Challenge
The client needed our experience to act as a sounding board for the internal reflection. Together, we would come to a concise, yet comprehensive repertoire of key controls related to the main causes of operational risk failures. These would come from processes, systems, people and external events.
We adopted a taxonomy that followed the main causes of operational risk and used the Basel categories as a starting point. Which the bank and its staff were already familiar with.
The project went smoothly because of the strong support from senior management and a real personal involvement of the CRO in the process.
Understanding the client
In every consulting project, understanding the client needs, its constrains and its objectives is an essential first step. We knew this particular client through other projects, so it was relatively simple to assess the speed and scope of the work they wanted to get done. As well as the time limit allocated for this mission.
Methodology
To come up with the most relevant categories, we used the history of the bank’s incidents, the results of their risk & control self-assessments, and input from the internal control team.
We then sat down with the team in brainstorming workshops to determine the different types of registers.
Reporting
Finally, we tested the relevance of the new taxonomy by recategorising the previous incidents to the updated risk categories. We tagged the controls that were in place and the causes of incidents to assess whether these were repeating causes. If so, this could signal a weakness in the risk mitigation environment.
The new comprehensive and structured CRIC taxonomy allowed the client to:
streamline its risk reporting;
increase the insights from the analysis of incidents;
establish systematic action plans to address any recurrent causes of operational incidents.
By improving their risk reporting process, the client achieved better results with less complexity.
