Your World of Legal Intelligence
 United Kingdom | +44 (0) 20 7284 8080

Internal audit function role in operational risk management

Document Cited in Related
Vincent
Published date15 May 2007
DOIhttps://doi.org/10.1108/13581980710744039
Date15 May 2007
Pages143-155
AuthorAna Fernández‐Laviada
Subject MatterAccounting & finance
Internal audit function role in
operational risk management
Ana Ferna
´ndez-Laviada
Faculty of Business and Economics, University of Cantabria, Santander, Spain
Abstract
Purpose – The objective of this paper is to provide a global perspective of the operational risk (OR)
management framework from an internal audit viewpoint.
Design/methodology/approach – This paper describes the new role of the internal audit function
in reviewing the OR framework.
Findings – An efficient OR management framework will improve and reinforce the internal controls
of the organization. Internal audit should be alert to the whole process of implementation of the
systems for managing OR in entities.
Originality/value This area has not been analyzed in depth to date. The paper provides a
summary guide to audit of OR management frameworks in financial institutions.
Keywords Risk management,Internal auditing
Paper type Research paper
1. Introduction
The New Basel Capital Accord (NBCA), known as Basel II, establishes that:
A bank should develop a framework for managing operational risk and evaluate the
adequacy of capital given this framework. The framework should cover the bank’s appetite
and tolerance for operational risk, as specified through the policies for managing this risk,
including the extent and manner in which operational risk is transferred outside the bank.
It should also include policies outlining the bank’s approach to identifying, assessing,
monitoring and controlling/mitigating the risk.
The Capital Requirement Directive, recently published, requires this operational risk
(OR) framework to be subject to regular internal (or external) audit review.
So, internal audit should include in its annual plan the complete review of the
framework for managing OR, and the review of the policies, process and procedures
for identification, assessing, monitoring and control/mitigate OR.
However, meanwhile this independent review is key and, as Sheen (2005) states,
it could provide a valuable challenge to the OR framework, there may be a need for
greater focus on it.
The Financial Services Authority’s (FSA) paper “Operational risk management
practices” which provides feedback on eight firms visited, noted that “In general, firms
had not yet established processes to assess the effectiveness and adequacy of their OR
frameworks”.
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1358-1988.htm
The author would like to acknowledge and thank the important contribution of Andrew Sheen in
reviewing the previous manuscripts and also thank to the Spanish Confederation of Savings
Banks for its help in documentation for this study.
Internal audit
function
143
Journal of Financial Regulation and
Compliance
Vol. 15 No. 2, 2007
pp. 143-155
qEmerald Group Publishing Limited
1358-1988
DOI 10.1108/13581980710744039

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT