Aspects of a Comprehensive Risk Identification Framework

Businesses execute their strategic plans in an environment of risk and uncertainty. Accordingly, firms design an enterprise risk management framework to ensure that risk or uncertainty is identified, measured, monitored, controlled, and reported properly. This framework helps management pursue its strategy and decision making confidently and sustainably.

The core of the enterprise risk management framework is a risk identification framework. Once a firm sets its strategy and identifies the associated risks, only then can it begin the work of incorporating the risks and uncertainties into its capital and liquidity planning processes and putting in place the risk appetite on which it will base its strategy.

A robust risk identification framework ensures that the firm’s risk inventory is comprehensive, inclusive, and dynamic.

The risk inventory’s comprehensiveness is evidenced by the degree to which:

  • It spans all risk categories and lines of business.
  • It covers on-and-off-balance sheet risks.
  • It identifies risks appearing in business under usual environments as well as stress environments.

The risk inventory’s inclusiveness is evidenced by:

  • Multiple layers of review.
  • Input from subject-matter experts in the first and second lines of defense.
  • Integration of input from senior management.

The dynamic nature of the risk inventory is evidenced by:

  • Responsiveness and ability to reflect changes in the business environment over the course of the year.
  • Timeliness ensured by conducting top-down risk surveys at least quarterly (surveys include both current and emerging risks).
  • Scoring and ranking risks in order to monitor trends and developments in the risk inventory.

Strong risk identification frameworks have strong governance processes documented in policy and applied through multiple levels of oversight, including subcommittee approval of bottom-up risk inventories and the senior management risk committee’s approval of the complete risk inventory.

Finally, evidence of the risk inventory’s use in other key business processes, including risk appetite setting, risk monitoring, control design, risk reporting, and capital planning, is the true litmus test of an effective and meaningful risk identification framework.

The above is based on an excerpt from The RMA Journal, December 2016 – January 2017 article “Sound Practices in the Development of Risk Identification Frameworks” by Jim Lentino, director of corporate risk management for Discover Financial Services, and Arindam Majumdar, senior ERM program manager for Bank of the Ozarks in Little Rock, Arkansas. You can read the article in its entirety here.

Washington – The Week Ahead, September 25–29, 2017

Read More

Equifax Data Breach and its Consequences

Read More

Data Governance

Read More

comments powered by Disqus