Lec 2 - Operational Risk Flashcards
(32 cards)
What are operational risks?
Operational risks represent losses arising from lapses of internal control, human errors & failures to adequately mange external events, such as economic downturns & new technology developments.
Reasons for Operational Risks?
- Failure to use appropriate risk metrics
- Ignored known risks
- Incorrect measurement of known risks
- Failure to identify & measure unknown risks
- Communication failures
- Monitoring & management lapses
- Failure to learn from the past
What is an example of failure to use appropriate risk metrics?
VaR is used for short-term but is it appropriate in long-traded investment markets like property?
What is meant by ignored known risks?
‘Too good to be true’ results ignored as long as bonuses are being realised - e.g. Barings Bank failure.
What is an example of incorrect measurement of known risks?
Mortgage default risks are well known, but the frequency & scale was grossly underestimated in the sub-prime/GFC.
What is meant by communication failures?
Upwards reporting may be slow, incomplete/distorted & result in boardroom inaction/audit failure - Thomas Cook bankruptcy 2019.
What are the responses to Operational Risk?
- Heavily trust-based financial firms now have to hold regulatory capital to mitigate operational risks & prevent reputational damage (e.g. Under Basel II/III Capital riles for banks)
- Internal & external audit risk assessments (particularly important in IT-dependent/opaque financial firms)
- Increased incidence/scope of (statutory/regulatory) line management audits.
- Increased operational risk awareness - e.g. Through training & education & adoption of ERM
- Insurance protection - e.g., of cyber security breaches & business disruption.
Why do organisations need internal controls?
- Maintain financial stability
- Successfully effect internal & external changes
- Safeguard assets
- Ensure compliance with regulations & laws
- Facilitate the ‘true & fair’ accounting of transactions
What flexible mix of control mechanisms achieve operational control?
- Controls over input, e.g. Human resources
- Controls over Processes, e.g. Systems, procedures and policies
- Controls over Output
What are examples of controls over processes?
- Management accounting
- Financial accounting
- Purchasing and sales systems
- Inspection schemes
○ Internal audits
○ External audit
○ Corporate governance
○ Regulators
What are examples of controls over output?
- Financial measures - e.g., profit margins, sales per head
- Non-financial measures - customer satisfaction scores, staff turnover, productivity per head
- Qualitative approaches - surveys, focus groups, market research.
What are the systems required for measurement against standard/target?
- Meaningful target/standard
- Method of gathering relevant data and information
- Method of comparing actual information to standard
- A means of initiating effective control
What does the approach for measuring against standard/target assume?
- We know what we want to control
- We can measure it
- We can set a target for it
- We can make comparison
- We can take appropriate corrective action
What are the 5 main standards against which performance can be compared?
- Previous time period (year-on-year)
- Similar organisations (peer group analysis)
- Estimates of future organisations performance - ex-ante
- Estimates of what might have been achieved - ex-post
- The performance necessary to achieve defined goals (growth, performance, output, etc.)
Problems with measurement using Key Performance Indicators (KPI’s)?
KPI’s are important should not be over emphasised as it can cause tunnel vision, where concentrating only on what is measured can detriment the rest of the business.
Problems with measurement: outcome-related performance indicators distort management behaviour:
- Sub-optimisation - e.g., budget constraints inhibit initiatives
- Myopia - e.g., short-term cuts at expense of long-term gains.
- Convergence - e.g., follow the ‘herd; rather than stand-out
- Gaming - e.g., manipulation of KPIs - e.g., to maximise payoffs under bonus plans
- Misrepresentation - e.g., in accounts to protect share price.
What is sub-optimisation?
Diverting attention from improvements to the method of measuring whether or not improvement has actually occurred.
What is Myopia?
Addressing short-term success at the expense of long-term investment.
What is convergence?
The desire to be ‘normal’ - blend into the crowd rather than innovate; effect is to lower everyone to the lowest common denominator.
What is gaming?
Strategic manipulation of measures to improve reported position.
What does the choice of control system depend on?
- Structure of the organisation
- Environmental conditions
- Culture present in the organisation
- Role of centre v subsidiaries in terms of decision making
- Established strategy being pursued
- Technology usage and dependency
Types of traditional accounting controls:
- Setting standard costs - calculation of variances as feedback against plan
- Capital investment appraisal techniques - NPV, IRR
- Costing methods and allocation of overheads - Absorption, marginal, activity-based, and life-cycle costing.
- Performance measurement - ROI, ROCE, EVA, TP, setting appropriate prices for internal transfer.
- Budgets and budgetary control - responsibility centres (cost, profit or investment centres)
- Manufacturing techniques - JIT, TQM
Dysfunctional behaviour caused by employee/stakeholder:
Employee/stakeholder acts in a non-beneficial way to the organisation i.e. Operational inefficiencies - TP
Dysfunctional behaviour in budgeting:
- Factor in more than is required (slack)
- Managers have a ‘use-it’ or ‘lose-it’ approach
- Budgets not set at a level to motivate - Too high/hard or too low/easy
- Smoothing (including provisions)
- Bias - offer good forecasts as opposed to realistic estimates.
