JOB DESCRIPTION 1. Job Details Job Title: ¤ Asst Operational Risk Dy. Manager Grade ¤ For HR Evaluation only Department: ¤ Risk Group Location: ¤ UAB, Head Office Direct Line Manager: Date reviewed: ¤ Nita Mehta ¤ …. 2013 New review date: ¤ …..2015 2. Job Purpose The main objective of this position is to lead and support a robust risk management & control environment, through implementation of the operational risk and internal control framework and governance. The position will also cover ensuring that the existing risk and control environment is adequately represented in RSAs and that all material risks in the business have effective controls in place for mitigation. The position will cover testing of controls in various units and work with internal stakeholders to ensure adequate audit preparedness and management of ineffective controls. This position also covers maintenance of an independent oversight (monitoring) on Governance through embedding of processes and regular health checks in order to identify inherent/residual risks. Following are some salient activities for this role : ¤ Ensures timely identification of existing risks / control failures and liaising with functional process owners to ensure adequate preparation for audits; ¤ Ensures all RSAs accurately reflect the existing risk and controls embedded, and periodic update / maintenance of the same; ¤ Ensures that risk events are reported in a timely manner and, for material risk events, a root cause analysis is carried out and that, along with the risk event owner that action plan is properly closed; ¤ Carries out risk event theme analysis to identify the focal areas requiring management attention; ¤ Drives prioritisation in terms of audit requirements/observations; ¤ Reports, tests and evidences effectiveness of controls and management of underlying risks on a regular basis; ¤ Ensures all open ineffective controls highlighted during RSA testing, incidents, testing results, key issues and observations can be linked back to underlying controls/risks (owners); ¤ Ensures policy compliance and attestation from each policy owners to ensure that any partially compliant policies have clear dispensation and the right level of attention on remediation; ¤ Ensures proper management of governance, specifically in terms of presentation of risk landscape to senior management and drive remediation plan. In addition to the same, the role also requires preparation of MIs, update presentations and reports for circulation to internal stakeholders. Further, the role requires working closely with all team members and remaining abreast of developments in their work, so as to be able to assist or act as a backup if required. 3. Job Dimensions Volume of Staff Supervised (Direct reports and Indirect/ dotted line reports) ¤ None Resources under control (eg, direct budget, sales target, ¤ None UAB JOB DESCRIPTION: ASST OPERATIONAL RISK MANAGER Confidential Page 1 28/01/2013 JOB DESCRIPTION financial impact on UAB results) Authority level and limits ¤ None 4. Organization Chart HR to complete 5. Job Accountabilities Description UAB JOB DESCRIPTION: ASST OPERATIONAL RISK MANAGER Confidential Page 2 Performance Indicators 28/01/2013 JOB DESCRIPTION Risk and Control Self Assessments ¤ Direct and implement, in conjunction with the business, an agreed programme of Risk Self Assessment ¤ (RSAs) to identify and assess the key risks to business ¤ ¤ ¤ ¤ processes/systems, to determine the effectiveness of operational controls and to advise the business on control improvements and risk mitigation; Related risk assessment/conformance testing (in light of issue origination, remediation and embedding); Build and maintain effective relationships with related stakeholders to ensure cooperation and quick closure of action points; Deliver value-adding risk assessments and advice to change projects and new products to ensure changes to the business risk profile are properly quantified and mitigated/managed within agreed risk appetite; Ensuring effective process of ineffective controls management with accurate actions and timelines identified, and a process of adequate tracking and reporting of the same. Risk Events, Key indicators ¤ Ensure effective risk event management and reporting process in ¤ ¤ ¤ ¤ ¤ place, promote and support timely and complete reporting of risk events (including frauds), Key Risk Indicators and control issues by the business Promote and support timely and complete reporting of risk events (including frauds), Risk events are timely reported and for material risk events, root cause analysis is carried out and drives closure of action plan with risk event owner. Carry out risk event theme analysis and also data analysis to ensure completeness and to identify the focal areas requiring management attention In partnership with business management, lead post incident reviews to identify and analyse root causes and learning and to ensure that any necessary remedial actions or control improvements are implemented to prevent future losses and events. Change management: Deliver value-adding risk assessments and advice to change projects and new products to ensure changes to the business risk profile are properly quantified and mitigated/managed within agreed risk appetite. Risk event management: Ensuring effective risk event management and reporting process in place, promote and support timely and complete reporting of risk events (including frauds) by the business. Ensure effective policies