The Risk Management Association defines operational risk as “the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events.” Examples of operational risk include natural and man-made disasters, cyber-attacks, error, fraud, and non-compliance.
Loss events negatively impact an organization’s income statement. Under certain circumstances they can be large enough to wipe out current period profitability, erode an organization’s capital cushion, or even force it into bankruptcy. Consequently, it is critically important for organizations to understand the kinds of losses it could incur, the near-miss losses it avoided, and the losses it actually incurred. This means understanding how and why a loss arose, what policies were not followed, what controls failed, where the loss is or should be recovered under insurance, and what should be done to reduce the likelihood and impact of similar losses occurring in the future.
Understanding and managing loss events is essential to an effective operational risk management program. Many organizations today have impaired visibility into the frequency, amount, type and source of loss events. This is frequently due to lack of complete or comprehensive lists of loss events, lack of accountability for management of loss events, and inadequate root cause analysis. These organizations are not fully aware of their actual losses, nor are they aware of near misses or losses being incurred by others in their industry that may warn of the organization’s own future losses. Lack of accountability promotes a less effective risk management culture, and these organizations typically suffer from a higher frequency and amount of loss events due to poor loss event analysis and remediation.
RSA Archer® Loss Event Management allows organizations to capture and inventory actual loss events and near misses, as well as relevant external industry-related loss events. Loss event root cause analysis can be performed to understand why the loss occurred and to take appropriate actions to reduce the likelihood and impact of similar losses occurring in the future. Loss events can be evaluated as part of top-down risk assessments and risk self-assessments, if those are utilized, and loss events can be exported to perform Monte Carlo simulations of operational risk using external Monte Carlo engines, such as Palisade @Risk. Recoverable losses can be monitored and managed until they are reimbursed through insurance or restitution agreements.
Key features include:
- Consolidated loss event catalog including actual losses, near misses, and calibrated external loss events
- Assignment of loss events by business unit and named individuals
- Root cause analysis
- Review and approval of loss events by key stakeholders within their levels of authority
- Visibility into aggregate losses by type, source, and area of ownership
- Ability to drill into specific loss events for greater detail
- Consolidated list of remediation plans to reduce likelihood and impact of similar future loss events
- Correlation of loss events to applicable risk, policy, and control procedures, as well as correlation to insurance policies.
RSA Archer Loss Event Management provides:
- Consolidated view of loss events by frequency amount, type, source, and owner
- Clear understanding of the cause of loss events and the actions being taken to remediate problems that led to the loss event, including whether remediation plans are being executed on time, as planned
- Greater engagement of business unit managers in the management of losses
- Evidence of the design and effectiveness of an organization’s loss event program within a broader operational risk management program.
Today, organizations are faced with complex and fast moving operational risk challenges. RSA Archer Loss Event Management is one element of an effective Integrated Risk Management program. Stressing the agility and flexibility needed by today’s modern organizations, integrated risk management brings together the various domains of risk across business activities (horizontally), connecting the activities to the strategies and objectives of the organization on an aggregated basis (vertically). This approach to risk management provides leaders with the most holistic understanding of risk facing their organization so they can make truly informed decisions about where to deploy limited capital and human resources to produce optimized returns for the organization while maximizing the likelihood of achieving the organization’s objectives.
As your organization drives business growth, your risk management program must evolve and manage risk more holistically, with more agility and integration than before. Effectively managing loss events is one ingredient to demonstrating real progress and improvement in decreasing business risk. RSA Archer can help your organization better understand and manage loss events on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.