//
you're reading...
Information Security, IT & TECHNOLOGY

Regulatory Management and Measurement Rules


ISACA-Logo

The ISO 31000:2009, Basel III recommendations, the EU Capital Requirement Directives and the Own Risk and Solvency Assessment (ORSA)/Forward Looking Assessment of Own Risk (FLAOR) processes of Solvency II Directives profoundly affect the financing and the insurance of companies in all business sectors and local authorities.

US companies use US National Association of Insurance Commissioners (NAIC) recommendations based on the fundamental principles of ORSA; EU firms refer to FLAOR recommendations; and companies in other countries (e.g., Canada, Japan, China) refer to Solvency II as an international best practice.

This regulatory change began in June 2008 when the American International Group (AIG) faced a financial disaster. The risk maps and risk registers in place, usually under Basel II, were designed to capture incident data to calculate the relative value at risk (VaR) using a stochastic approach (statistics and probability). In this approach, VaR equals unexpected loss. Following the subprime mortgage crisis in 2008, clause 5 of ISO 31000:2009 recommended risk treatment from the point of view of the corporate manager and not from the point of view of the stochastic engineer. It is the cost accounting process of the absolute VaR (VaR = expected loss + unexpected loss) taking into account the risk appetite tolerance threshold.

In March 2012, as part of the NAIC Solvency Modernization Initiative (SMI), the NAIC voted to adopt a significant new addition to US insurance regulation:  ORSA. The manner of the calculations used in an ORSA report was left to the discretion of each insurer. This led to variations in the measurement techniques of ORSA among companies. The insurers were concerned because a hard and fast, one-size-fits-all solution does not exist. The output was specific to the company, and a set of documents should demonstrate the results of the self-assessment and understanding of own-risks.

The Information Technology-Investor Relationship Management (IT-IRM) proposes a standardized, logical process to the ORSA measurement. Our recent Journal article covers how this IT application makes ORSA a logical assessment based on real-time data, making risk controllable and assessable using the same base criteria for economic capital and the same indicators, factors or the causes as the determinants of operational risk.

Read Simon Grima, Robert W. Klein, Ronald Zhao, Frank Bezzina and Pascal Lélé’s recent Journal article:
Strengthening Value and Risk Culture Using a Real-time Logical Tool,” ISACA Journal, volume 3, 2016.

[ISACA Journal Author Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 113,418 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,954 other followers

Twitter Updates

Archives

May 2016
M T W T F S S
« Apr   Jun »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
%d bloggers like this: