If one wants to change the future, one first has to understand the past. The first task of operational risk is to do so by capturing and analyzing the losses of recent history and the ability of the risk and control infrastructure to address, prevent, and mitigate these losses in the future (see Figure 19-1).
The key tools in the hands of operational risk are internal loss incidents, external losses, risk scenario analysis, and risk and control assessments.1
Each element has its own purpose and is typically collected in a relatively siloed fashion. Executing these processes effectively will educate different parts of the firm about its current risks. Those firms able to aggregate the data effectively, however, can create a powerful platform for more forward‐looking analysis. Developing such predictive capabilities is where today's CEOs need to be if they are going to turn the tables on risk. Let's look at each of the core components.
Internal Loss Incidents
Internal risk incident capture is the most basic obligation under Basel II requirements (see Table 19‐1).2 The tables discussed in the risk assessment section in the previous chapter could not be created without this basic data collection being performed. The obligation ...