Risk & Uncertainty
|
Term
|
Meaning
|
|
Risk
|
Measurable chance
of loss; probability can be estimated/calculated.
|
|
Example: Credit default risk, market risk.
|
|
Uncertainty
|
Unmeasurable chance
of loss; no clear probability or historical data.
|
|
Example: Sudden regulatory changes, natural disasters, war.
|
Key Difference: Risk can
be predicted and managed; uncertainty is unpredictable and harder to manage.
Risk Types in the Financial Sector
|
Risk Type
|
Description
|
|
Credit Risk
|
Risk of
borrower defaulting
on loan repayment.
|
|
Market Risk
|
Loss due to
changes in market prices
(e.g., interest rate, forex, stock).
|
|
Liquidity Risk
|
Inability to
meet short-term obligations
due to lack of cash/funds.
|
|
Operational Risk
|
Loss due to
failed internal processes, people, or systems (human error, fraud).
|
|
Legal/Compliance Risk
|
Risk from
violation of laws/regulations; penalties, lawsuits.
|
|
Reputational Risk
|
Risk of
damage to brand/trust
due to scandals, poor service, etc.
|
|
Systemic Risk
|
Risk of
entire financial system collapse
(e.g., 2008 financial crisis).
|
|
Interest Rate Risk
|
Loss from
fluctuations in interest rates, affecting loans, bonds.
|
Operational Risk Management (ORM)
Operational Risk = "Risk of loss due to failed internal processes,
people, systems, or external events."
Recruitment & Training (for Risk Control)
|
Component
|
Explanation
|
|
Skilled Recruitment
|
Hiring qualified staff reduces error/fraud risk.
|
|
Background Checks
|
Prevents hiring of untrustworthy/inexperienced personnel.
|
|
Risk Awareness Training
|
Staff trained to
identify, report, and manage risks.
|
|
Continuous Learning
|
Regular updates on compliance, technology, and security protocols.
|
|
Compliance Training
|
Ensures staff follow rules, policies, and ethical standards.
|
Work Flow Design
|
Term
|
Explanation
|
|
Efficient Workflow
|
Step-by-step logical design of tasks to avoid confusion or
duplication.
|
|
Segregation of Duties
|
Different people handle different stages to prevent fraud/error.
|
|
Control Points
|
Checks or authorizations added to reduce risk.
|
|
Automation
|
Using software to reduce manual errors and improve speed/security.
|
|
Backup Systems
|
Alternate processes if system/staff fail (contingency planning).
|
Work Flow Documentation
|
Purpose
|
Details
|
|
Process Manuals
|
Written guidelines for each task/process to ensure consistency.
|
|
Audit Trails
|
Records of who did what and when, for
accountability and review.
|
|
Risk Logs/Registers
|
Documentation of identified risks, impact, and mitigation measures.
|
|
Compliance Records
|
Ensures regulatory rules are followed; helps in inspections/audits.
|
|
Standard Operating Procedures (SOPs)
|
Clear, step-by-step instructions for routine tasks.
|
Summary Table: Operational Risk Controls
|
Aspect
|
Risk Control Measure
|
|
Recruitment
|
Hire skilled staff, background checks, role clarity
|
|
Training
|
Risk awareness, compliance, regular updates
|
|
Workflow Design
|
Segregation of duties, automation, control points
|
|
Documentation
|
SOPs, audit trails, risk logs, process manuals
|
Delegation of Authority
|
Term
|
Explanation
|
|
Definition
|
Process of
authorizing subordinates
to make decisions or perform tasks.
|
|
Objective
|
Ensures
efficient decision-making, proper control, and accountability.
|
|
Authority Levels
|
Clearly defined
approval powers
(e.g., who can approve loans, expenses).
|
|
Documented in
|
Delegation of Authority (DoA) Matrix or Policy.
|
|
Example
|
Branch Manager can approve loans up to ₹10 lakh; above this,
zonal office.
|
|
Benefits
|
✔ Faster workflow ✔ Empowered employees ✔ Accountability ✔
Control over risks.
|
Key Point:
Delegation must be
controlled and monitored
to prevent misuse or fraud.
Independent Internal Audit
|
Term
|
Explanation
|
|
Definition
|
A
separate audit team
within the organization evaluates processes, risks, and
controls.
|
|
Independence
|
Reports directly to
Board or Audit Committee, not to management.
|
|
Objective
|
✔ Identify weaknesses ✔ Improve controls ✔ Ensure policy
compliance ✔ Detect fraud.
|
|
Functions
|
• Auditing transactions/processes • Risk assessment • Suggest
improvements
|
|
Frequency
|
Regular audits
(monthly, quarterly) or
surprise audits.
|
|
Audit Reports
|
Detailed reports with
findings, risk ratings, and corrective action plans.
|
Importance: Helps management and stakeholders to ensure
transparency and accountability.
