Volltext: IT & Finance

operational risk management (risk identification, assessment, control/mitigation and 
monitoring). The processes concerning the business continuity management and the 
outsourcing are specializations of the four main processes in their corresponding 
domains. The other processes are supporting the main processes, in particular the 
management of the historical loss data. 
Due to the regulatory nature of the Basel II Accord and its use by regulators and 
financial institutions, a rigorous requirements engineering methods has been applied 
to ensure that exactly the content of the regulation 1s described into the processes of 
the Operational Risk Management, no more, no less [5]. An example of a process 
description is shown in Table 1. As shown in this table, the description of each 
process is clearly understandable and provides the basis for assessment of financial 
institutions actual business processes implementing an Operational Risk Management 
system. The model, composed of 15 processes (see Figure 1), is described within 15 
pages. This description has to be complemented with the (measurement) indicators 
and the assessment instruments (i.e. questionnaires). They are explained into the next 
Name Operational Risk Mitigation/Control (BORO. 1) 
Purpose The purpose of the Operational Risk Mitigation/Control 
process is to mitigate the assessed operational risks and to 
manage operational risk impact. 
Outcome 1 An operational risk mitigation and control strategy is developed, 
including the principles of how operational risk is to be mitigated 
and how its realization is to be control, according to the size, the 
sophistication, the nature and the complexity of the bank's activity; 
Outcome 2. The existing option to mitigate risk are analyzed and, for each risk, 
the most in accordance with bank's strategy is chosen; 
Outcome 3 Changes in bank's organization and activities to mitigate risks are 
planned and implemented in accordance with bank's risk profile; 
Outcome 4 Residual risks resulting from mitigation actions are identified to 
ensure the day-to-day tracking of those risks; 
Outcome 5 A risk achievement control policy is developed and communicated 
to all people involved in bank's operational activities; 
Outcome 6 Corrective actions are performed when a risk is under way and the 
performance of these actions is tracked until risk is completed. 
Tabelle.1. This table shows the purpose and outcomes of the Operational Risk 
Mitigation/Control process 
2.2 Goal-oriented process description of ISO/IEC 15504 process models. 
As can be seen on the Table 1, the description of each process is concise and accurate, 
which is important for being used by managers in their decision making process. The 
components of this description are explained in this section. 


Sehr geehrte Benutzerin, sehr geehrter Benutzer,

aufgrund der aktuellen Entwicklungen in der Webtechnologie, die im Goobi viewer verwendet wird, unterstützt die Software den von Ihnen verwendeten Browser nicht mehr.

Bitte benutzen Sie einen der folgenden Browser, um diese Seite korrekt darstellen zu können.

Vielen Dank für Ihr Verständnis.