Over the last few years, operational risk has evolved into a key business risk. This trend has been driven by growing economic uncertainties, stiffer regulatory fines, and the emergence of new risks such as conduct risk, model risk, vendor risk, and cybersecurity risk.
Stakeholders (boards, shareholders, and customers) are demanding swifter risk mitigation, real-time risk intelligence, and greater risk accountability from both management and business lines. In fact, operational risk management is increasingly being tied to individual and business unit performance.
As financial services institutions expand their businesses, there is a greater need for them to ensure process accountability and transparency, determine their true risk appetite, mitigate risks proactively, and build customer and shareholder confidence.Download Factsheet
MetricStream Operational Risk Management App
The MetricStream Operational Risk Management (ORM) App provides a comprehensive system for financial institutions worldwide, both large and mid-sized, to manage operational risks in a streamlined, efficient, and integrated manner. Through the app, you can effectively identify, assess, monitor, and mitigate operational risks.
The app facilitates operational risk assessments based on different qualitative and quantitative factors. You have the flexibility to evaluate, rate, and score inherent and residual risks based on a configurable scoring logic and risk matrix.
The app also supports KRI, KPI, and KCI definition and tracking. An integrated issue management functionality helps identify and manage issues at any stage of the risk assessment process. In addition, the app provides advanced capabilities for loss management, risk scenario definitions, multiple risk simulations, and capital calculations based on regulatory requirements.
Powerful analytics and reporting tools, paired with detailed dynamic dashboards and charts, offer comprehensive, real-time visibility into ORM processes.
Why MetricStream ORM App
The MetricStream ORM App provides the following benefits:
Unified ORM System Including Regulatory Content to Manage Operational Risk Effectively
The app offers an integrated system to manage RCSAs, KRIs, KPIs, scenario analysis, losses, and capital calculations. It also includes comprehensive risk libraries and content to support compliance with regulations such as Basel II/III.
Ability to Manage Multiple Risks, and Link Risks to Performance
The app helps correlate operational risk metrics to performance goals and strategic initiatives. It also provides the flexibility to manage various critical or emerging risks, including conduct risk, IT risk, and cybersecurity risk.
Streamlined Risk and Control Assessments across the Lines of Defense
The app enables a systematic process to plan, schedule, and perform risk assessments from multiple “points of view.” It also provides best practices-based workflows for all the three lines of defense.
Enhanced Risk Scoring and Aggregation
Risk scores and ratings can be aggregated and consolidated into reports based on business hierarchy, objective, risk category, process, product category, and other parameters. Comprehensive heat maps are generated to provide an in-depth view of risks for senior management.
Comprehensive Loss Event Management
Through the app, you can record internal loss events, and organize them in multiple business categories. The app can also integrate with industry consortiums like ORX, GOLD, FITCH, and First to capture external loss events.
Advanced Scenario Analysis and Modeling
The app provides the ability to define key risk scenarios that replicate internal or external conditions. It also offers simulation techniques to compute expected losses, and to calculate capital.
Integrated Issue and Action Management
The app provides the ability to raise issues and actions from any process within the operational risk management framework. It also helps implement appropriate action plans, and track them to closure.
Real-time Monitoring of Risks, Controls, and Losses
The app facilitates real-time risk monitoring, and generates risk intelligence through dashboards and advanced analytics. Based on this data, you can effectively identify risk trends and relationships, and accordingly decide on the course of action.
The ORM app is built on the MetricStream GRC Platform, a robust and scalable infrastructure that provides the following core services and capabilities:
A Harmonized Risk-Control Library
A central, harmonized risk-control library helps you achieve consistency across various risk measurements, methods, procedures, schedules, and systems.
Intuitive User Experience
The platform provides intuitive forms and workflows, easily navigable hierarchies, drag-and-drop capabilities for creating risk scoring algorithms, automated roll-up of scores, and dynamic risk reports and dashboards.
An Adaptive and Flexible Approach
Configurable forms, fields, reports, and workflows enable you to easily model and configure complex risk projects.
A Robust Security Model
The platform provides strong security controls with role-based access to perform various ORM activities.
A Built-in Reporting Engine
Powerful reports, analytics, and business intelligence capabilities give management teams the insights they need to balance risks and opportunities effectively.
Ability to Integrate with External Systems
The platform enables seamless integration with other systems to retrieve, store, and deliver risk data for risk assessments or reporting through MetricStream’s powerful data integration framework.
On-Premise or Cloud Deployment
The platform provides the flexibility to be deployed either on premise or over the highly secure and private MetricStream GRC Cloud.
The platform can be extended to add on other MetricStream GRC apps such as the internal audit management app, BCM app, IT risk management app, and vendor risk management app.
360-Degree Risk View
The platform’s ORM libraries provide a comprehensive view of operational risks and associated relationships, thereby strengthening risk visibility and clarity.
The MetricStream ORM App provides the following functionalities:
Process and Risk Universe Creation
Risk Identification and Documentation
The MetricStream app provides a centralized risk framework to document and manage a range of operational risks. As part of the creation of the risk library, you can structure a logical risk hierarchy, including objectives, processes, associated risks, and controls with clearly established relationships between these data entities. Associated policy and procedure documents can be attached for reference.
Within the risk library, all risk details such as risk description, category, hierarchy, ownership, and validity are maintained in a common risk register. The risk library helps standardize risk data across business units. It also offers you the flexibility to categorize risks, define parent-child risk relationships, and map single risks to multiple categories. You can create a risk-control matrix, and assign it to processes, sub-processes, and locations, using best-practice forms, templates, and workflows.
