Chapter 5

Risk Identification

Learning objectives

After studying this chapter, you should be able to:

1 Understand what a risk self-assessment (RSA) and a risk and control self-assessment (RCSA) are and how they help banks manage operational risk

2 Outline ways in which risk factors can be categorised, such as by location of impact, source of risk, control responsibility, cost account, and convention and place these categories within the Basel II risk matrix

3 Explain why business line mapping is important for banks and outline the eight general business lines that the BCBS recommends mapping

Introduction

Controlling operational risk requires, as we discussed earlier, both identifying it and measuring it. This is not always straightforward but more than a decade of exploration and greater awareness of operational risk have made it possible to develop a comprehensive tool kit for the management and control of operational risk. But where does operational risk fit within the grand scheme of a bank’s operations? More to the point, where do specific loss events fit in within the process of managing operational risk?

As we discussed in the previous chapter, banks typically analyse and identify the operational risk factors they face using a number of methods, including a risk and control self-assessment (RCSA), which is a thorough look at the current status of operations and the exposures in segment based on careful consideration of such elements as key risk indicators (KRIs) and the ...