Page 57 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 57

Unit 4: Risk Analysis




             Banks need to employ the quantitative approaches like Internal Measurement Approach  Notes
             (IMA) or Loss distribution Approach (LDA) or Balance Scorecard Approach (BSA) for
             adopting AMA. All AMA approaches compute the expected and unexpected loss. The most
             significant aspect for a bank to graduate from Basic Indicator Approach (BIA) to Advanced
             Measurement  Approach (AMA) is the  potential benefit  of less  capital allocation  for
             operational  risk.
             As op-risk involves failures during operations in daily business, the key steps in op-risk
             management involve improving internal control environment, designing and developing
             procedures to implementing the risk management processes and employing risk transfer
             techniques, such as insurance, to mitigate the loss arising from operational risk. Credit
             rating agencies have started rating banks based on their risk control and management
             frameworks. Investor awareness has also increased to the extent that banks with robust
             risk management frameworks are able to attract strategic investments with less effort.

             Given the known benefits of implementing the provisions of the Basel II accord, banks
             should prioritise their strategy towards op-risk management. A constructive approach in
             this direction could be to automate the suggested five-step approach and, as a first step, to
             start developing a loss event database.

          Source:  http://www.thehindubusinessline.in/2006/01/19/stories/2006011900991000.htm

          4.5 Summary

              Risk is virtually anything that threatens or limits the ability of an organization to achieve
               its mission.
              Risk management is a process to identify and then manage threats which could severely
               impact or bring down the organization.

              Successful risk management needs the involvement  of all  levels of  employers of  an
               organization.

              To successfully manage their risk in the future, organizations need to develop an enterprise-
               wide risk management framework.
              Organizations should regularly undertake comprehensive, focused assessment of potential
               risks to the organization. This focused assessment should occur at least twice a year by a
               team of staff members representing all the major functions of the organization.
              The purpose of a risk assessment is to help management create appropriate strategies and
               controls for stewardship of information assets.
              Risk acceptance is also known by the name of risk retention. It is simply accepting the
               identified risk without taking any measures to prevent loss or the probability of the risk
               happening.

              Risk avoidance  is a business strategy in which certain classes of activities or business
               processes are  not undertaken  because the  risks are  too high  to justify  the return  on
               investment.

              Risk reduction reduces the potential loss associated with that risk.

          4.6 Keywords

          Control: Any kind of counter measure that becomes fairly automated and meets the expectations
          of upper management is called a control.




                                           LOVELY PROFESSIONAL UNIVERSITY                                   51
   52   53   54   55   56   57   58   59   60   61   62