NON-FINANCIAL RISK MANAGEMENT - Capgemini
NON-FINANCIALRISK MANAGEMENTW H I L E I T M AY N O T B E P O S S I B L E T O F U L LY AV O I DC E R TA I N N O N - F I N A N C I A L R I S K S , I T I S P O S S I B L E TOIMPROVE THE RE SILIENCE TO SUCH E VENTS-Basel Commitee on Banking Supervision, 2020
CONTENT SInventive Finance, Risk & Compliance3Our Publications41. Non-Financial Risk52. NFRM - Incident Management73. Risk Culture: from reactive to preemptive94. The changing face of Operational Risk11Bibliography 14Contacts 152
Inventive Finance,Risk & Compliance Inventive Finance, Risk and Compliance(Inventive FRC) supports the respectivefunctions within banks to move fast to staycompliant at minimum cost as well as to helptheir organizations compete through digitalinnovation. The key is for the FRC functionsto add value by leveraging data solutionsembedding regulatory competences. 500 bn Total amount of damageresulted from inadequate orfailed internal processes5-15% Cost reductionby using the FRCframeworkTo transform their businessfunctions, banks need to beinventive. We identified five areasin which financial institutions canlevel-up their business and bring tolife what’s next: FRC Data Platform Credit risk Non-Financial Risk Compliance Finance Our inventive approach empowersbanks to tackle the challenges oftransformation. We welcome youto read on and find out more. Inventive Non-Financial RiskManagement Operational risk functionsneed to improve the way theyuse operational risk data todetect, understand and predictoperational risk events. Acrossthe globe, operational risk relatedlosses are increasing at alarmingrates. Between 2011 and 2017alone, the total amount of damagecaused by inadequate operationalrisk management was more than 500 bn, and much of that damageresulted from inadequate or failedinternal processes or from people,systems, or external events. Data breaches, cyberattacks, andsystem failures, as well as externaland internal fraud, represent thetop challenges organizations andespecially financial institutions arecurrently facing. Businesses arebecoming victims of ransomwareattacks at the alarming rate of oneevery 14 seconds. By far the most critical successfactors for transformationtowards an effective operationalrisk management approach arethe right organizational cultureand an adequate governancestructure with “tone from thetop”. In addition, a holistic andcomprehensive view of all risksis important. The first step isusually to take a critical reviewof the existing business model,then determine risk capacity andappetite. Finally, the fact that the BaselCommittee on Banking Supervisionpublished 2 new consultativepapers “Principles for the soundmanagement of operational risk”and “Principles for operationalresilience” emphasizes theimportance of sound managementof operational risk, especially afterthe lessons learned and challengesorganizations are facing in times ofglobal pandemic COVID-19. While it may not be possible toavoid certain operational risks,such as a pandemic, it is possible toimprove the resilience of a bank’soperations to such events.3
Our PublicationsNon-Financial Risk Blog SeriesIn the recent years, we have helped many financial institutions to manage their challenges related to the NonFinancial Risk Management. While some of our projects were products of internal or external inspections, someorganizations acted proactively to further improve their Non-Financial Risk Management. In our blogs, we provide an overview about the Non-Financial Risk challenges and evolution in the last decade aswell as an outlook about the main trends. In addition, we focus on some specific areas that represent sources ofincreased Non-Financial risks and provide best practices from European financial institutions.1. “Non-Financial Risk: Be a pioneer in key areas before you lead the list offines” – Impact of Non-Financial Risk Management on financial institutions andmain trends on the market-Erekle Tolordava and Hans Lohrmann2. “Non-Financial Risk – Incident Management” – Incident Management is ahomework for any institution, but most of them struggle to establish a soundincident management process. In our article we provide some key elements fora sound incident management process.-Erekle Tolordava, Crispijn Groeneveld and Marco Meyer3. “Risk culture: from reactive to preemptive” – one of the key trends on themarket is the increased focus on improved risk culture, to pro-actively preventNon-Financial risk incidents. -Erekle Tolordava, John Giurgius, Christopher Beck and Dr. Rita Motzigkeit4. “The changing face of Operational Risk” – The risks facing financial servicesplayers are multiplying and evolving. Creating a dynamic and proactive riskculture is essential to prevent serious losses.-Erekle Tolordava, Dr. Rita Motzigkeit and Kerem Cigerli4
