We develop the Risk and Control Library, which is a document that defines various processes, sub-processes, operational risk events and control types across all business lines. The Risk and Control Library:

  • Places risk in the context of business strategy and risk appetite
  • Establishes processes of risk assessment and measurement
  • Establishes processes and sub-processes within the Basel II defined business lines
  • Defines the various risk events across all Basel II defined risk types
  • Links the results to performance measures and shareholder value

We facilitate implementation of a self-assessment process for effective risk monitoring and improvement. The key elements in self-assessment include:
  • Defining and identifying the types of risks and the various risk events therein
  • Defining and identifying specific controls
  • Assessing and rating the controls
  • Assessing residual risk
  • Monitoring of risk events within each business line
  • Operational risk reporting and documentation