Risk is an everyday hazard that faces banks, funds and insurers. It can usually be mitigated, but it is rarely eliminated completely. There are some cases where a positive “hazard” is a very good thing to have – each business faces a risk or probability of making profits. Millions of people buy lottery tickets each day facing the small risk that they will become instant multimillionaries. Business always encounters some form of risk.
It is good that we recognise that operational risks are present in our company. It is better when we can predict the risk event that will happen. It is best when we have reinforced the general resilience of our system through risk management countermeasures. The business operational risk shock is going to be absorbed by our company, so the company has to respond.
Not all banks have put operational risk firmly on their corporate radar. Few banks seem to have detailed an operational risk map by making provisions for expected operational risk. Basel surveyed 89 banks, and only 33 had designated expected operational risk loss measures.
Therefore, we need a management structure to plan the continuing and increasing system resilience of the company.
Doing risk management, rather than merely talking about it, will separate the banks from the boys for Basel II implementation. The measures of pricing, reserving and expensing for OpRisk are already one significant step ahead of risk managers simply answering:
We are risk-compliant because we have already submitted the Risk Compliance Report.
This reporting for the sake of reporting is a risk-ignorant form of control activity in a mindless ticking of boxes in a questionnaire. Will reporting and complying with the regulations catch out the next Enron?
The above techniques get us closer, may be, to a real-life model of risk management that we call ‘organic’. Basel II reaches for some risk silo integration, but real life is messier. Messy problems can be handled in a project management control structure, such as RAMP.
An investment company, with its people and processes, its clients and their investment needs and preferences, is like a living organism. It can encompass every type of business risk, instead
of just the ones we would like to handle. We see that there are many organic risk stakeholders at play in the market.

A US survey concluded that 6 % of business revenue or $400 billion is lost within the UK economy as a result of fraud, and a most of this loss comes from internal staff. Furthermore, KPMG estimated that only 4 % of these fraud incidents were spotted during external audit. The reasons for this huge damage comes from a lack of internal corporate controls and poor stock-control/accounting.
Many shareholder interest groups exist to protect the rights of the smaller investor. Grouped together, they command a huge pension fund and influential voice. Calpers, Teachers, NAPF and PIRC are among many. PIRC (Pensions and Investment Research Consultants) was vocal in its criticism of arrogant boards that do not press forward to embrace corporate governance recommendations0 PIRC has called for more transparent and accountable directorships to
make UK boards more geared towards increasing shareholder value and socially responsible investment.
PIRC is an agency committed to SRI (socially responsible investment). It encourages investors to monitor how companies are managing their stakeholder relationships. One byproduct is FTSE4Good as an index of SRI stocks that such investors can choose from. PIRC gives investors relevant information and SRI advice, particularly on corporate governance, including:
shareholder rights  best practice compliance  suitable board structures  remuneration schemes  investor relations.
PIRC has called for a series of changes to make UK board of directors more effective.
Encouraging more boards to have more non-executive directors than executives.  Making sure non-executives are genuinely independent rather than chums of the chief executive. PIRC says only 20 % of FTSE 100 boards have a majority of independent non-executives.  Independent appraisal of board members.  A widening of the pool of non-executives. Companies could advertise for new recruits.
Better resources for non-execs, including secretaries and researchers as well as access to  independent research and advice.
More contact between non-execs and shareholders.
NAPF (National Association of Pension Funds) operates with a similar mission. Its priority is to ensure an efficiently regulated market for the provision of employer-sponsored pensions. It advocates sound governance of pension fund assets as NAPF represents pension funds that cover about 10 million UK employees. These funds control 20 % of the shares of the London Stock Market. NAPF also opines that independent directors articulate the wishes of their investors, while the non-executive directors fully understand the shareholders’ expectations of them. One role could be for them to exercise effective restraint over the sympathetic remuneration committees that are inclined to pay the top executives too much (“fat cats”).
Fat cats are blamed for skimming off the cream from the corporate milk, so impoverishing their investors. Executives have to be charged with the duties of wealth creation and safeguarding it through risk management, not for sleeping on the job. The risk management directors’ duty is listed in the Basel II banking document that prescribes a healthy environment for business. It states that the function of risk management should go all the way to the top:
The board of directors should be aware of the major aspects of the bank’s operational risks as a risk category that should be managed, and it should approve and periodically review the bank’s operational risk management framework. The framework should provide a firm-wide definition of operational risk and lay down the principles of how operational risk is to be identified, assessed, monitored and controlled/mitigated.
Invest within companies where there is a culture of openness and risk management. The new Basel II banking regulations encourages corporate transparency. One’s conscience is better put at rest than by a superficial report that white-washes the remaining dangers.
We have looked at sensing for top management errors and lack of ethics deep down the company – see AEW: advanced early warning.
Your sixth sense can save you a lot of money!