and regulatory compliance monitoring and reporting process in place. MIS ¤ ¤ ¤ targeting priority areas and ensuring all areas of the Bank’s activities are periodically reviewed. Risk Assessment reports clearly documenting the nature, frequency and estimated scale of risks. # of Risk Assessments performed versus planned (and time frame). Improve Risk Management awareness by improving MIS on ineffective controls, issues, actions and overdue actions, risks including increase in risks. Regular MIS. ¤ Implementation and Management of KRI. ¤ ORAP open action tracker. ¤ Number of new Risk Management improvements made during the year arising out of risk events. ¤ Policies register. ¤ Regular review and update of the Operational Risk ¤ Oversight and responsibility over the preparation, maintenance, ¤ ¤ Risk Self Assessment plan produced each year dissemination, interpretation of Operational Risk Policies and Terms of Reference. Ensuring that standard Operational Risk procedure manuals, program checklists & templates are in place to articulate key processes and that these are up to date and are adhered to in an UAB JOB DESCRIPTION: ASST OPERATIONAL RISK MANAGER Confidential Page 3 Map following Risk Assessment. ¤ Effective follow-up for closure of all ineffective controls, issues and actions. ¤ Timely submission of reports (minimum on a quarterly basis). 28/01/2013 JOB DESCRIPTION effective way. ¤ Providing the necessary guidance and support to the business in ¤ reporting Operational Risk reporting metrics relating to RSAs, Key Risk Indicators and Audits. Coordinating and liaising with the business in ensuring that the Operational Risk aspects of governance and regulatory requirements are implemented and adhered to in a satisfactory way. 6. Job context Problem solving & Innovation Main Challenges ¤ Awareness of Bank’s products, policies and procedures. ¤ To manage the Department efficiently and keep confidentiality of information. ¤ Implement Best Practices in Ops Risk functions at UAB. ¤ The job holder must demonstrate the ability to anticipate possible issues or risks of which others may be unaware. ¤ Identifying and recommending risk mitigation issues. ¤ Applying best practice Risk Management methods and assessment tools. Internal working relationships ¤ Line managers and other staff members ¤ CEO’s Office ¤ Deputy CEO Client relationships/ Interpersonal skills Risk management Planning & Organizing External working relationships ¤ ADX & SCA ¤ Central Bank ¤ Ministries ¤ Board of Directors’ ¤ Shareholders ¤ Board Secretary ¤ This role is primarily responsible for: ¤ Assessing, measuring and communicating the risks contained in the Bank’s operational activities. ¤ Minimizing the operational risks of the Bank through either suggesting mitigation strategies or recommending changes to operational processes. ¤ Plan the annual calendar of Risk Assessments and Evaluations ¤ Meet reporting requirements for the Risk Committees and external bodies ¤ Able to respond to changes in business priorities/critical issues without losing track of planned activities. ¤ Maintain efficient document control and storage. 7. Qualifications, Experience & Skills Essential Qualifications: ¤ Bachelors Degree Experience: ¤ 5 years experience in Banking Job Specific Skills: ¤ Banking knowledge ¤ A clear understanding of Operational Risk Management, risk identification and control tools. UAB JOB DESCRIPTION: ASST OPERATIONAL RISK MANAGER Confidential Page 4 Desirable ¤ Certification in Ops Risk Management (preferable) ¤ In Risk Management ¤ Knowledge on various laws and regulations and the general legal environment 28/01/2013 JOB DESCRIPTION ¤ Ability to think “outside the box” Generic Skills/Requirements: ¤ ¤ ¤ ¤ Good PC Skills (MS Office products) Friendly, confident and positive in action. Good communication skills Team Player ¤ and apply creative and constructive thinking. Proven ability to work effectively with all levels of Senior Management and Bank employees, Internal and External Auditors, Regulators, and Government representatives ¤ Attention to Detail – highly detailed focused; able ¤ ¤ Competencies: ¤ ¤ ¤ ¤ ¤ to evaluate detailed financial data; able to map business processes and to identify errors, omissions and gaps. Analytical skills – able to identify relevant information, draw conclusions and produce clear recommendations Risk assessment/Initiative – anticipates and prepares for specific issues or problems that may not be obvious to others; pro-active – doesn’t wait for issues to arise, able to adjust quickly to shifting priorities Organization – able to manage own time and to re-prioritize tasks according to needs Perseverance & Resilience – able to maintain concentration and motivation over long periods of time and will not give up until results are produced Drive - self motivated and proactive. Self-starter. Professional Judgment – identifies a number of solutions and weighs the value of each to improve results; Flexible/Adaptable – able to adapt to different situations and change approach when dealing with different issues/people; not fazed by new situations; 8. Approvals Input : Line Manager / Dept. Manager _________________________________ Signature Ratified : Human Resources ___________________ Date _________________________________ Signature Approved : General Management ___________________ Date _______________________________ Signature ___________________ Date UAB JOB DESCRIPTION: ASST OPERATIONAL RISK MANAGER Confidential Page 5 28/01/2013