25.5 Miscellaneous

Various different miscellaneous topics

25.5.1 Agency Theory Perespective

Incentives of managers and u/w-ers of the firm are not always aligned with shareholders

Understand the misalignment rather than try to fund for this op risk:

  • Giving management equity stakes \(\xrightarrow{\text{Caveat}}\) Manager too aggressive taking on more risk

  • Equity is a large portion of management’s net worth \(\xrightarrow{\text{Caveat}}\) Too risk adverse

  • Production incentives for u/w-ers \(\xrightarrow{\text{Caveat}}\) Sloppy u/w-ing or mispricing

Key is to be aware of the problems and monitor results

  • Have independent board members in this process

25.5.2 Operational Risk Management in Banking and Manufacturing

Op-risks that are common to all business:

  • Pension funding

    • Both financial and HR component

    • Quantifiable: Models that incorporate financial risk and firm demographics

  • IT failure:

    • Hardware or software failure, viruses and internet attacks

    • Need contingency planning

    • Quantifiable

  • Other HR risks (loss of important staff, misdesign of comp program)

    • Loss of key staff (Could be due to misdesign of compensation program)

    • Employee liability, fraud, inadequate training, incompetence

    • Identification and control are more important

  • Reputation risk

    • Damaged from product tampering, bad press, off-hours behavior of key employees

    • Identification and control are more important

  • Lawsuits

    • Business practices can be misinterpreted or reinterpreted

    • Corporate culture makes a different

    • Monitoring is important, funding can be useful too

25.5.3 Control Self-Assessment (CSA)

Definition 25.3 (Control Self-Assessment) A process through which internal control effectiveness is examined and assessed

  • Objective: Provide reasonable assurance that all business objectives will be met

  • From Institute of Internal Auditors

Objectives of internal control

  • Reliability and integrity of information

  • Compliance with policies, laws and regulations

  • Safeguarding assets

  • Economical and efficient use of resources

  • Accomplishment of objectives and goals for operations or programs

25.5.4 Key Risk Indications (KRIs)

Definition 25.4 (KRIs) Broad category of measures that monitor the activities and status of the control environment of an operational risk category

  • Measured frequently (e.g. daily)

  • Have threshold that lead to escalation

  • Purpose: Keep the risk management process dynamic and risk profiles current

  • Forward looking, leading indicators of risk

KRIs examples

  • Production: retention ratio, rate/exposure

  • Internal controls: audit results and frequency

  • Staffing: turnover rate, premium/employee, training budget

  • Claims: frequency, severity

25.5.5 Six Sigma

Tolerances for output quality of \(\pm 3 \sigma\) (born out of manufacturing)

Provides framework for:

  • Process redesign

  • Project management

  • Customer feedback gathering

  • Internal communication

  • Design trade-offs

  • Documentation

  • Control plans

Application:

  1. Existing process improvement

  2. Predictive design

Value proposition:

  • Useful in high volume processing

  • Help identify and eliminate chronic process issues such as:

    • Inefficiencies, errors, overlaps, gaps in communication and coordination

Insurance example:

  • U/w-ing: exposure data verification, exposure data capture, classification

  • Claims: coverage verification, ALAE, use of outside counsel, initial case reserve setting

  • Reinsurance: treaty claim reporting, coverage verification, reinsurance recoverable, LoC, collateralization

25.5.6 Operational Risk Modeling

Operational risk manager needs to decide if risk should be transferred or retained

Based on insurance portfolio risk management, steps for operational risk portfolio management:

  1. Identify exposure base for each risk source (premium, headcount, payroll)

  2. Measure the exposure level for each BU and each op-risk source

  3. Estimate the loss potential per exposure for each op-risk

  4. Step 2 + 3 = loss freq and sev distribution for each BU

  5. Estimate the impact of mitigation, process improvements, or risk transfer

    • This step requires significant expert opinion as there are no significant amount of loss data both before and after

Challenge is the lack of data available or they are recorded in an uncoordinated manner

  • Worthwhile to begin to collect data