JP Morgan Chase 2005 Annual Report Download - page 81

Download and view the complete annual report

Please find page 81 of the 2005 JP Morgan Chase annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 144

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144

JPMorgan Chase & Co. /2005 Annual Report 79
Operational risk management
Operational risk is the risk of loss resulting from inadequate or failed processes
or systems, human factors or external events.
Overview
Operational risk is inherent in each of the Firms businesses and support
activities. Operational risk can manifest itself in various ways, including errors,
business interruptions, inappropriate behavior of employees and vendors that
do not perform in accordance with outsourcing arrangements. These events can
potentially result in financial losses and other damage to the Firm, including
reputational harm.
To monitor and control operational risk, the Firm maintains a system of com-
prehensive policies and a control framework designed to provide a sound and
well-controlled operational environment. The goal is to keep operational risk at
appropriate levels, in light of the Firms financial strength, the characteristics
of its businesses, the markets in which it operates, and the competitive and
regulatory environment to which it is subject. Notwithstanding these
control measures, the Firm incurs operational losses.
The Firms approach to operational risk management is intended to mitigate such
losses by supplementing traditional control-based approaches to operational
risk with risk measures, tools and disciplines that are risk-specific, consistently
applied and utilized firmwide. Key themes are transparency of information,
escalation of key issues and accountability for issue resolution.
During 2005, the Firm substantially completed the implementation of Phoenix,
a new internally-designed operational risk software tool. Phoenix integrates
the individual components of the operational risk management framework
into a unified, web-based tool. Phoenix is intended to enable the Firm to
enhance its reporting and analysis of operational risk data by enabling risk
identification, measurement, monitoring, reporting and analysis to be done in
an integrated manner, thereby enabling efficiencies in the Firms management
of its operational risk.
For purposes of identification, monitoring, reporting and analysis, the Firm
categorizes operational risk events as follows:
Client service and selection
Business practices
Fraud, theft and malice
Execution, delivery and process management
Employee disputes
Disasters and public safety
Technology and infrastructure failures
Risk identification and measurement
Risk identification is the recognition of the operational risk events that
management believes may give rise to operational losses.
In 2005, JPMorgan Chase substantially completed a multi-year effort to
redesign the underlying architecture of its firmwide self-assessment process.
The goal of the self-assessment process is for each business to identify the
key operational risks specific to its environment and assess the degree to
which it maintains appropriate controls. Action plans are developed for
control issues identified, and businesses are held accountable for tracking
and resolving these issues on a timely basis.
All businesses were required to perform self-assessments in 2005. Going
forward, the Firm will utilize the self-assessment process as a dynamic risk
management tool.
Risk monitoring
The Firm has a process for monitoring operational risk-event data, permitting
analysis of errors and losses as well as trends. Such analysis, performed both
at a line of business level and by risk-event type, enables identification of the
causes associated with risk events faced by the businesses. Where available,
the internal data can be supplemented with external data for comparative
analysis with industry patterns. The data reported will enable the Firm to
back-test against self-assessment results.
Risk reporting and analysis
Operational risk management reports provide timely and accurate information,
including information about actual operational loss levels and self-assessment
results, to the lines of business and senior management.The purpose of these
reports is to enable management to maintain operational risk at appropriate
levels within each line of business, to escalate issues and to provide consistent
data aggregation across the Firms businesses and support areas.
Audit alignment
Internal Audit utilizes a risk-based program of audit coverage to provide an
independent assessment of the design and effectiveness of key controls over
the Firms operations, regulatory compliance and reporting. Audit partners
with business management and members of the control community in providing
guidance on the operational risk framework and reviewing the effectiveness
and accuracy of the business self-assessment process as part of its business
unit audits.