From reaction to PRO-action! Implementing a comprehensive Operational Risk Management system: Banking is a risky business; however, until now, in most financial institutions, only two of the three major risk elements, Credit Risk, and Market Risk, have been subjected to analysis, measurement, and management. The third, and arguably, the most complex and critical, Operational Risk, has been largely ignored. The recent banking crisis and recent bank failures meant this had to change, and it has. Both the regulators and the boards of banks now understand that unexpected and uncontrolled Operational Risk can present a major threat to their institution. Insurance companies are in the business of assessing risk, yet they too, in the past, have largely ignored Operational Risk. Now, major insurers and their regulators are coming to understand the importance of massively significant threat to insurers’ activities.

To survive, develop, and prosper in this increasingly risky and competitive environment, financial services organizations need to be at the leading edge of operational Risk Measurement and Management; all of their stakeholders, along with their regulators, expect nothing less from them.

Our Operational Risk Management Methodology and software are designed to meet these requirements.

How can Alyafi group assist in meeting your Operational Risk Management challenges?

The Group’s ability to provide Operational Risk Management services is built around a software package called CAREweb™ (Control And Risk Evaluation). This web-based software provides a systematic, consistent and effective approach for categorizing Operational Risks, determining the effectiveness of internal controls in mitigating those risks and measuring the organizations Operational Risk profile. It provides numerous reports that enable the board and management of an organization to measure the “Gaps” in the control environment, determine where improvements and enhancements to the control environment are required, prioritize such changes and follow-up on their implementation.

The Group's approach for implementing an Operational Risk Management process within an organization incorporates:

Reviewing the corporate structure to identify discrete risk units.

Developing an implementation schedule for the business.

Conducting a series of workshops to train the staff on the identification, classification, and measurement of risks and the evaluation of controls, and on the development of Compliance Tests for the periodical evaluation of controls.

Training the Risk Management Team on the use of CAREweb™ and on conducting/facilitating workshops.

Developing the forms and procedures of work needed for capturing loss events and “near-misses” and using CAREweb™ to record and analyze such events as well as to monitor the implementation of action plans to prevent their recurrence.

Designing, interpreting and using the reports generated by CAREweb™.

Adjusting the Internal Audit Charter to utilize CAREweb™ results for the implementation of a Risk-based audit methodology.

Training RM, Compliance and IA staff on the use of CAREweb™.