1. Non-Financial Risk: be a pioneer in key areasbefore you lead the list of finesIn 2018 the sum of fines for the threelargest infringements of non-financialrisk regulations among Europeanbanks amounted to 5,420,000,000.Losses caused by Non-FinancialRisks are increasing at an alarmingrate worldwide. Non-Financial Risk (NFR) is one ofthe essential drivers of risk within abank. In recent times these risks haveincreasingly become the root causeof significant losses. Between 2011and 2017 alone, the total amount ofNFR-related losses amounted to morethan EUR 500 billion. In particular, themain reasons for this can be tracedto inadequate or failed managementapproaches of internal processes,systems, human error and externalevents. Non-Financial Risk can quicklytake on large proportions and spreaddeep within the business. When thisoccurs NFR can also indirectly affectbusiness areas not directly involvedwith the NFR incident. New risks, suchas cyber risk and contract risk, cannegatively affect a company’s image. The increasing rate of NFR incidenceis a call to action, with companiesnow attacked every 14 seconds bycyber-attacks. In fact, the average costof lost and stolen data due to databreaches amounts to 125,000 perperson. Only the following holistic approachwill provide sustainable security andminimize Non-Financial Risk. The foundation for mitigating nonfinancial risk will be anchored with theorganization in the form of specializedgovernance and cultural change. Changes to internal and externalconditions and the consequentimpact on an organization’s risksituation require an adjustment to theorganizational structure used for riskmanagement. More than ever, the organizationmust react to new and increased NonFinancial Risk events. For this purpose,dedicated teams of specialistsfor Non-Financial Risks must beestablished. Their role is foremostto manage risk of new dangers fromcyber-attacks across the entire riskmanagement process. To support the establishment ofspecialist teams, it is necessaryto closely integrate them withoperational employees. A highlevel of awareness and expandedawareness must be created. Changein organization and governance canonly be ensured in the long termthrough cultural change. Talentedrisk managers must be brought to theorganization who are familiar with thenew data-driven approaches and thetechnologies available on the market. 5
Non-Financial Risk are constantly evolving in terms ofscale and complexity and should be examined acrossfour fundamental areas. Non-Financial Risk never stands still. Due to internal andexternal influences, it is subject to constant change whichcan lead to assessments of low risk today but assumedangerous proportions tomorrow. A continuous evaluation of NFR is required. Evaluationand risk mitigation can be significantly improvedby standardizing, harmonizing and automating theunderlying processes. In addition, a clear definition and allocation of NFRs tospecific business areas as well as an evaluation of theirpotential business impact is of great relevance. This is theonly way to assign specific controls to individual NFRs andestablish an optimal control environment for risk mitigation. In order to not only evaluate existing risks and takeprecautions before an incident occurs, but also to reactquickly to the incidents and make deductions for the future,it is important to establish modern technology. Strategic orientation of organization & EMENTSupported by modern technology based on artificial intelligenceAppropriate tools must be carefully selected andimplemented in the daily business process. Modern tools for risk forecasting and operational riskefficiency, supported by artificial intelligence, must beestablished to establish an efficient Non-Financial Riskmanagement process. Only new types of technology canrespond adequately to new needs. A first step, for example,is the establishment of a comprehensive database thatidentifies individual risks in detail, derives a reasonableclustering and assigns appropriate controls. Only throughthe holistic recording of potential risks and events is itpossible to include artificial intelligence. 6The authors strongly believe that Non-Financial Riskmanagement provides the basis not only for selectiveoptimization, but also for holistic alignment of riskmanagement with current requirements. This holisticapproach can raise a bank’s performance to a new level.Banks can overcome the challenges involved in thetransformation of risk management to include NonFinancial Risk by a reasonable effort. Capgemini Invent, withexperience in NFR management in more than 15 Europeancountries, can support this process with a variety of projectsand expertise.
