Most organisations currently rely on 'soft' subjective op risk data such as self assessments. But objective measurements reflect a truer picture of risk. Using primary research, this practical report demonstrates how you can use 'hard' data to improve your operational risk measurement.

Robert Scott Levine tackles this data challenge based on in-depth knowledge gained as an experienced auditor, fraud examiner, data security manager and risk systems implementer. The core focus of the report is on how you can plan, implement and manage the available data sources for improved operational risk management. It also shows you how to maximise the rich internal and external data sources that are often overlooked.

The practical examples given throughout the report clearly demonstrate the business benefits of operational risk management, beyond just the need for regulatory compliance. It also looks at the techniques that you can automate to produce early warning operational risk indicators.

Highly recommended for operational risk practitioners, auditors, examiners and compliance staff who will benefit from learning how to pull in the right operational data and how to automate the collection, cleansing, aggregation, correlation and analysis processes to do your job more effectively.

1: Introduction and Challenges
What is Operational Risk?
Processes and controls
Definition of Operational Risk
Operational Risk versus Other Risk Types
Managing Operational Risk
Operational Risk Measurement
Why a Data-Driven Approach?
Challenges in the Data-Driven Approach

2: Operational Risks and Drivers
Why ORM?
Risk and Loss Categories
Risk-Type Classification - A Summary

3: Approaches to Operational Risk Management
The Operational Risk Lifecycle
Risk Factors
Risk Assessment Tools and Measurement Approaches
Losses and Loss Distributions
Impact Data
Use of Capital
Use of Insurance
Active Operational Risk Management
Loss Prevention
Summary of Methods

4: Internal Incident Data Sources for Bottom-Up Operational Risk Measurement
Internal Data
External Data
Challenges with both Internal and External Data
Summary of Data Sources
Wrap-up

5: External Incident Data Sources for Operational Risk Measurement
Scaling
Types of External Loss Data
Examples of External Data Services
Reputational Risk
Summary

6: The Operational Risk Management System
Overall Environment
Perform Assessments
Assess Risks
Testing of Controls
Action Tracking
Track Events and Losses
Process Description, Mapping, and Redesign
Risk Assessment Hierarchy
Risk and Control Data Capture and Management
Document Management
Risk Engine
Events and Losses
The Risk View and Reporting Capability
Administration and Technical Requirements
Operational Risk Data Model Entities
Operational Risk Data Entities
Operational Risk Software Vendors

7: Integration Challenges and Processes
The Implementation Process
Integration Challenges
Using External Data to Compensate for Missing Internal Data
Aggregation
Different Modelling Approaches
Tracking Losses
Summary

8: Designing and Maintaining Data Cleansing, Improvement and Quality Processes
The Need for Data Quality
Definition of Data Quality
The Starting Point
The Quality Management Process
Data Quality Objectives
How Data Quality Can Be Maintained
Standardisation
Technical Design
Data Cleansing and Validation Rules
Operational Data Validation
Reconciliations
Monitoring Job Exceptions
Summary

9: Operational Risk Standards and Metrics
Why Standards?
Operational Risk Indicators
Industry-Wide Risk Indicator Initiatives
Process Mapping, Control Identification and Metrics
Risk Identifier Development
Metrics
Metric Types
Determining the Quality of Metrics
Challenges with Using Metrics
Metrics and Risk Proxies
Metrics and Business Process Outsourcing
Summary

10: Enhanced Operational Risk Analysis and Reporting
Operational Risk Reporting Areas
Summary

11: Conclusion

NB - This table of contents is provisional until final publication of the book. Small changes to chapter titles and order may occur.

Before becoming a consultant Robert Scott Levine was a Vice President in charge of information protection at Bank of Tokyo-Mitsubishi North America. Prior to that he has worked with risk, trading, and financial systems design, control, and implementation at Reuters Limited in New York, London, and Tel Aviv. Robert has also held audit management and senior staff positions at Deutsche Bank North America, Barclays Bank Plc, and other large financial institutions. Robert publishes widely in business and technology journals. His current research interests include operational risk data sources, risk management in personal finance, and early warning indicators. Robert Levine holds an MBA from Baruch College, City University of New York, a BS from New York University, and is completing a doctorate in finance.