Thursday 4 April 2013

Operational Risk

There are variety of ways to define operational risk. One can find different definitions in different books and over internet. I will quote some of the most common and authentic definitions here for you to have a better understanding. In simple terms "An operational risk is defined as a risk incurred by an organization's internal activities".

From an academic point of view "A form of risk that summarizes the risks a company or firm undertakes when it attempts to operate within a given field or industry. Operational risk is the risk that is not inherent in financial, systematic or market-wide risk. It is the risk remaining after determining financing and systematic risk, and includes risks resulting from breakdowns in internal procedures, people and systems. "

A most famous and widely used definition of operational risk is the one written in the Basel II regulations. Basel II is the second of the Basel Accords, (now extended and effectively superseded by Basel III), which include recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. The Basel II Committee defines operational risk as "The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events." However, for internal purposes organizations are permitted to adopt their own definition but they should have a minimum set of elements from the Committee's definition.

Basel II divides operational risk into seven different event type categories which are as follow:

  • Internal Fraud: Bribery, intentional mis-marking of positions, tax evasion and mishandling of assets
  • External Fraud Hacking damage, theft of information, forgery and third-party theft
  • Employment Practices and Workplace Safety: Workers compensation, discrimination, employee health and safety
  • Clients, Products and Business Practice: Account churning, fiduciary breaches, product defects, improper trade, antitrust and market manipulation
  • Damage to Physical Assets: Natural disasters, terrorism and vandalism
  • Business Disruption and Systems Failures: Hardware failures, software failures and Utility disruptions
  • Execution, Delivery and Process Management: Negligent loss of client assets, data entry errors, failed mandatory reporting and accounting errors

Today's class is over dear readers :). Now you can sit back and relax. I will discuss methods of operational risk management in the very next post. Stay in touch and keep visiting the Microcom IT's blog.

Tuesday 2 April 2013

Business Continuity Guidelines

"Guidelines are those procedures and activities which are recommended in a preset design plan. However depending upon the needs and requirements of the target business function, these items may or may not be performed, or may be altered during implementation."

Procedure:

British Standard 25999-2 and other standards provide a specification for implementing a business continuity management systems within an organization.

Business Impact Analysis (BIA):

The BIA can be used to identify extent and timescale of the impact on an organization. For example it can examine the effect of disruption on strategic, functional and operational activities of an organization. BIA can determine the effect of disruption on major business changeswhich include introducing new product or services. Most of the standards require that business impact analysis should be reviewed from time to time appropriately for each organization and whenever any of the following occur:

  • Major changes in the internal business location, process or technology
  • Major changes in the external business environment – i.e market

Security Management:

Security is the top priority in today's global business environment. Security is mandated by law, and conformance to those mandates is investigated regularly in the form of audits. If an organization fails to pass security audits, financial and management changes may impact upon an organization.

Documentation Management:

Complete and up-to-date documentation is the ultimate solution to ensure sustainable growth in business turnover or profit. In today's large information technology environment profit or business turnover has to be planned as part of the Business Continuity process. Documentation makes sure that new personnel have the information they need in order to become knowledgeable about business functions which they have to take care of.

Change Management:

Regulations require that changes to business functions must be documented and tracked for auditing purposes. This process is designated as "Change Control". This enhances the level of stability by requiring the support personnel to document and coordinate proposed changes to the underlying systems. As this process becomes more and more automated, the emphasis will be more upon regulatory compliance and less upon personnel control.

Audit Management:

Audit Management is the most time consuming activity in the field of information technology. Business functions should be designed to automatically generate documentation and information compliance with audit. This will in turn reduce cost and time consumption associated with manually producing such information.

Communication Systems:

Communication in the time of distress is the most crucial component of Business Continuity. The Disaster recovery team must be able to communicate effectively among themselves as well as with managers, directors, customers, partners, and even with the media.

Service Level Agreement (SLA):

SLA is an interface between the organization (which provides the service) and the client. SLA ensures that the organization continues to maintain a high level of service quality. The organization commits itself to providing that level which is normally given as a percentage out of 100. SLA is a written contract which engages the expectations of clients with regard to the availability of a necessary business function, and the deliverable that information technology provides in support of that business function.

This is it folks. There will be a new topic in the upcoming post. Keep visiting the Microcom IT's blog for more informative posts.