14 Feb Integrated operational Risk Management in financial institutions
An integral operational Risk Management System works by controlling the access and actions of personnel, IT systems, all physical and logical points of access to risk factors and communication with third parties. Furthermore, it should also control the changes that take place over time, including access points, employee access, procedures and management regulations.
Fulfilling these objectives could prove laborious, but applying a suitable methodology with an intelligent Business Process Management Suite could offer:
- Optimal context for Risk Assessment, i.e., its identification, analysis and evaluation in relation to the organization’s activities, processes and products.
- Optimal context for Risk Treatment of the risks that have been analyzed and evaluated.
- A powerful workflow for global Communication between process users, with approval circuits, etc.
- Permanent Monitoring and Review of the magnitudes that take part in the risks, including the automatic control of critical factors, and the generation of the corresponding reports.
AuraPortal provides solutions to:
- Develop a solid strategy for the management and reduction of operational risks, adapted to the chosen regulations and standards: ISO 31000 and ISO/IEC 27000 and/or UNE-ISO/IEC 17799 (in general, good practices to securely manage information), etc.
- Evaluate using the three methods suggested in Basel II/III: Basic indicator, standardized or advanced measurement.
- Automate workflows.
AuraPortal covers both aspects of Risk Management:
- The administration of the Risk Management systems. The creation and modification of documents and procedures, the control of risk elements, measurements and routine checks, preventative controls, change control, audits, meetings, training, etc.
- The entity’s operational processes. These are the most important and effective processes as they are integrated with other productive and administrative activities performed in the company, i.e. they do not function independently.
In effect, by designing the company’s different work processes, the strategy and risk precepts will already have been taken into account, including the tasks which need to be performed for its compliance. It will also include all relevant Business Rules, both textual (instructions in tasks performed by people) and automatic (tasks performed by the system without any human intervention).
Thus, at the appropriate time, the correct actions will be executed automatically, hereby ensuring strict compliance and with the consequent reduction of labor (cost ) and response times.
With AuraPortal regulatory compliance is guaranteed.