Independent Compliance Function
|
Term
|
Explanation
|
|
Definition
|
A
dedicated team/function
to ensure the company complies with
laws, regulations, and internal policies.
|
|
Independence
|
Reports directly to
Board or Compliance Head, not operational teams.
|
|
Responsibilities
|
✔ Monitor regulatory changes ✔ Ensure implementation ✔ File
compliance reports
|
|
Key Areas Monitored
|
KYC norms, Anti-Money Laundering (AML), RBI/SEBI rules, tax
laws, company laws.
|
|
Tools Used
|
Compliance checklists, reporting software, regulatory
dashboards.
|
|
Importance
|
Prevents
legal penalties, reputational damage, and financial
loss.
|
Compliance Culture:
Ensures employees
understand and follow rules, reducing legal and operational risks.
Summary Table
|
Component
|
Purpose
|
Outcome
|
|
Delegation of Authority
|
Efficient task/decision distribution
|
Faster decisions, better control
|
|
Internal Audit
|
Risk & control evaluation
|
Fraud detection, process improvement
|
|
Compliance Function
|
Regulatory and policy compliance
|
Avoid legal risk, ensure ethics
|
Independent Risk Management Function
|
Definition
|
A
dedicated team/function
responsible for identifying, assessing, monitoring, and
controlling all risks.
|
|
Independence
|
Reports directly to
Board/Risk Committee, separate from business/operations.
|
|
Key Responsibilities
|
✔ Set risk limits ✔ Monitor risk exposures ✔ Identify
new/emerging risks ✔ Report to top management
|
|
Covered Risks
|
Credit Risk, Market Risk, Operational Risk, Liquidity Risk,
Compliance Risk, Reputational Risk
|
|
Tools Used
|
Risk Registers, Risk Dashboards, Risk Models, Stress Testing
|
|
Goal
|
Ensure risks are within acceptable limits; avoid financial
loss and reputational damage
|
System Audit
|
Definition
|
An audit of
IT systems, software, networks, and data security
to assess risks and controls.
|
|
Purpose
|
✔ Check data integrity ✔ Prevent cyber risks ✔ Ensure
business continuity ✔ Review IT governance
|
|
Scope
|
Hardware, software, databases, cybersecurity, data privacy,
IT policies
|
|
Who Conducts It?
|
Internal IT Audit team or external certified system auditors
(e.g., CISA professionals)
|
|
Importance
|
Prevents
data breaches, cyber attacks, ensures compliance with IT-related laws/regulations
|
Corporate Governance
|
Definition
|
System of
rules, practices, and processes
by which a company is directed and controlled.
|
|
Key Elements
|
✔ Board of Directors ✔ Shareholder Rights ✔ Ethical
Management ✔ Transparency ✔ Accountability
|
|
Objectives
|
✔ Protect stakeholders ✔ Ensure ethical behavior ✔ Prevent
fraud ✔ Improve reputation and investor trust
|
|
Governance Mechanisms
|
Independent Board, Audit Committee, Risk Committee,
Disclosure Policies, Whistle Blower Mechanism
|
|
Importance
|
Promotes
long-term sustainability
and regulatory compliance
|
Whistle Blower Policy
|
Definition
|
Policy that
encourages employees/stakeholders to report unethical or
illegal activities confidentially.
|
|
Protection Offered
|
Whistleblowers are
protected from retaliation
(e.g., firing, harassment)
|
|
Reporting Channels
|
Email, Hotline, Third-party portals, Direct to Board/Audit
Committee
|
|
Covered Issues
|
Fraud, Corruption, Harassment, Bribery, Insider Trading,
Legal Violations
|
|
Objective
|
Promote
ethical culture, early detection of wrongdoing, and legal compliance
|
|
Legal Backing
|
Supported by laws in many countries (e.g.,
Companies Act, 2013
in India mandates a whistle blower policy)
|
Risk Management Culture
|
Definition
|
Organization-wide
awareness, attitudes, and behaviors
towards identifying and managing risks.
|
|
Key Features
|
✔ Open communication ✔ Proactive risk identification ✔
Accountability at all levels ✔ Training
|
|
Driven By
|
Top Management/Board commitment, Policies, Regular training,
Recognition of good risk management
|
|
Importance
|
✔ Reduces losses ✔ Enhances decision-making ✔ Improves
resilience ✔ Builds stakeholder trust
|
|
Building Risk Culture
|
Include
risk in performance metrics, conduct
regular drills, reward
risk-aware behavior
|
Summary Table
|
Concept
|
Focus Area
|
Key Benefit
|
|
Independent Risk Function
|
Monitoring risk independently
|
Balanced risk-return, reduced losses
|
|
System Audit
|
Review of IT systems & security
|
Data protection, business continuity
|
|
Corporate Governance
|
Ethical & transparent business practices
|
Stakeholder confidence, sustainability
|
|
Whistle Blower Policy
|
Reporting misconduct safely
|
Ethical culture, fraud detection
|
|
Risk Management Culture
|
Risk awareness at all levels
|
Proactive risk control, stronger organization
|
