Ernst & Young and J.P. Morgan have partnered to create an Internet-based operational risk tool designed to help companies and financial services firms better clarify and manage their operational risk such as a systems outage or error. Chris Karow, partner at Ernst & Young's risk management and regulatory practice, says the software, called Horizon, is a self-administering tool that helps
businesses reassess the way they look at operational risk. The system can be used to identify and evaluate the level of risk that exists within any business, identifying those risks that have been intentionally accepted as prudent business risks, and those that need to be managed more effectively. For those risks that need to be managed more effectively, the system requires action plans to be created, and the software then tracks and reports the progress against those action plans, Karow says.
J.P. Morgan, which developed the performance control self-assessment tool, is currently the only institution using the system, and has been doing so for the last six months. Karow notes that Ernst & Young has shopped the system to over 100 companies, both Fortune 500 and some of the top 25 global financial institutions. He says the partnership is close on a few deals, but would not name the potential clients.
Horizon is based on Oakland, Calif.-based Vision's Jade, which is rules-based software that manages the interaction between the pure Java code running on a user's desktop and the relational database running on an intranet/Internet server. A user can access the application through a standard browser. Because the application stores the graphics and certain templates on the local computer, "the only thing that is passing across the Internet is the data, which is very thin," he says, emphasizing the speed of the system. "This is part of the challenge when you are trying to get someone to play ball, in terms of assessing themselves. If the application runs slow they won't play," he quips.
Karow explains that in the past most operational risk assessment has been done using Lotus spreadsheets or in other manual fashions. Horizon's goal is to replace time-consuming, labor-intensive, paper-based risk assessments with an automated set of controls and procedures that can be monitored from a single location. Karow points out that most control self-assessment programs rely too heavily on manual intervention and, as a result, are expensive and inefficient. Horizon automates this process-which he says results in a more accurate risk assessment at a lower cost.
The system can be used by all levels of an organization, but would most likely be used by process owners or department heads. Karow clarifies that a trader probably would not use the system, but the head of trading would. Karow says the cost depends on the organization, but it could range from "hundreds of thousands of dollars to many millions."
Although operational risk is defined in a number of ways, Karow notes that narrowly it is usually defined as "the risk of loss due to deficiency in information systems, business procedures or internal controls that may result in an unexpected loss." He adds that Horizon's framework can work with many definitions. As a result, the goal of the system is to help an organization better understand its risk profile, allowing them to run their business better.