21 Hoosier Banker July 2015 Continued on page 22. possible, the overall risk assessment should be compared to the risk appetite established by the board. This is particularly important for less quantifiable risks, such as operational and reputational risks. Summarizing risks by category can also help the board to compare the relative importance of each. Risk assessments can provide useful input toward making strategic and capital decisions. For example, in evaluating a proposal to enter the indirect auto loan business, a board would need to consider not only the credit risk associated with these loans, but also the compliance and reputational risks associated with third-party (dealer) relationships. Designing a Value-Adding Risk Assessment One challenge in developing an enterprise-wide risk assessment is defining the scope. In addition to including the institution’s material business processes, such as mortgage lending and human resources, the assessment should include all categories of risk relevant to the institution. Keep in mind, however, that assessments based on management judgment are best reserved for risks that are difficult to quantify, such as operational and strategic risks. Others, such as credit, interestrate and liquidity risks, are more accurately assessed using risk metrics and stress tests. A common pitfall is to assign information security and compliance risks to the departments that oversee these risks. To promote business line risk ownership, these risks should be included in the assessments for each operational process, so that each manager understands all of the
RkJQdWJsaXNoZXIy MTg3NDExNQ==