In this chapter, we explore the continued enthusiasm for convergence, or governance, risk, and compliance (GRC). Both terms refer to the adoption of an integrated approach to managing the various elements of operational risk so that related activities can be leveraged, efficiencies attained, and more powerful risk management results achieved. We consider how a converged approach can be effective in assessment and in metrics and discuss the powerful reporting possibilities that can result from an integrated approach.

OPERATIONAL RISK AS A CATALYST FOR CONVERGENCE

Operational risk management aims to provide transparency into the operational risk exposures of the firm, by identifying, assessing, monitoring, controlling, and mitigating those risks. The depth and breadth of operational risk in every firm means that the operational risk department needs to take on a unique role. Not only must it build partnerships with all of the underlying operational risk activities, but it must also attain a governance structure that allows it to influence decision making at every level of the firm. In addition, it often has to facilitate a culture change across the firm so that operational risk management becomes a day-to-day embedded activity in the firm.

The rise of operational risk management has led to the emergence of integration and convergence initiatives and has energized enterprise risk management (ERM) discussions. The qualitative tools of ...