Operational Risk Management Questionnaire

Mitigate & control

Identify

Inspect

Assess

Monitor & report

co-ordinate, facilitate, assess and oversee the effectiveness and integrity of risk management and update Board and Management on risk related matters on timely basis

responsible for the management and control of day to day operational risk

provide independent assurance across all business functions in respect of the effectiveness of the risk management framework

co-ordinate, facilitate, assess and oversee the effectiveness and integrity of risk management and update Board and Management on risk related matters on timely basis

responsible for the management and control of day to day operational risk

provide independent assurance across all business functions in respect of the effectiveness of the risk management framework

Control Self-assessment (CSA) / Key Control Standard (KCS)

Risk & Control Self-Assessment (RCSA)

Operational Risk Scenario Analysis (ScAn)

Key Risk Indicator (KRI)

Loss Event Reporting (LER)

Control Self-assessment (CSA) / Key Control Standard (KCS)

Risk & Control Self-Assessment (RCSA)

Operational Risk Scenario Analysis (ScAn)

Key Risk Indicator (KRI)

Loss Event Reporting (LER)

a facilitated process designed to evaluate operational risks, controls and control effectiveness, in order to establish risk profile for the business/support units that can pinpoint significant risk for further monitoring, with a view to change and improve

an audit program tool to validate the effectiveness of controls measures by applying sampling checks.

tool to monitor and manage key operational risk exposures over time

a process for reporting and monitoring operational risk loss incidents including service disruption to system failure, secrecy breach and Shariah Non-Compliance.

a systematic process in the creation of plausible operational risk events and is an essential element in operational risk management and measurement. It is a forward-looking risk management tool that examines and explores emerging tail-end events, which are usually low frequency and have a high impact.

1 working day

2 working days

3 working days

4 working days

do nothing

complete the OPERATIONAL RISK EVENT REPORTING FORM and forward it to Group Internal Auditors.

complete the OPERATIONAL RISK EVENT REPORTING FORM and forward it to Bank Negara Malaysia.

complete the OPERATIONAL RISK EVENT REPORTING FORM and forward it to Group Operation Risk Management.

Future loss

Potential loss

Near miss

Actual loss

External events

Strategy

People

Internal control/processes

Systems