Policy document library covering amongst others
- ORM Policy
- Incident (Loss) Reporting Policy
- Risk Control & Self Assessment Policy
- Key Risk Indicator Policy
- Risk Acceptance Policy
- Lesson Learnt Policy
- BCM & DR Policy
- AML/CFT Policy
- New Product Approval
GSA to provide draft policies in line with international standards and customised to be organisation specific.
Incident Capture & Reporting
Major component of the assessment and measurement of Operational Risk is the timely notification, reporting and recording of OR events.
Organisations should embed process for the capture and identification of actual or near miss events.
A comprehensive event database is a fundamental requirement towards the eventual OR capital calculation methodology.
GSA assists institutions in the establishment of an incident reporting process to capture, categorize as per Basel 2 and thereafter analyze and report (per local requirements) through provision of templates and in-house database (ICATT).
Risk Control Self Assessment (RCSA)
A strong internal control environment is a cornerstone of risk management and therefore a robust Risk Control Self Assessment program is essential to determine control gaps and residual risks requiring proper mitigants and management action.
GSA provides a proven and structured methodology for the conducting of Risk Control Self Assessments (RCSA's) together with simple in-house developed tool (ICATT) to determine inherent and residual risk.
Key Risk Indicators (KRI)
An important objective of key risk indicators is to provide a measure of risk causes in addition to the effects of risk, so aiding robust risk management and enabling timely action.
Key risk indicators play an important role in:
- Risk management - namely:
- the ability of KRIs to predict potential 'risk hotspots' can help avoid or minimise losses;
- KRIs help identify process and/or control weaknesses and thus enable action to be taken to strengthen controls and resolve issues; and
- targets for KRIs can be set to drive behaviour and desired outcomes.
- Risk appetite setting - one of the methods to articulate risk appetite, particularly for operational related risk, is through the setting of tolerance and escalation levels for key risk indicators;
- Regulatory compliance - identification and management of KRIs is an area of regulatory focus; and
- Capital calculation - data from established KRIs can be used as one of the inputs into operational risk capital calculations.
GSA provides KRI specification sheet & generic KRI's and assists organisations in determining both firm wide and functional/business line specific sample KRI's
GSA provides templates for monthly, quarterly and annual reports for both strategic and tactile consideration by Senior and Line Management.
Risk Matrix (Scoring)
Establish a risk rating matrix to classify events' risk scoring with rating scale for likelihood & impact enabling determination of risk appetite .
Provide workshops with Senior Managers to identify and agree on risk scores criteria & thresholds.
GSA helps Board of Directors and Senior Managers review and approve risk appetite and tolerance levels for operational risk that determines the nature of operational risk the organization is willing to assume.
New Product Approval (NPA) is a change management process, and deals with the core requirements for initiating, reviewing and approving a new product, service or system.
The aim is to ensure that new business initiatives and changes to the institutions existing business are introduced in a controlled fashion with all critical information for product offerings assembled for review and approval.
It is a risk management process that ensures that changes are properly communicated and regulatory and control requirements fully met.
Organisations should be able to establish a NPA process which will ensure, among others, that:
- Functional groups are fully prepared to cope with the proposed new business
- All transactions are properly recorded in the relevant systems (i.e. transaction entry, settlement, finance and risk systems);
- P&L and risk exposure are monitored and reported according to firm-wide standards;
- Operational risks are mitigated/managed;
- Conflicts with existing businesses are identified and resolved and inter-entity linkages are defined;
- Reputational, legal, regulatory and tax risks are evaluated and communicated to the relevant body/individuals responsible for managing that risk; and
- The pace of new product growth is consistent with the pace of the Group's capacity to manage the associated risks.
GSA provides polices, procedures and templates for organizations to establish New Product Approval process either as a standalone function or integrated within Op Risk Management Committee.