Capturing and reviewing operational incidents from the business is one of the most basic and important tasks in operational risk management. It is a natural starting-point for companies and organizations that want to implement sound operational risk management.
The Basel Committee on Banking Supervision (BCBS) states:
“The tracking of internal loss event data is an essential prerequisite to the development and functioning of a credible operational risk measurement and management system”
It is of crucial importance because it provides direct and observed input of operational failures and thereby gives valuable information as it exposes root causes, organizational, people, system and process issues. It tells about loss types, levels and frequencies.
In SIGMAOpRisk the Incident module consists of two sub-modules: Incident capture and Incident review.
The Incident capture module consists of a single web-form that is facing every employee with 1-click access via the company intra-net. It allows employees easy registration of incidents and only the required information is captured, yet it is assured that all relevant information and regulatory requirements are adhered to. The registration makes it possible to break down and report operational failures across business dimensions like legal entities, business lines, organizational units and product types etc.
For registration of operational incidents to be successful with busy employees, it is of outmost importance that the incident capture process is as speedy and easy as possible. At SigmaRiskPartners we understand and respect this, which is why registration in the capture form is pre-filled with employee information, dates and other required information to smooth the registration process and make it a pleasant user experience.
While the incident capture form is facing every employee, the incident review module is dedicated Risk Management and others with an operational risk focus. The incident review module consists of a single web-form, showing the entire capture form for easy review. Added information is augmentet by the reviewing risk manager to ensure that regulatory required information, such as Basel loss and cause categories and the Basel business line structure, is captured for each incident reported by the business.
The purpose of the incident review form is two-fold. It gives Risk Management a real-time overview of incidents being reported by the business and allows for swift actions if serious systemic operational matters arise. Furthermore, it gives Risk Management a standardized framework to review and validate the incidents reported. Misconceptions and errors may need to straightened out with the reporting employee as part of the incident registration process.
When the registration is reviewed and in order, the incident registration can be approved.