2. Non-Financial Risk: Incident ManagementData availability is fundamental for effectiveincident management. Incident management in Non-Financial Risk Management(NFRM) encompasses the identification, capture, andanalysis of risks and the elaboration of respective actions.The establishment of an effective incident managementsolution promotes faster response to risks, and makes itpossible to proactively address potential vulnerabilities andprevent further incidents. It identifies potential sources ofrisks (e.g., implementation of a new product, outsourcingof services, external incidents, etc.), provides the necessarydata, and triggers subsequent risk assessments in everyimpacted unit. In one word, sound incident managementsimplifies Non-Financial Risk Management. In addition,process efficiency and effectiveness can be increasedthrough the use of new technologies. Data availability is fundamental for effective incidentmanagement. At Capgemini Invent, we are pleased toprovide you with structural recommendations based onthe cross-sector best practices discovered during ourvarious projects across Europe: Common taxonomy: Development of a mutually exclusive and comprehensivelyexhaustive risk taxonomy of actual risk events and aneffective risk identification process; alignment of thetaxonomy with external sources to facilitate the integrationof external data into the internal (incident) database. Governance and organization: This involves establishing a clear structure with explicitownership and responsibilities along the three lines ofdefense. In particular, the responsibilities between the firstand second lines of defense should be clearly articulatedwithin the organization and a permanent control teamshould be created to review the activities and controlsperformed by the first line and to report to both thefirst and second lines in order to permanently monitoroperational risks and promote a sound risk culture. People and culture: This involves living a culture that recognizes the importanceof managing Non-Financial Risks to the extent thateverybody in the organization is aware of the risks triggeredby their activities regardless of whether they are directlyor indirectly affected by them. One of the best practicesto support risk culture is the establishment of a respectiverisk culture entity in the organization. The entity should besponsored by different departments, such as Risk, Legal,Compliance, and HR. Beyond that, the community shouldfoster knowledge sharing, leverage best practices, andencourage actively challenging existing methods.Technology and tools: This involves implementing tools supported by newtechnologies to examine historical data on losses andto identify (potential) correlations and patterns. Newtechnology will also help to maintain a more complete riskinventory and better integrate external data (e.g., such asthe data from ORX).7
In addition to the above-listed prerequisites, incidentmanagement furthers improves when best practices areimplemented: Risk identification and documentation When identifying an incident, a comprehensive picture ofthe incident must be captured. Appropriate governance andorganization, combined with the right people and culture,leverage the identification process. Lastly, a well-developedrisk taxonomy facilitates clear and appropriate categorization. Assessment and documentation of root causes Every identified incident must be analyzed to its root cause.Storing this information in a central database promotesan accelerated initial analysis and makes it possible toproactively reduce incident frequency and solve the rootcause of every NFR problem. Documentation of (potential) impacts of eachincident The impact of each incident to the enterprise is documented,resulting in measurable outcomes, making resultscomparable and improving audit tracking. 8Creation of an action plan The fundamental remediation of historical incidents is asolid basis to prevent potential incidents in the future. Everyremediation action should be defined by considering thelink between the root cause and the (potential) impactof each incident and it should target failing controls andprocesses. Remediation actions can vary, from automatingfailing processes to questioning management bonuses, byrepeatedly incurring incidents. Incident management using modern applications A solid incident management tool supports the above bestpractices and provides a dashboard with customizableoutputs to track and report incidents. Automated mailtriggers include escalation and security processes. To furtherimprove the identification, documentation, and assessmentof incidents, the possibility to couple big data with advancedanalytics. This can be further enhanced by using naturallanguage processing and optical character recognition.Machine learning, APIs, knowledge base, and SLAs supportshould also be facilitated.
3. Risk Culture: from Reactive to PreemptiveOrganizations with a preemptive risk culture are betterequipped to mitigate, minimize, and avoid risks due tothe proactivity and risk awareness of their associates. The recent evolution of risk culture Most companies have extensive experience with riskmanagement, and financial institutions firmly belong inthis group. However, the 2008 financial crisis demonstratedthat financial institutions had behavioral shortcomings withrespect to how risk and internal controls were measured andapplied – often in contrast to formal process protocols. Thisbehavior led to unimaginable consequences and contributedto the deepening of the financial crisis. Regulators deviseda number of post-financial crisis measures to close this gap,including a formal guidance on how financial institutionsmust maintain a risk culture. Many chief level executives regard this evolution as a genuineopportunity to make their organizations more sustainableand resilient in the face of future crises. They engaged inserious self-assessment of their risk cultures, determinedwhere deficiencies existed, and then began the long-termprograms necessary to transform their organization’sbehaviors related to risk. By doing so, COOs, CROs, CEOs andboards became proactive in discussing the internal tradeoffsfor risk and control. By setting up the top management tonecommunicated to internal stakeholders giving directionto the overall organizational risk culture, they managed tomake the cultural aspects of risk issues more visible, betterunderstood, and more widely accepted across the entireorganization. The top management tone also allowed themthe opportunity to reestablish credibility with regulatorsand the public while they continued to fulfill their essentialmandate within the economy. Financial institutions thusformalized company preemptive cultures centered aroundself-awareness of risk. This risk awareness is the coreinstrument designed to ensure their overall stability andsustainability into the future. Risk culture is the combinationof the awareness, behavior, competencies, and expertiseexercised within the context of the technologies and dataquality used to perform daily tasks. Preemptive risk culture stresses the proactivity of internalstakeholders by enabling them through well-communicatedrisk governance mechanism. The aforementionedproactivity is further empowered by clearly defined riskmanagement processes. The pandemic and risk culture The pandemic is resulting in a global economic recessionthat could lead to permanent shifts in competition acrossthe global business landscape. Although it is too soon toknow how a recovery will play out, we do know that firmswith mature risk cultures are better equipped to navigatethe economic downturn to ensure their survival. Weexpect risk culture maturity to receive increased attentionfrom regulators in the upcoming months. Consequently,organizations should focus their attention to enhancetheir risk culture, thus ensuring competitiveness andregulatory compliance. Risk culture in dynamically changing world The development of preemptive risk culture in all types ofcompanies – not only limited to financial institutions – willbe immensely valuable in helping companies adapt tothe dynamically and continuously changing operationalecosystem. Our experience in improving risk culture hasled us to conclude the following key findings that indicate amature risk culture setup: 1.Review and update risk appetite statement in alignmentwith corporate strategy. 2.Set up a risk governance mechanism that promotesself-awareness, track risk metrics, and hold employeesaccountable in conjunction to incentivizing them toproactively operate with enhanced risk awareness. 3.Design risk management processes and seekaccreditation such as IEC 31010:2019 & ISO 31000:2018(relevant for FS and non-FS). 4.Improve risk processes continuously, communicate andeducate employees about risk awareness. 5.Enhance operational efficiency to ensure highdata quality leading to better risk identification,measurement, and assurance. 6.Proactively invest in risk management IT systems toincrease resilience to unidentified risks and visibility intracking identified risks.9
Innovative RiskManagmentRisk Minimization/AvoidanceOptimal RiskMgmt ProcessesSecuring BusinessViabilityImproved RiskMgmt ControlsEstablishing end-2-end preemptive risk cultureRisk AssuranceStrategyRisk ApetiteDesign & BuildImproveRisk ReportingRisk Mgmt Decision(Avoid, Minimize or Mitigate)Risk Measurement& AnalysisRisk PeopleTechnologyCorporatestrategyRisk ApetiteStatementStatutory / Standards / PoiliciesBusinessstrategyRisk LimitsSystems & Technology InfrastructureRoles &ResponsibiltiesCapabilities / Competencies / CapacityGRC functionProcess / Procedures / ControlsGovernance / PeopleCIPTop Mgmt ToneCommunicateEducate ProactivityKPIs/ AccountabilityIncentivizeLearnPeople &MindsetChangeTransformation &RiskAwarnessData foundationNext steps – and validation for a solid preemptiverisk culture The concept of the risk culture should be a core part of acompany’s strategy. Companies can benefit from actingon the lessons learned by financial institutions in the 2008financial crisis and be proactive given the reactions taken byregulators to curb the behavioral shortcomings of financialinstitutions. Many financial institutions are already at thebeginning of the risk culture journey and we are expecting anincrease in efforts to enhance risk culture maturity to copewith market changes. 10First, a functioning preemptive risk culture enablesthe entire corporation to solve risk problems andtake actions at an individual level. In an economicenvironment where the full scope of risks is not known,this capability will become a vital asset to bolster thefirm’s ability to react to disruption. Second, organizations that establish a maturepreemptive risk culture can better manage their risksand reduce risk of failure, even when they must deal withextreme unexpected events. Third, building a mature preemptive risk culture is adynamic and continuous process that requires time,patience, and effort, but it offers long-lasting resilienceduring times of financial stress. Fourth, to build an organization that is stable andsustainable over a long period of time, risk cultureis essential. Even outside the scope of the currentpandemic, recent years have seen an increase in naturaldisasters, incidences of cyberattacks and data breachesthat are becoming more and more prevalent. Fifth, in a business system that is set up to anticipateas much as possible and be flexible with procedureswhen the worst happens, coping mechanisms withinrisk cultures become second nature for employees andmanagers alike. Preemptive risk culture would not only enable organizationsto resiliently thrive within uncertain and constantly changingenvironment, but it would rather create a competitiveadvantage providing an edge of swiftly and efficientlyswaying through unfavorable market movements whetherexogenous or endogenous.
4. The changing face of Operatinal RiskThe risks facing financial services players aremultiply-ing and evolving. Creating a dynamicand proactive risk culture is essential to preventserious losses.In shortFrom the ever-present threat of cyber-attack, to theunexpected and sudden impact of a global pandemic,operational risk is a fact of life in the financial industry. Andwhile oper-ational risk management is critical, the practice isstill in its infancy.Despite this immaturity, its relevance is highlighted by thecontinuous revisions and re -views published by the BaselCommittee on Banking Supervision (the Committee). Theirmore recent being the publication of a consultative paperwith proposed updates to the Principles for the SoundManagement of Operational Risk (PSMOR), as well as thenewly minted Principles for Operational Resilience (POR),both in 2020.Operational Risk ManagementFramework (ORMF)Identification and assessmentof operational risksAdditions and changes to the Principles for the SoundManagement of Operational Risk include: More details to each specification in each principle Fleshed out roles and responsibilities of the board of directors and senior management A fully new principle on Information andCommunication Technology (ICT)The Principles for Operational Resilience aim to:Both documents are at the forefront of current affairs in thisindustry and offer a glimpse of the regulatory challengesfinancial institutions will face in the future. In this article, weoffer an overview of the updates and new principles, andconsider the impact on Finance, Risk and Compliance (FRC)functions.Risk culture Improve banks’ ability to deliver critical operationsthrough disruptions Strengthen banks’ ability to absorb operational riskrelated eventsThe PSMOR: and then there were twelveSince the adoption of the PSMOR in 2011, the operationalrisks faced by financial institutions have increased andevolved. The current consultative paper addresses thischanged landscape in the following twelve principles:Board of directors:implementation ORMFChange managementControl and mitigationSenior managementMonitoring and reportingBusiness continuityICTDisclosureThe following additions are impending:The BCBS has published a paper on cyber security. Expanded requirements on risk culture, code ofconduct, and ethical be-haviorThe following changes were proposed: Explicit delineations of the roles and responsibilities ofthe board, senior management and the three lines ofdefense A comprehensive non-exhaustive list of tools to identifyand assess opera-tional risks, such as operational riskevent data, self-assessments, event data and scenarioanalyses A new principle (principle 10) addressing theimplementation of sound ICT: its aims, its maintenance,and the roles and responsibilities related to them A request for the inclusion of a standardized and fullydeveloped Operational Risk Management Framework(ORMF). A call for clear-cut definitions of processes and controlsregarding the re-view and approval for new products,processes, and systems and that these should bemonitored by a dedicated change manager Demands for the analysis of severe but plausibledisruption scenarios and the corresponding businesscontinuity planning (e.g.: thresholds, business impactanalysis, discovery and recovery procedures)11
The POR: brace for impactThe Principles for Operational Resilience were developedand proposed by the Committee to mitigate operationalrisks and to strengthen operational resilience in this industry.The latest updates aim to enable banks to deliver criticaloperations through disruption. Their objectives are asfollows:Promote a principles-based approach toimproving operational resilience – the abilityof a bank to deliver critical operations throughdisruption.Reflect any initial lessons learned from theimpact of the Covid-19 pandemic.Ensure that existing risk managementframeworks, business continuity plans, andthird-party dependency-managementare implemented consistently withinthe organization.The seven newly designed POR address many criticalincidents faced by financial institu-tions, amongst them theCovid-19 pandemic and a rise in cyber-attacks. The scope liesprimarily within:1.Governance2.Operational risk management3.Business continuity planning and testing4.Mapping interconnections and interdependencies5.Third-party dependency management6.Incident management7.ICT including cyber securityWith respect to ICT, the Committee sets requirementson how the physical and logical design of informationtechnology and communication systems need to be met bybanks. This includes the individual hardware and softwarecomponents, relevant data and the operating environment.Additionally, a documented ICT policy incorporating theincreas-ing issue of cyber security is expected from banks.When suggesting these principles, the Committeeconsidered third-party activities where failure would leadto the disruption of vital services. This was especially thecase with regard to major institutions with a high marketshare and globally interconnected opera-tions whereconsequences might represent a serious potential for dangerin terms of the non -functioning of the real economy and forfinancial instability.12Moreover, the POR require that banks reflect on any initiallessons learned from the im-pact of Covid-19 in order toimprove the pain points in their operations. Simultaneously,banks should ensure that their existing risk managementframeworks, business continuity plans, and third-partydependency-management are implemented consistentlywithin the organization.How will these changes affect the FRC function?There are three distinct challenges: risk culture, roles andresponsibilities and risk assessment.Risk culture includes setting standards and incentives forprofessional behavior. Roles and responsibilities refer toexplicitly delineating the roles and responsibilities of theboard and senior management, as well as the three linesof defense, by which we refer to a widely used model formanaging risk. Risk assessment comprises choosing andset-ting up the tools to identify and assess operational risks(e.g. event data, self-assessments, and scenario analyses).Responding to these challenges can require fun-damentalchanges both operationally and institutionally.At Capgemini Invent, we have many years of expertise inhelping financial intuitions en-sure regulatory compliancethroughout all corporate functions on a global level. Wehave drawn on this experience to develop enhanced riskmanagement solutions to tackling the three key challenges:Risk Culture: The concept of a risk cultureshould be a core part of a company’s strategy.Firms need to establish a mature preemptive riskculture to better manage their risks and reducerisks of failure, even when they are dealing withextreme unexpected events. The building of a risk culture is adynamic and ongoing process, which enables organizations toresiliently thrive within an uncertain and constantly changingenvironment. Getting this right can create a competitiveadvantage by providing the agility to quickly and efficientlynavigate through unfavorable market conditions, whetherexternal or internal to the financial industry. Find moredetails about our preemptive risk culture concept in our RiskCulture Blog.Roles and responsibilities: Understandingboth current and future roles and responsibilitiesin an organization is the first step in a businessoptimization process. Organizations need tobe clear on their degree of compliance withthe recently introduced Basel Committee on BankingSupervision (BCBS) requirements. To support our clientswith this, we have developed an extensive governmentaland organizational assessment providing guidance onensuring a compli-ant corporate structure. The CapgeminiInvent governmental and organizational assessment usescustomized questions to examine any compliance gap andhelps to prioritize remedial actions with the key stakeholders.
Risk assessment: The BCBS formulatedspecific risk management measures as part ofits ICT policy, including access controls, criticalinformation asset protection and identitymanagement, to ensure that appropriate riskmitigation strategies are in place. ICT, and cyber security inparticular, is embedded in an evolving threat land-scape. Arecent study highlights the extent of the average lossesfor dif
increased Non-Financial risks and provide best practices from European financial institutions. 1. "Non-Financial Risk: Be a pioneer in key areas before you lead the list of fines" - Impact of Non-Financial Risk Management on financial institutions and main trends on the market -Erekle Tolordava and Hans Lohrmann 2.
Dr. Brian Whitmore - Capgemini VR & AR meets Microservices Ben Scowen Capgemini Gary Baptist Capgemini Unblocking innovation and agility Roman De Oliveira Mulesoft 15:15 - 15:45 Driving transformation through insight Lee Brown Capgemini 15:45 - 16:15 16:30 - 17:00 SAS Viya: Rapid innovation in an open, connected world Paul Jones SAS Blockchain .
SAP and Capgemini are working together as part of this initiative to address the technological and organizational challenges of their clients going digital. Capgemini Digital Control Room Analytics leverages Capgemini’s proven Digital Transformation Framewo
cloud, ata, AI, connectivity, software, igital enineerin and latfors. The Group reported in 2020 global revenues of 16 billion. Get The Future You Want Visit us at www.capgemini.com MACS 3691_10-2021 For more details contact: Valérie Perhirin Managing Director, Insight Driven Enterprise - Capgemini Invent valerie.perhirin@capgemini.com
Capgemini had deployed Cisco ACE load balancers to load balance web, mail and other applications in the multi-tenant data center. "Capgemini shares the same hardware for a lot of different customers," says Sven Verbeek, Capgemini's technical consultant. A major requirement for new networking hardware is suitability for multi-tenancy; it
The risk management framework at CLP comprises four key elements: Risk ppetite Risk Management Proess Risk overnane Strtre Risk Management iosopy CLP's Risk Management Philosophy . In assessing the consequence of a risk, CLP considers Financial consequences, in addition to non-financial ones, comprising Safety and Health, Environment .
81. Risk Identification, page 29 82. Risk Indicator*, page 30 83. Risk Management Ω, pages 30 84. Risk Management Alternatives Development, page 30 85. Risk Management Cycle, page 30 86. Risk Management Methodology Ω, page 30 87. Risk Management Plan, page 30 88. Risk Management Strategy, pages 31 89. Risk
4 FINANCIAL RISK MANAGEMENT: MARKET RISK TOOLS AND TECHNIQUES RISK MANAGEMENT SYSTEM The core elements of a financial risk management system are: Risk identification — The first stage is to identify the risks to which the organization is exposed. Assessment — The scale of each identified risk is then estimated, using a mix of qualitative and quantitativeFile Size: 317KB
authority, or a substantial and specific danger to public health or safety. The underlying principle of the Air Force Merit Promotion Program is the identification, qualification evaluation, and selection of candidates made without regard to political, religious, labor organization affiliation, marital status, race, color, sex, national origin, non-disqualifying .
