What happens after such a report has been generated? First. the centralized operational
risk management group (ORMG) reviews the assessment results with senior
business unit management and key officers in order to finalize the proposed operational
risk rating. Key officers include those with responsibility for the management
and control of operational activities (such as internal audit, compliance, IT, human
resources, etc.). Second, ORMG can present its recommended rating to an operational
risk rating review committee – a process similar that followed by credit rating agencies
such as Standard & Poors. The operational risk committee comments on the ratings
prior to publication. ORMG may clarify or amend its original assessment based on
feedback from the committee.
The perational risk committee reviews the individual risk assessments to ensure
that the framework has been consistently applied across businesses. The committee
should have representation from business management, audit, functional areas, and
chaired by risk management. Risk management retains the right to veto.
Hiç yorum yok:
Yorum Gönder