Barclays 2011 Annual Report Download - page 154

Download and view the complete annual report

Please find page 154 of the 2011 Barclays annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 286

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286

Risk management
Operational risk management continued
The operational risk framework comprises a number of elements which
allow Barclays to manage and measure its Operational risk profile and to
calculate the amount of operational risk capital that Barclays needs to hold
to absorb potential losses. The minimum, mandatory requirements for
each of these elements are set out in the Group Operational risk policies.
This framework is implemented across the Group: vertically, through the
organisational structure with all Business Units required to implement and
operate an operational risk framework that meets, as a minimum, the
requirements detailed in these operational risk policies; and horizontally,
with the Group Key Risk Owners required to monitor information relevant
to their key risk from each Operational Risk Framework element.
Barclays operates within a robust system of internal control that
enables business to be transacted and risk taken without exposure to
unacceptable potential losses or reputational damage. To this end,
Barclays has implemented the Group Internal Control and Assurance
Framework (GICAF) which is aligned with the internationally recognised
Committee of Sponsoring Organisations of the Treadway Commission
Framework (COSO).
The prime responsibility for the management of operational risk and the
compliance with control requirements rests with the business and
functional units where the risk arises. Operational risk managers are
widely distributed throughout the Group and support these areas,
assisting line managers in understanding and managing their risks.
The Operational Risk Director (or equivalent) for each Business Unit is
responsible for ensuring the implementation of and compliance with
Group Operational Risk policies.
The Group Operational Risk Director is responsible for establishing,
owning and maintaining an appropriate Group-wide Operational Risk
Framework and for overseeing the portfolio of operational risk across the
Group.
The Operational Risk Committee (ORC) is the senior executive body
responsible for the oversight and challenge of operational risk in Barclays.
The Group Operational Risk Executive Committee (GOREC) assists with
this oversight. GOREC is a sub-committee of the ORC, the output of which
is presented to the BRC.
In addition, Governance and Control Committees (G&CCs) in each
business monitor control effectiveness. The Group G&CC receives reports
from these committees and considers Group-significant control issues
and their remediation. The Group G&CC presents to the Board Audit
Committee (BAC).
Business units are required to report their operational risks on both a
regular and an event-driven basis. The reports include a profile of the
material risks to their business objectives and the effectiveness of key
controls, control issues of Group-level significance, operational risk events
and a review of scenarios and capital. Specific reports are prepared on a
regular basis for GOREC, ORC, BRC and BAC.
The Internal Audit function provides further independent review and
challenge of the Group’s operational risk management controls, processes
and systems and reports to the Board and senior management.
Operational risk management
The Barclays Operational Risk Framework is a key component of GICAF
and has been designed to meet a number of external governance
requirements including Basel, the Capital Requirements Directive and
Turnbull. It also supports the Sarbanes-Oxley requirements.
The Operational Risk framework includes the following elements:
Risk assessments
Barclays identifies and assesses all material risks within each business unit
and evaluates the key controls in place to mitigate those risks. Managers
in the business units use self-assessment techniques to identify risks,
evaluate the effectiveness of key controls in place and assess whether the
risks are effectively managed within business risk appetite. The businesses
are then able to make decisions on what, if any, action is required to
reduce the level of risk to Barclays. These risk assessments are monitored
on a regular basis to ensure that each business continually understands
the risks it faces.
Risk events
An operational risk event is any circumstance where, through the lack
or failure of a control, Barclays has actually, or could have, made a loss.
The definition includes situations in which Barclays could have made a
loss, but in fact made a gain, as well as incidents resulting in reputational
damage or regulatory impact only.
A standard threshold is used across the Group for reporting risk events
and as part of our analysis we seek to identify where improvements are
needed to processes or controls, to reduce the recurrence and/or
magnitude of risk events.
Barclays also uses a database of external risk events which are publicly
available and is a member of the operational risk data eXchange (ORX),
a not-for-profit association of international banks formed to share
anonymous loss data information. Barclays uses this external loss
information to support and inform risk identification, assessment and
measurement.
Key indicators
Key Indicators (KIs) are metrics which allow Barclays to monitor its
operational risk profile. KIs include measurable thresholds that reflect
the risk appetite of the business. KIs are monitored to alert management
when risk levels exceed acceptable ranges or risk appetite levels and
drive timely decision making and actions.
Key risk scenarios
By combining data from risk events, risk assessments and key indicators
with that from audit findings, expert management judgement and other
internal data sources, Barclays is able to generate Key Risk Scenarios
(KRSs). These scenarios identify the most significant operational risks
across the Group. The KRSs are validated at business unit and Group level
to ensure that they appropriately reflect the level of operational risk the
business faces.
Barclays shares and receives an anonymous sub-set of KRS information
with the ORX community in order to compare and contrast scenario
analysis with peers.
Insurance
As part of its risk management approach, the Group also uses insurance
to mitigate the impact of some operational risks.
152 Barclays PLC Annual Report 2011 www.barclays.com/annualreport