk managers

  • The risk manager sets up a risk library: Risks are identified, categorized, and then associated with particular situations and appropriate control systems to mitigate them
  • Indicators and analytical and summary reports are generated to facilitate risk library management

Assessing risks – Risk owners

  • Risks are assessed by experts or an own risk and solvency assessment (ORSA) processes
  • Risks are assessed in relation to the associated business processes and business units
  • Automatic alerts are generated and self-assessment questionnaires sent out at predetermined intervals to ensure that the organization has an updated picture of its exposure
  • The solution establishes key risk indicators (KRIs), which are updated by business users

Consolidating risks – Risk managers

  • The different measurements for a given risk are aggregated and exposure to the risk is automatically calculated for each business process, business unit, type of risk, and absolute risk exposure
  • Future risk exposure is forecasted based on measurements from previous years and the implementation of action items

3. Risk treatment phase: Monitoring risks and following up on action plans

Monitoring risks with appropriate controls – Risk managers and risk owners

  • The response to each risk is determined: accept as-is, reduce, provision, or insure
  • Appropriate controls and action plans to reduce the risk are determined and implemented
  • Action plans are submitted and approved through a workflow

Following up on action plans – Risk managers

  • Reports are generated to facilitate tracking progress on action plans
  • Action plan effectiveness is measured by comparing the inherent and residual risk exposures

Benefits

For risk management departments in the finance and insurance industries, complying with regulations like Basel III and Solvency II while making operational risk management a part of everyday operations is a major challenge.

Our operational risk management (ORM) solution helps risk management departments map, assess, mitigate and control risk so that your organization can:

Ensure compliance with Basel III and Solvency II

Our ORM solution lets you enter incidents and losses, identify and assess operational risk, manage action plans, and calculate capital allocations to meet Basel III and Solvency II requirements.  All information is stored in a single, shared repository, ensuring the consistency, traceability, and transparency of data. Regulatory reports with an incident and loss matrix are automatically generated from the data in the repository, giving you the documentation you need to demonstrate your organization’s compliance to regulators.

Improve the quality and effectiveness of your operational risk management process

Your risk management department can set up and manage a structured risk library using our ORM solution. Risks are categorized by objective and type, and associated with the relevant business processes and business units. All changes are tracked in the shared repository, ensuring a single source of data and helping to facilitate audits. Reports, dashboards, and a shared repository to centralize all data improve follow up on your action plans. Automatic reminders are generated to check progress on action plan implementation. Our solution also automates risk self-assessment questionnaires, lightening risk managers’ workload so they can focus on the least-repetitive and most critical tasks.

Automate consolidation and communication of your organization’s risk exposure

A variety of reports and dashboards are available in our ORM solution to monitor risk status, compliance, and the implementation of appropriate controls. An advanced aggregation engine calculates consolidated risk for each business unit or business process. And, because all information is centralized in a single shared repository, the data used to generate these reports and dashboards are consistent and reliable. Email and alert capabilities facilitate the communication of information to all stakeholders, giving decision makers the insight they need to manage, control, and optimize your organization.

Our operational risk management (ORM) solution is powered by HOPEX, our signature platform integrating all MEGA enterprise governance software. That means you get greater synergies and collaborative efforts among departments, as well as a clear, shared view of key information about your organization.
Used in conjunction with our other corporate governance solutions, our operational risk management solution gives your risk managers an enterprise-wide governance framework and your top executives a 360° view of your operations.

Resources

Learn more about our operational risk management resources and publications:

Customers

Read what our customers have to say about working with MEGA on their operational risk management projects: