7. OPERATIONAL RISK (CONTINUED) 7.4 ORM Tools & Mitigation Strategies The Group employs ORM tools comprising proactive and reactive tools which are in line with the best practices in managing and mitigating operational risks, namely: Overview of ORM Tools Proactive Tools Reactive Tools Risk Control Self-Assessment Key Risk Indicator Operational Risk Review New Product Services Approval Process Risk Loss Event Management & Reporting • Self-assessment to identify and assess operational risks by Risk Owners; • The tool creates ownership and increases operational risk awareness. • A forwardlooking tool to identify potential risks and to enable counter measures and risk mitigation actions before an incident occurs (early warning system); • To assist management to focus on high-risk issues. • End-to-end review of activities to identify risks and ensure appropriate controls are in place and are effective; • To ensure controls are aligned with RCSA and able to mitigate the identified risk. • To ensure risks are identified and adequate controls are in place prior to launching of new product/ services. • Centralised group-wide loss database which provides line of business loss reporting overview, tracks frequency of events and facilitates detailed reviews of the incident and its impact. Risk Analysis & Reporting • Analysis and reporting of qualitative and quantitative results from various ORM tools. Scenario Analysis • A systematic and forward-looking tool of obtaining expert opinions to derive new risks, test the efficiency of existing controls and highlights unexpected risks. In addition, a comprehensive Business Continuity Management (“BCM”) function has been established within the Group to ensure that in the event of material disruptions from internal or external events, critical business functions can be maintained or restored in a timely manner. This ensures minimal adverse impact on customers, staff and products and services. BCM constitutes an essential component of the Group’s risk management process by providing a controlled response to potential operational risk that could have a significant impact on the Group’s critical processes and revenue streams. The Group is also continuously reviewing its critical business operations’ resilience through regular testing and dependencies assessment on its assets (systems, data, third parties, facilities, processes and people) in order to ensure it has the required capability and resources to effectively prepare for different disruption events. 463 www.bankislam.com 1 2 3 4 5 6 7 8 9 FINANCIAL STATEMENTS
RkJQdWJsaXNoZXIy NDgzMzc=