Forensic accounting is a potentially rich source of value-added in financial environments. Part of forensic accountancy is an art, part science and the rest is detective work. There are three ways in which it can provide a valuable service in organisations:
1. Investigate a case post facto to see where a loss has occurred within the investment environment; sniff out the cause or possible rats, then set up the enquiry for full regulatory/judicial process and compensation/redress where possible.
2. Examine a business to spot current areas of weaknesses that may cause future losses. Shore up, fire, retrain or recruit staff to reinforce the system.
3. Compile a list of weaknesses within the organisation and detail reasons for investment loss. This exercise is a training tool for auditing and back-office staff. Such forensic investigations must feed active front-office trading personnel, compelling them to document significant risk events for the benefit of the back office.
There is more incentive to promote this type of procedure under Basel II regulations for market transparency and discipline. Part of the Basel II philosophy of risk is predicated on the notion that top management want to grasp the nettle and actively manage OpRisk. The first thing forensic accounting can provide is a corporate health check or a company risk audit. They may use a variety of techniques to derive this audit:
Self-assessment of risk areas – running a checklist audit or workshop to identify the strengths and weaknesses of the company’s business environment, especially against potential stake-
holder lawsuits. Risk mapping – diagramming the various constituent business units and process flows. Each area and its associated risk are identified and documented, then the follow-up risk management action recommended. Risk mapping can be used within functional areas for key risk indicators (KRIs). Departments can define operational limit bands of functionality like a risk thermometer. Crossing these limits (e.g. asset-liability gaps) shows the company’s risk
exposure here is “hot”. The responsible party or group designated with the risk origination  can also be flagged, and the risk management group alerted.
Business scorecards – these build on Kaplan and Norton’s seminal work in measuring and quantifying the performance of corporations. These are qualitative performance levels, but the resulting scorecard can identify areas of weakness that may be reinforced with additional
capital and training. Loss database – this keeps a historical log of above-threshold value financial losses. Statistically significant losses or high damages can be highlighted automatically for the attention of senior management.
We have developed advanced tools and techniques for:

Corporate governance.  Benchmarking and measuring performance.

Identifying areas of risk or weakness.
The problem is that an investor is an irrational animal and other influences often take over the driver’s seat. This is certainly true at the top executive level, and OpRisk groups have less to say about how strategic decisions are made.
The two main risk horizons remain for financial institutions.
Strategic policy risk – the fundamental asset allocation and performance benchmark design. This has been the subject of much research, but behavioural factors do exert a strong influence. Strategic policy risk has the greatest influence upon bank and fund success. Governance and trustee defined roles working under a multilayered control hierarchy can keep a better link
between declared corporate objectives and the actions of managers. Tactical implementation risk – investment manager structure and manager selection. Investment managers are generally recruited from a narrow band of skills and social backgrounds, so they can develop a tendency to socialise and to invest as a herd. This leads to a restricted range of assets chosen for investment. Careful interviewing and screening of recruits can reduce undesired wayward behaviour.