Assessment vs. Measurement
The conventional toolkit employed to counter the operational risk threat is woefully inadequate. It is typically comprised of subjective and non-aggregatable colour-coded risk and control self-assessments and quantitatively modeled estimates of loss probabilities — the so-called advanced measurement approach (AMA) — that relies exclusively on historic losses with no reference to actual accumulations of exposure to risk. This causes it to be essentially a backward-looking capital calculation tool, adding little or no value to risk management.
What CEOs and CFOs really need is systems that explicitly and dynamically identify, quantify, aggregate and value operational risk exposures so they can be accounted for. If they had this
capability, the cost of operational risk exposures could be charged to business line income (P&L) statements and shareholders’ equity thereby integrating operational risk into the financial control framework and transforming operational risk mitigation initiatives into a profit incentive.
Can it be done? Of course, it can.