Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Governance & Risk Management at the Central Bank of Malta

advertisement 
Governance & Risk Management
at the
Central Bank of Malta
Banking & Finance Workshop
Anthony P Cortis
Director
Statistics & Risk Management Directorate
April 2012
Overview
What is governance
Risk management framework
2
Risk Management Philosophy
►
The Board of Directors is ultimately responsibility for
ensuring that the Bank’s risks are being properly identified,
monitored and controlled.
►
However the management of risks rest with the line managers
and is an integral part of the general day-to-day management
task.
►
The Bank supplements its risk management by employing an
active committee structure with participation which includes
members who are not directly responsible for the process. This
greatly improves the likelihood that all aspects (including any
risk element) of an issue or policy are adequately considered
before decisions are made.
4
Risk Management Framework
CORPORATE
GOVERNANCE
MONITOR AND
REPORT RISK
RECOGNISE AND
MANAGE RISK
Tone at the top
Board of Directors
Integrated Risk Management
Three
lines of
defence
model
Policy / Management Committee
Audit Committee
Heads / Directors
Risk Mgt Committee
1
2
3
functions
owning and
managing risks
on a day to day
basis
functions promoting
common risk
management
methodologies and
consolidating
risk reporting
functions
providing
independent
assurance on the
effectiveness of
the governance,
risk and control
environment
Line Management
Risk
Management
Internal
Audit
Governors
5
Organisational Structure
Governors
Director General
Financial Policy &
Special Projects
Financial Stability &
Information Systems
Directorate
Market Operations
Directorate
Financial Services
Directorate

Governors’
Office
Internal Audit
Dept
Economics &
Research Dept
Comm &
Legal Dept
EU & Int
Relationship
Dept
Corporate
Services
Directorate
Statistics & Risk
Management
Directorate
Strategy, Policy
& Risk
Management
Department
Organisational structures responsible for risk assessment, monitoring
and control (but not directly for risk management) are Internal Audit
Dept and Strategy, Policy & Risk Management Dept
6
Processes aimed at achieving better
risk management
Business
Process

Policies
&
Procedures
Risk
Mapping
Business
Continuity
Planning
Information
Security
Framework
Support
&
Awareness
Identifying all business processes within the Bank
8
Processes aimed at achieving better
risk management
Business
Process

Policies
&
Procedures
Risk
Mapping
Business
Continuity
Planning
Information
Security
Framework
Support
&
Awareness
Ensuring that all Offices have in place sound policies and
operational procedures for every business process under their
responsibility as a primary means to mitigate risk;
9
Policies & Procedures
►
Good corporate governance dictates that responsibilities,
delegations of authority, operational procedures and control
processes are documented and disseminated to staff.
►
Opportunity to:
 Review and update the Policies & Procedures of all
processes
 Understand the inherent risks that are present in the
processes
 Evaluate all the existing controls
 Recommend new controls to management to mitigate such
risks in conjunction with Internal Audit Office
Information
Security
Framework
►
SPRD co-ordinates the review and maintenance of the
Bank’s Policies & Procedures with Office Managers.
Support
&
Awareness
►
Policies & Procedures are approved by the PAC/MC.
Business
Process
Policies
&
Procedures
Risk
Mapping
Business
Continuity
Planning
11
Processes aimed at achieving better
risk management
Business
Process

