Barclays 2004 Annual Report Download - page 70

Download and view the complete annual report

Please find page 70 of the 2004 Barclays annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 256

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256

Risk management
Management of operational risk and business risk
68
Operational and business risks are inherent in Barclays operations and
are typical of any large enterprise.
Operational Risk is the risk of direct or indirect losses resulting from
inadequate or failed internal processes or systems, human factors,
or from external events. Major sources of operational risk include:
operational process reliability, IT security, outsourcing of operations,
dependence on key suppliers, implementation of strategic change,
integration of acquisitions, fraud, error, customer service quality,
regulatory compliance, recruitment, training and retention of staff,
and social and environmental impacts.
Business Risk is the risk of adverse outcomes resulting from a weak
competitive position or from poor choice of strategy, markets,
products, activities or structures. Major potential sources of business
risk include: revenue volatility due to factors such as macro-economic
conditions; inflexible cost structures; uncompetitive products or
pricing; and structural inefficiencies.
Barclays is committed to the advanced management of operational
and business risks. In particular, we are implementing advanced
management and measurement approaches for operational risk
to strengthen control, improve customer service and minimise
operating losses.
It is not cost effective to attempt to eliminate all operational and
business risks and in any event it would not be possible to do so.
Events of small significance are expected to occur and are accepted as
inevitable; events of material significance are rare and the Group seeks
to reduce the risk from these in a framework consistent with its agreed
risk appetite.
Responsibility for and Control of Operational Risk
Barclays has a Group Operational Risk Framework, which is consistent
with and part of the Group Internal Control and Assurance Framework.
Board Governance Standards have been established for all key areas of
identified risk. These Standards are high-level articulations of the
Board’s risk control requirements. The Standards applicable to
operational and business risks are: Brand Management, Capital
Planning, Corporate Responsibility, Financial Crime, Financial
Reporting, Tax and Budgeting, Legal, Operations, People Management,
Regulatory Compliance, Change and Strategic Planning.
Responsibility for implementing and overseeing these policies is to be
found throughout the organisation as follows:
The prime responsibility for the management of operational risk
and the compliance with Board Governance Standards rests with
the business and functional units where the risk arises. Front-line
risk managers are widely distributed throughout the Group in
business units. They service and support these areas assisting line
managers in managing these risks.
Business Risk Directors in each business are responsible for
overseeing the implementation of and compliance with
Group policies.
Governance and Control Committees in each business monitor
control effectiveness. The Governance and Control Committee
receives reports from the committees in the businesses and
considers Group-wide control issues and their risk mitigation.
A Standard Owner agrees responsibility for each Board Governance
Standard, agrees policy and provides advice to business managers
Group-wide. Each monitors and reports upon the application of
their Standard.
In the corporate centre, the Operational Risk Director oversees the
range of operational risks across the Group in accordance with the
Group Operational Risk Framework.
The Internal Audit function provides assurance for operational
risk control across the organisation and reports to the Board and
senior management.
The Management and Measurement of Operational Risk
Risk Assessment – A consistent approach to the identification and
assessment of key risks and controls is undertaken across all business
units. Scenario analysis and self-assessment techniques are widely
used by business management for risk identification and for evaluation
of control effectiveness and monitoring capability. Business
management determines whether particular risks are effectively
managed within business risk appetite and otherwise take remedial
action. The risk assessment process is consistent with COSO principles.
Risk Event Data Collection and Reporting – A standard process is used
Group-wide for the recognition, capture, assessment, analysis and
reporting of risk events. This process is used to identify where process
and control requirements are needed to reduce the recurrence of risk
events. Risk events are loaded onto a central database and reported
monthly to the Risk Oversight Committee.
Barclays also uses a database of external public risk events to assist in
risk identification and assessment.
Reporting – Business units are required to report on both a regular
and an event-driven basis. The reports include a profile of the key risks
to their business objectives, control issues of Group-level significance,
and operational risk events. Specific reports are prepared on a regular
basis for the Risk Oversight Committee, the Board Risk Committee and
the Board Audit Committee. In particular the Group Operational Risk
Profile Report is provided quarterly to the Risk Oversight Committee.
Economic Capital – Methodologies are used for both operational and
business risks to calculate risk sensitive capital allocations. These are
allocated to business units which incur risk-based capital charges,
as a consequence, providing an incentive to manage the risk within
appetite levels. Additional investment is being made to enhance the
Operational Risk Capital model to improve risk sensitivity and to
obtain approval to apply the Advanced Measurement Approach (AMA)
under the Basel II Accord when that option first becomes available
in 2008.