Featured Pathways

More pathways

Banking Essentials - Part I

This pathway will walk us through the basics of banks, starting with some of the different types and their main functions, then starting to look at the regulation faced by the banks, both before and after the Global Financial Crisis.

Greenwashing

Greenwashing is the act of distributing false information about something being more environmentally friendly than it actually is.

More pathways

Book a demo

Pricing

Ready to get started?

Plans & Membership

Our Platform

Expert led content

+1,000 expert presented, on-demand video modules

Learning analytics

Keep track of learning progress with our comprehensive data

Interactive learning

Engage with our video hotspots and knowledge check-ins

Testing & certification

Gain CPD / CPE credits and professional certification

Managed learning

Build, scale and manage your organisation’s learning

Integrations

Connect Finance Unlocked to your current platform

Featured Content

More featured content

Tackling the Cost of Living Crisis

In this video, Max discusses the cost-of-living crisis currently enveloping the UK. He examines its impact on households as well as the overall economy.

CSR and Sustainability in Financial Services

In the first video of this two-part video series, Elisa introduces us to sustainability. She begins by looking at the difference between sustainability and corporate social responsibility, two terms that can be easily confused.

More featured content

Book a demo

Pricing

Ready to get started?

Featured Pathways

More pathways

Banking Essentials - Part I

This pathway will walk us through the basics of banks, starting with some of the different types and their main functions, then starting to look at the regulation faced by the banks, both before and after the Global Financial Crisis.

Greenwashing

Greenwashing is the act of distributing false information about something being more environmentally friendly than it actually is.

More pathways

Book a demo

Pricing

Ready to get started?

Plans & Membership

Our Platform

Expert led content

+1,000 expert presented, on-demand video modules

Learning analytics

Keep track of learning progress with our comprehensive data

Interactive learning

Engage with our video hotspots and knowledge check-ins

Testing & certification

Gain CPD / CPE credits and professional certification

Managed learning

Build, scale and manage your organisation’s learning

Integrations

Connect Finance Unlocked to your current platform

Featured Content

More featured content

Tackling the Cost of Living Crisis

In this video, Max discusses the cost-of-living crisis currently enveloping the UK. He examines its impact on households as well as the overall economy.

CSR and Sustainability in Financial Services

In the first video of this two-part video series, Elisa introduces us to sustainability. She begins by looking at the difference between sustainability and corporate social responsibility, two terms that can be easily confused.

More featured content

Book a demo

Pricing

Ready to get started?

Book a demo

Pricing

Ready to get started?

Operational Risk Evaluation and Response

Operational Risk Evaluation and Response

Paul Rosen

Operational Risk

In the previous videos, Paul Rosen explained how risk appetite and identification allows us to document the processes and risks. In this video, he covers how to evaluate these risks.

In the previous videos, Paul Rosen explained how risk appetite and identification allows us to document the processes and risks. In this video, he covers how to evaluate these risks.

Subscribe to watch

Access this and all of the content on our platform by signing up for a 7-day free trial.

Operational Risk Evaluation and Response

8 mins 40 secs

Overview

Risk evaluation allows us to start to plan risk acceptance, risk remediation or other strategies and management and staff responsible for identifying and managing risk as it is a 1st line of defence activity.

Key learning objectives:

  • Understand the main concepts and risk types within risk evaluation

  • Understand what are controls and how they help managing operational risk

  • Understand how risk evaluation process is applied in practice

Subscribe to watch

Access this and all of the content on our platform by signing up for a 7-day free trial.

Summary

What are the two risk types?

The two key risk types within risk evaluation;

  • Inherent risk - risks that exist before applying the controls in the process
  • Residual risk – risks that exist after evaluating the adequacy and effectiveness of controls

In risk evaluation, the main goal is to know how large an impact can be and how often it is expected to occur. This allows prioritisation of controls. Data such as past losses and industry loss data are used as backward-looking tools while evaluating risks whilst qualitative judgement is used for forward-looking analysis. Process owners working with their risk and control teams assess the inherent and residual risk.

Illustrating inherent risk in different situations

The inherent risk of theft in the processes at a cash centre is mostly higher than the same risk for branch processes as the large sums of cash in the cash centre are a higher impact than the smaller amounts held in branches. The type of controls in each environment need to be looked at. For both these situations, the risk appetite will be the same however the number of controls required to achieve an appropriate residual risk position may be more or less onerous depending on the activity.

In a bank, we can also see this in terms of the inherent risk of market abuse in a banking book vs. a trading book. Management needs to take assurance that the transformed position (from inherent risk to residual risk) is accurate.

What are controls and how can we have assurance over controls?

Controls are steps that should reduce risk or the activities that prevent or detect errors and they form a key part of the overall ORM framework and are supported by policies. When effective, controls can prevent errors or detect problems when they do occur. To determine whether a control works we need two steps:

  • Assess the adequacy of the control
  • Test the effectiveness

These two steps are widely understood across nearly all ORM frameworks and also align to requirements of the Sarbanes-Oxley Act and external audit practice. There is a deep need to have alignment across the lines of defence and external assurance providers. It is at the control testing stage where divergence can most often be seen and unless clearly rationalised, inefficiency, duplication and wasted resources may occur.

What can go wrong with the risk evaluation process?

Consider the following scenario:

  • Management is accountable for implementing the control framework
  • Management designates a team to be accountable for testing controls, but as this team reports through the first line, they themselves are the first line of defence.
  • Those who provide oversight are the second line of defence and have a mandate to sample control activity to their own view of risk, guided, but not linked to management’s RCSAs
  • Internal Audit, which provides independent review and challenge, may or may not test controls in the pursuit of their audits, which will often have a different ‘audit universe’ of risks than management’s RCSAs
  • External Audit, which reviews the Financial Statements and potentially attests to compliance with Section 404 of the Sarbanes-Oxley Act may or may not use management controls and may or may not place reliance on the work of management control testing teams

The business is potentially subject to four separate assurance providers with different agendas, testing the same things across different periods, for different purposes.

Subscribe to watch

Access this and all of the content on our platform by signing up for a 7-day free trial.

Paul Rosen

Paul Rosen

Paul Rosen is responsible for the First Line of Defence, Front Office Regulatory Advisory and Operational Resilience at NatWest. He previously worked in the Williams & Glyn divestment from the Royal Bank of Scotland. He is a fellow of the Institute of Chartered Accountants in England & Wales and a member of the Association of Corporate Treasurers.

There are no available videos from "Paul Rosen"