Like all other matters pertaining to the bank, the board of directors is responsible for approving the operational risk management framework and assessing its effectiveness. Within this framework, the board provides a bank-wide definition for operational risk and supplies guidance on how operational risk is to be identified, assessed, controlled and monitored. Additionally, the board ensures that the risk management framework is subjected to periodic review.

Sy Bent Breaks the News to Board Chairman and Bank President, Hi McCard

The forensic accountant, Sy, has completed his work after interviews with bank employees and document analysis. Periodically, he has provided Hi McCard, Board Chairman and Bank President, with informal updates of his findings. The purpose of today's meeting is to formally deliver his final verbal report. As you watch the video, pay particular attention to Sy's assessment of how the loss occurred, and his recommendations to ensure that it doesn't happen again.

Also, note Hi’s reaction to the report. Do you think that he has learned any lessons regarding the importance of controlling operational risk?

Consider this:

In developing his forensic accounting report, Sy found that John was a workforce of one when it came to operating and administering the bank's Trust Department.

What controls could have been implemented to make it harder for John to take money from trust accounts? Here are several controls that might have been effective in limiting the possibility of theft:

1. Separation of duties might have stopped the loss by requiring that John authorize trust account transactions while another individual enter the transactions in the trust department accounting systems. Without the separation of duties, it was only Evelyn’s mistake of mailing a statement that started a chain of events that revealed problems in the department.
2. Higher level authorization for the withdrawal of funds or sale of assets above a certain level is another possible control.
3. Finally, forcing John to take a well-deserved vacation may have stopped the loss or revealed problems early, lessening the loss.

The three suggested actions that might have stopped or revealed John's activities are examples of a few controls that banks often use to mitigate operational risk, and are part of a overall risk management process.