Embedding a risk management culture requires an intuitive and common approach for the risk management process. The Financial Services Authority with its new risk based approach has tried to address the way that a financial institution should move forward in this area. Common steps that should be used are as follows:
- Risk Identification;
- Risk Assessment;
- Risk Mitigation;
- Risk Monitoring;
- Risk Reporting
Risk management should also support the quantification of any risk exposure such as: Value at Risk (VaR), Credit Exposures and loss of Systems and Controls.
The measurement approach for different categories of risk varies significantly, particularly in operational risk. This is an area where best practice is still under development. However, there has been significant guidance provided by the Basel Committee on Banking Supervision that provides direction for European legislation that has developed indicative approaches for financial institutions to follow.
It is important to note that risk management does not end with the reporting of risk events – it is an ongoing and iterative process continually reviewing the organisational risk profile.