JP Morgan Chase 2006 Annual Report Download - page 83

Download and view the complete annual report

Please find page 83 of the 2006 JP Morgan Chase annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 156

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156

JPMorgan Chase & Co. / 2006 Annual Report 81
OPERATIONAL RISK MANAGEMENT
Operational risk is the risk of loss resulting from inadequate or failed processes
or systems, human factors or external events.
Overview
Operational risk is inherent in each of the Firm’s businesses and support
activities. Operational risk can manifest itself in various ways, including errors,
fraudulent acts, business interruptions, inappropriate behavior of employees
or vendors that do not perform in accordance with outsourcing arrangements.
These events could result in financial losses and other damage to the Firm,
including reputational harm.
To monitor and control operational risk, the Firm maintains a system of com-
prehensive policies and a control framework designed to provide a sound and
well-controlled operational environment. The goal is to keep operational risk at
appropriate levels, in light of the Firm’s financial strength, the characteristics
of its businesses, the markets in which it operates, and the competitive and
regulatory environment to which it is subject. Notwithstanding these
control measures, the Firm incurs operational losses.
The Firm’s approach to operational risk management is intended to mitigate such
losses by supplementing traditional control-based approaches to operational
risk with risk measures, tools and disciplines that are risk-specific, consistently
applied and utilized firmwide. Key themes are transparency of information,
escalation of key issues and accountability for issue resolution.
The Firm’s operational risk framework is supported by Phoenix, an internally
designed operational risk software tool. Phoenix integrates the individual
components of the operational risk management framework into a unified,
web-based tool. Phoenix enhances the capture, reporting and analysis of
operational risk data by enabling risk identification, measurement, monitor-
ing, reporting and analysis to be done in an integrated manner, thereby
enabling efficiencies in the Firm’s monitoring and management of its opera-
tional risk.
For purposes of identification, monitoring, reporting and analysis, the Firm
categorizes operational risk events as follows:
• Client service and selection
• Business practices
• Fraud, theft and malice
• Execution, delivery and process management
• Employee disputes
• Disasters and public safety
Technology and infrastructure failures
Risk identification and measurement
Risk identification is the recognition of the operational risk events that
management believes may give rise to operational losses.
All businesses utilize the Firm’s newly redesigned firmwide self-assessment
process and supporting architecture as a dynamic risk management tool. The
goal of the self-assessment process is for each business to identify the key
operational risks specific to its environment and assess the degree to which it
maintains appropriate controls. Action plans are developed for control issues
identified, and businesses are held accountable for tracking and resolving
these issues on a timely basis.
Risk monitoring
The Firm has a process for monitoring operational risk-event data, permitting
analysis of errors and losses as well as trends. Such analysis, performed both
at a line-of-business level and by risk-event type, enables identification of the
causes associated with risk events faced by the businesses. Where available,
the internal data can be supplemented with external data for comparative
analysis with industry patterns. The data reported enables the Firm to back-
test against self-assessment results. The Firm is a founding member of the
Operational Risk Data Exchange, a not-for-profit industry association formed
for the purpose of collecting operational loss data and sharing data in an
anonymous form and benchmarking results back to members. Such informa-
tion supplements the Firm’s ongoing operational risk analysis.
Risk reporting and analysis
Operational risk management reports provide timely and accurate information,
including information about actual operational loss levels and self-assessment
results, to the lines of business and senior management. The purpose of these
reports is to enable management to maintain operational risk at appropriate
levels within each line of business, to escalate issues and to provide consistent
data aggregation across the Firm’s businesses and support areas.
Audit alignment
Internal Audit utilizes a risk-based program of audit coverage to provide an
independent assessment of the design and effectiveness of key controls over
the Firm’s operations, regulatory compliance and reporting. Audit partners
with business management and members of the control community in providing
guidance on the operational risk framework and reviewing the effectiveness
and accuracy of the business self-assessment process as part of its business
unit audits.
PRIVATE EQUITY RISK MANAGEMENT
Risk management
The Firm makes direct principal investments in private equity. The illiquid nature
and long-term holding period associated with these investments differentiates
private equity risk from the risk of positions held in the trading portfolios.
The Firm’s approach to managing private equity risk is consistent with the
Firm’s general risk governance structure. Controls are in place establishing
target levels for total and annual investment in order to control the overall
size of the portfolio. Industry and geographic concentration limits are in place
and intended to ensure diversification of the portfolio; and periodic reviews
are performed on the portfolio to substantiate the valuations of the invest-
ments. The valuation function within Market risk management that reports
into Finance is responsible for reviewing the accuracy of the carrying values of
private equity investments held by Private Equity. At December 31, 2006, the
carrying value of the private equity businesses was $6.1 billion, of which $587
million represented positions traded in the public market.