Challenges of Linking Operational Risk Data
Sophie Dupré, Head of Organisational Risk - Barings
The opinions expressed are personal opinions and may change as subsequent
conditions vary. The information and opinions contained in this material are
derived from proprietary and non-proprietary sources deemed by Barings to be
reliable, are not necessarily all inclusive and are not guaranteed as to
accuracy. Reliance upon information in this material is at the sole discretion of
the reader.
Baring Asset
Management Limited
155 Bishopsgate,
London, EC2M 3XY
Tel +44 (0)20 7628 6000
Fax +44 (0)20 7638 7928
www.barings.com
Authorised and regulated by the
Financial Conduct Authority
CONFIDENTIAL
Making Sense of Operational Risk Data
The challenges
•
How can Operational Risk help the Business manage operational risk? How can they add
value?
•
One answer is: by supporting the ongoing identification and measurement of risk through
the effective use of operational risk data.
•
As Operational Risk practices mature, organisations acquire greater volumes and more
complex data.
2
Making Sense of Operational Risk Data
Data gathering
Actions
Issues
Internal
losses/events
External events
Audit reports
Key Risk Indicators
Risk and control
self assessment
Risk Reviews
Key Risk register
3
Making Sense of Operational Risk Data
Linkage
•
Quantity is not quality: rubbish in, rubbish out
•
How to make sense of all this data?
•
Data needs to be organised:
Linkage
• Incident reports, internal or external, and risk indicators should be mapped to risks, which in
turns link to processes.
• Business RCSAs should be undertaken on those same risks with reference to this risk data.
• With these links in place, it is easier to identify when risks are changing. Incidents are no
longer a series of errors but points to inefficient processes and prompt the re-assessment of
risks. Risk indicators breaches no longer need to be assessed in isolation.
4
Making Sense of Operational Risk Data
Data linkage
Assessment of risks
Risk and control
library
External events
Risk Indicators
Internal loss/events
Issues and actions
5
External Data
• Where do we get it from?
• How do we know it’s reliable?
• What do we use it for?
• How do we make it relevant to our business?
• How do we make sense of it?
– Sometimes v big numbers……
6
Making Sense of Operational Risk Data
Aggregation
•
Once data is organised by linking to the Risk and Control Library, it helps identifying the
areas of concerns and change. But this is not the full answer.
•
Linkage is not fully efficient without classification and aggregation.
Categorisation and aggregation
Risks should be aggregated across business areas and into risk categories such as top/key
risks.
There are many ways, from the simplest to the more complex, to aggregate risks.
•
Average or median sub-risk
•
Weighted average of sub-risks
•
Highest risk materiality (combination of impact and probability) across sub-risks
•
Addition of risk materialities
7
Making Sense of Operational Risk Data
Data linkage and aggregation
Risk Profile
Classification and
aggregation
Assessment of risks
Risk and control
library
External events
Risk Indicators
Internal loss/events
Issues and actions
8
Making Sense of Operational Risk Data
The path to ‘’enlightenment’’
•
•
•
Data
collection
Quality
checking
Organise &
Manage
Requirements
Support and control
Risk and control
taxonomy
Needs to be timely;
Needs to be
accurate;
Needs to be
appropriately
recorded.
•
•
•
•
Usage test – can it be used?
Provide guidelines and
examples (what good data
looks like)
Provide regular training
Audit the quality of data
periodically or regularly (e.g.
loss/event report sign-off)
•
•
•
Relevant to the business
Rigorously enforced
Used to categorise all risk
data
Analysis and
recommendations
Reporting
•
•
•
•
•
Risk System
•
•
•
•
•
Insight/
Knowledge
Information
Forms and templates ensure consistent reporting
Data input validation improves data completeness and accuracy
Approval workflow enables audit and oversight
Libraries and taxonomies ensure consistent classification
Reminders and calendars improves timeliness
Accuracy
Timeliness
Relevant content
Configurability
Trend Analysis
•
•
•
•
Forward looking
Improved decision making
Provide assurance that risks are
being identified and managed
efficiently
Direct resources to areas of
highest risk / Prioritise efforts
Aggregation and
skills
To unlock the full potential of
operational risk data, the key
is:
• Classification and
aggregation; and
• Business knowledge and
risk experience.
9