Policies
&
Procedures
Risk
Mapping
Business
Continuity
Planning
Information
Security
Framework
Support
&
Awareness
Systematically identifying and assessing risks and controls
across business processes in the Bank, thus constructing the
Bank’s Risk Matrix for use by management;
12
Risk Mapping
Business
Process
►
It is crucial for any organisation to have a sound
understanding of its business, the nature of its risks and its
strategic direction. This provides the foundation for the
sound management of any organisation.
►
SPRD co-ordinates the systematic identification and
assessment of risks across all the business processes.
►
All business processes are assessed and assigned an
inherent risk value. This is done in consultation with
Office Managers and Internal Audit Department.
Policies
&
Procedures
Risk
Mapping
Business
Continuity
Planning
Information
Security
Framework
Support
&
Awareness
13
Risk Mapping
►
All high risk processes undergo a further detailed risk
assessment.
►
The risk assessment identifies what the specific risks of the
business processes are, and it evaluates how these risks are
being controlled and monitored.
Business
Continuity
Planning
►
Each specific risk identified is given a residual risk value.
Information
Security
Framework
►
The risk assessment is sign-off by the Office / Senior
Managers.
►
The risk assessment is loaded in the Risk Matrix database.
Business
Process
Policies
&
Procedures
Risk
Mapping
Support
&
Awareness
14
Risk Mapping
Business
Process
Policies
&
Procedures
►
►
It reinforces accountability and ownership of risk and control
by the business units.
It helps to focus management’s attention on the high risk
business processes.
Risk
Mapping
►
Management has a clearer understanding of the risks that the
Bank is faced with, and how these are being controlled.
►
Management can introduce new controls and monitors so that
risks are further mitigated.
►
The Audit Committee monitors the progress achieved in the
Risk Matrix.
Business
Continuity
Planning
Information
Security
Framework
Support
&
Awareness
15
ORM Framework
Operational Risk
Taxonomy
Risk root causes:
Risk events:
Risk impacts:
• People
• Systems
•Governance &
Business Processes
• External events
Fraud, Incidents,
Disasters, Attacks,
Errors & Failures,
Infrastructure
disruptions
• Business
• Reputational
• Financial
Identification of
enabling factors of risk
events
Supports analysis of
observable events /
incidents
Allows management
to review and manage
risks based on intuitive
categories of impact
Risk treatment
measures /
controls
16
6
ORM Framework
1
Business Area
Board of Directors
 identifies and assesses
risks
through the Audit Committee
 reviews the status of the Bank’s
operational risk profile
 proposes action plans as
necessary
 approves implementation of action
plans
 accepts risks upon the
recommendations received by
ORC and endorsed by PC
2
3
SPRD
Director/Heads of
Business Area
 coordinates,
supports and
reviews risk
assessment
 review risk report for
business area
 agree on action plans
 consolidates reports
4
5
Policy Advisory Committee
 discusses business area risk map
and proposed actions plans
 approves action plans / or
recommends to Board
Operational Risk Committee
 discusses business area
risk map and proposed
actions plans
 approves action plans / or
recommends to Policy
Committee
17
Processes aimed at achieving better
risk management
Business
Process

Policies
&
Procedures
Risk
Mapping
Business
Continuity
Planning
Information
Security
Framework
Support
&
Awareness
Ensuring that Offices are prepared to deal with uncertainties,
so that the continuity of critical business processes is
safeguarded;
18
Business Continuity Management
Business
Process
►
Good corporate governance lays down that an organisation
needs to ensure that its critical business processes are neither
disrupted nor adversely affected by disasters and problems,
both internal and external.
►
SPRD co-ordinates a project through which the Bank is
developing, testing and maintaining an adequate Business
Continuity Plan to provide continuity of business in the event
of disruption.
Policies
&
Procedures
Risk
Mapping
Business
Continuity
Planning
Information
Security
Framework
Support
&
Awareness
19
Processes aimed at achieving better
risk management
Initiatives aimed at achieving better risk management:

Business
Process

Policies
&
Procedures
Risk
Mapping
Business
Continuity
Planning
Information
Security
Framework
Support
&
Awareness
Ensuring that the confidentiality, integrity and availability of
information is safeguarded through the implementation of an
effective Information Security Management programme;
22
Strategy, Policy & Risk
Management Department
Initiatives aimed at achieving better risk management:

Business
Process

Policies
&
Procedures
Risk
Mapping
Business
Continuity
Planning
Information
Security
Framework
Support
&
Awareness
Providing technical support and risk management
awareness through ad hoc risk assessments and training.
24
Provide Risk Management Support
Business
Process
►
Policies
&
Procedures
Risk
Mapping
►
Business
Continuity
Planning
Participation in Bank committees
Health & Safety Committee
Carry out ad hoc risk assessments
in new areas of operations
in existing areas of operation where the environment is
changing (because of laws, systems, procedures, staff, etc)
Information
Security
Framework
►
Carry out Risk Management awareness with staff
Support
&
Awareness
25
Risk Management
at the Central Bank of Malta
Questions?
cortisa@centralbankmalta.org
Related documents
Unit 10: Course Summary and Final Exam
Unit 10: Course Summary and Final Exam
Limits and Continuity 1 Review from Calculus 1
Limits and Continuity 1 Review from Calculus 1
MATH 412 Introduction to Analysis I
MATH 412 Introduction to Analysis I
CENTENNIAL HONORS COLLEGE Western Illinois University Undergraduate Research Day 2015
CENTENNIAL HONORS COLLEGE Western Illinois University Undergraduate Research Day 2015
Continuity Formal Approach
Continuity Formal Approach
Homework for Math 3210 Spring 2010 Week 5 Instructor: R´ emi Lodh
Homework for Math 3210 Spring 2010 Week 5 Instructor: R´ emi Lodh
Continuity 6 Continuity 1
Continuity 6 Continuity 1
Social studies teachers should possess the knowledge, capabilities , and... organize and provide instruction at the appropriate school level for... II. TIME, CONTINUITY, AND CHANGE
Social studies teachers should possess the knowledge, capabilities , and... organize and provide instruction at the appropriate school level for... II. TIME, CONTINUITY, AND CHANGE
Download
advertisement