Conclusions
An integrated goal-congruent risk management process that puts all the elements
together, as illustrated in Figure 12.16, will open the door to optimal firm-wide
management of risk. ‘Integrated’ refers to the need to avoid a fragmented approach
to risk management – risk management is only as strong as the weakest link. ‘Goalcongruent’
refers to the need to ensure that policies and methodologies are consistent
with each other. Infrastructure includes having the right people, operations technology
and data to appropriately control risk.
One goal is to have an ‘apple-to-apple’ risk measurement scheme so that one can
compare risk across all products and aggregate risk at any level. The end product is
a best-practice management of risk that is also consistent with business strategies.
This is a ‘one firm, one view’ approach that also recognizes the complexity of each
business within the firm.
In this chapter we have stressed that operational risk should be managed as a
partnership among business units, infrastructure groups, corporate governance
units, internal audit and risk management. We should also mention the importance
of establishing a risk-aware business culture. Senior managers play a critical role
in establishing a corporate environment in which best-practice operational risk
management can flourish. Personnel will ultimately behave in a manner dependent
on how senior management rewards them.
Indeed, arguably the key single challenge for senior management is to harmonize
the behavior patterns of business units, infrastructure units, corporate governance
units, internal audit and risk management and create an environment in which all
sides ‘sink or swim’ together in terms of managing operational risk. 366