Risk Control Self-Assessment
Risk Control Self-Assessment (RCSA) capabilities form a core part of the MetricStream ORM App. The app supports both top-down and bottom-up approaches to risk assessment. It enables inherent and residual risks to be assessed quantitatively, as well as qualitatively. It also provides project management capabilities to support the scheduling and monitoring of risk-related initiatives. In addition, it allows organizational groups to measure and score risks from different perspectives (e.g. per business unit or process). During a risk assessment, the app enables you to identify each risk, and bring together all risk management related data in a risk register that includes risk description, severity and impact, consequences, risk rating, mitigation plan, and related emerging issues. The app also helps trigger the appropriate risk response -- be it to mitigate, accept, avoid, transfer, share, or ignore the risk. Through the app, you can add new risks and controls during risk assessments, and enable multi-scenario analyses of risk. Advanced tools such as executive-level dashboards, dynamic reports, risk calculators, and heat maps (based on different risk matrices (e.g. 3x3 or 10x10)) provide comprehensive visibility into the risk analysis process and the compliance status.
Risk Scoring and Aggregation
The MetricStream ORM App provides a flexible, configurable scoring logic to perform risk assessments. You can define the logic for computing inherent and residual risk scores, while also defining factors to construct risk scoring algorithms. The app also offers the flexibility to drag, drop, and build your own scoring algorithms.
The app provides a flexible and configurable scoring logic for risk assessments. The app helps define the logic for computing inherent and residual risk scores based on individual perspectives. It also helps determine factors (standard/ non-standard) and sub-factors (Max, Average, Sum, Min) for risk scoring algorithms.
The app provides a Risk Matrix Configuration (RMC) feature to manage the variations in risk assessment methodologies. The RMC feature supports risk scoring, rating, and ranking, while aggregating risk scores across the risk hierarchy of Organization, Product, Process, Asset, Objective, and Geography.
The app enables risk scores to be aggregated across individual business units, processes, objectives, and departments, and then rolled up to the corporate level where the data can be monitored against the corporate risk appetite. The aggregated risk scores can be reported based on risk categories, sub-categories, and organizational hierarchies. The app also provides the option of assigning weights to each organization (in terms of percentages or numerical values), and calculating risk scores based on these weights.
Control Design and Operating Effectiveness
Once the key operational risks are identified and prioritized, the MetricStream app enables you to identify or define a set of key controls to mitigate those risks. You also have the option of defining control test plans or assessments in the form of surveys and questionnaires. These tests or self-assessments can be assigned to a team or an individual member (as tester or assessor) along with task details, testing milestones, and due dates.
Multiple control level tests, including independent evaluations of control testing, can be performed through the app, along with control scoring and reporting of results. You can also capture non-compliance issues or control deficiencies, which then become part of the issue remediation process. The control assessments and ratings are based on configurable attributes such as control strength.
The MetricStream ORM App provides a comprehensive loss event tracking functionality to track loss events, near misses, and potential losses, record amounts, and determine root causes and ownership. The loss management functionality enables you to establish and follow consistent procedures for loss capture, exception logging, action planning, loss recovery, loss tracking, and status reporting. The app provides the ability to manually or automatically integrate data from internal and external data sources. It also offers the capability to assign thresholds based on the financial and non-financial impact of a loss. With statistical and trend analysis capabilities, the app helps you understand loss patterns, and make decisions accordingly.
Key Metrics (KPI, KRI, KCI) Monitoring
Through the app, you can define key indicators for selected risks (KRIs), controls (KCIs), and performance objectives (KPIs). These indicators can be measured and tracked against set thresholds to identify potential threats which can then be mitigated proactively. If a threshold is breached, the app sends out alerts and notifications to the relevant personnel. It also provides dashboards that help gauge the performance of key metrics, and enable you to analyze risk trends over a period of time to assess breach patterns. The performance of these metrics can be referred to and used for future risk assessments and control tests. The metrics can also be extended to help determine the risk appetite for business units, as well as the organization.
Issue Management and Action Planning
The MetricStream app simplifies the management of findings and issues arising from risk and control assessments, loss events, and near misses. Once the issues are identified, documented, and prioritized, a systematic mechanism of investigation and remediation is triggered by the underlying workflow and collaboration engine. Risk managers also have the option of recommending issue treatment plans such as control enhancements. The app enables risk managers to monitor the status of issues at every stage, along with the progress of the remediation action plan. Automatic alerts keep the process on track, and help ensure that the appropriate personnel address the issue on time. All exception issues or cases remain open till the action plans have been carried out, and the results have been verified for effectiveness.
The MetricStream ORM App provides comprehensive support for stress testing and scenario analyses, including quantitative analyses. It also maps scenarios to key risk drivers and loss events to substantiate the data captured as part of the analysis. Through the app, you can define risk scenarios, capture a detailed narrative of the scenario, document all underlying assumptions, and conduct the analysis at any level of granularity. You can also link risks, controls, and mitigation actions relevant to a scenario, and configure the scenario parameters. The app supports generation of scenarios and their consequent analysis based on inputs received from internal loss data, external loss data, and BEICFs. It provides a functionality to fit and combine frequency and severity distributions via statistical techniques.
Capital Calculation and Risk Analytics
The MetricStream ORM App provides comprehensive support for capital calculation. The app provides integrated quantitative analytics for the modeling of internal and external loss data, scenario analysis, stress testing, loss forecasting, Monte Carlo simulation, capital allocation, and back-testing. The app also provides native analytics for economic capital modeling and allocation. It can generate frequency curves, and help create multiple severity distribution modeling curves, including Extreme Value theory analysis to determine optimal threshold and tail type. Capital allocation is calculated under different methodologies which include Heuler allocation, unexpected loss contribution allocation, and incremental analysis allocation.