Access the full text.
Sign up today, get DeepDyve free for 14 days.
Purpose – Due to increase in operational risk, banks are facing huge losses. In order to avoid losses, banks need to manage operational risk. This study aims to analyze the impact of operational risk management (ORM) processes, which include identification, assessment, analysis, monitoring and control in the presence of corporate governance (CG) that can also contribute to effective ORM practices. Design/methodology/approach – Operational risk management processes are used to manage operational risk along with CG. Primary data are collected through questionnaire from (167) operational risk managers of commercial banks. Multiple linear regressions has been run to analyze the data. Findings – Results indicate significant impact of CG and operational risk identification (ORI), monitoring and control on ORM practices in commercial banks of Pakistan. Originality/value – The study suggests policy makers to improve the ORM framework by CG. Beside this, in order to lessen operational risk, proper identification, monitoring and control of operational risk could also contribute. Keywords Operational risk management, Basel accord, SBP, Corporate governance Paper type Research paper 1. Introduction Operational risk is the risk of direct or indirect loss resulting due to inadequate external events and failed internal processes, people and systems (PWC, 1999). Operational risk is inherent in all banking products, activities, processes and systems. Effective management of operational risk has always been a fundamental element of a bank’s risk management programs. In September 1998, the Banking Committee on Banking Supervision (BCBS) published a document “Operational risk management” (ORM) in which operational risk is treated as a self-contained regulatory issue. It was acknowledged that large losses in banking industry are due to operational risk and can be avoided when they are identified, analyzed, monitored and controlled properly. Along with this, corporate governance (CG) also contributes to effective ORM. © Komal Altaf, Huma Ayub, Malik Shahzad Shabbir and Muhammad Usman. Published in Review of Review of Economics and Political Economics and Political Science. Published by Emerald Publishing Limited. This article is published Science under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, pp. 108-123 translate and create derivative works of this article (for both commercial and non-commercial purposes), Emerald Publishing Limited e-ISSN: 2631-3561 subject to full attribution to the original publication and authors. The full terms of this licence maybe p-ISSN: 2356-9980 DOI 10.1108/REPS-12-2019-0156 seen at http://creativecommons.org/licences/by/4.0/legalcode Due to weakened ORM, fraud and forgery cases are rapidly increasing in Pakistani The impact of banking sector for many years. As argued by Bastomi et al. (2017), poor CG and risk operational management are the main causes of bank. State Bank of Pakistan (SBP) has instructed banks risk to properly identify, analyze, monitor and control operational risk in order to reduce the level management of operational risk. The current study aims to analyze how ORM practices can be made more effective through ORM processes along with CG. The survey-based methodology has been used. The researcher intended to at least partly reduce the gap found through literature in the theme of the impact of CG and ORM processes on ORM practices of commercial banks in Pakistan. Continuity and success of banks depends upon ORM. Previous studies related to operational risk are not done on the Pakistani banking sector. Beside this, no study finds together the impact of CG and ORM processes on ORM. The current study attempts to fill this gap while keeping the ORM process and CG together that can determine the ORM practice of banks. Furthermore, it is clear from the above discussion that a dedicated study is required on ORM practices in Pakistan’s commercial banks. CG ensures that operational risk managers have resources for performing duties assigned to them, and they may work as an independent unit. The ultimate goal behind the establishment of an ORM unit is to decrease risk, not to increase profit. Briefly speaking, it is board of director’s responsibility that bank policies and strategies must be consistent with operational management practices. It is the duty of board of directors (BODs) to place an effective risk management system, which means that along with awareness on risks faced by bank, employees must also be aware of system which is placed to monitor and control risk. This shows that CG encompasses risk management in banking operations (Lam, 2001; Shabbir et al., 2020; Sobel and Reding, 2004). The findings of the study provide implications for effective CG in order to better manage ORM practices in banks. The study provides policy implications to SBP as a regulatory body for giving insights on current ORM practices of commercial banks Shabbir and Wisdom (2020). The study also suggests commercial banks to improve the ORM practices by involving governance body, i.e. (BODs, senior management). This study addresses the following questions such as, what is the impact of operational risk processes such as operational risk identification (ORI), operational risk assessment and analysis (ORAA) and operational risk monitoring and control (ORMC) on ORM in banks. Furthermore, what is the impact of CG through board of director and senior management on ORM in banking industry. This study aims to identify the impact of ORM practices and CG which mainly include: To investigate the impact of ORM processes on ORM practices in commercial banks of Pakistan. Moreover, at what extent the impact of CG on ORM practices in commercial banks of Pakistan. Furthermore, to investigate the impact of ORM processes, the main objective of the study, which may be specified as sub-objectives, is as follow: in order to determine the impact of ORI on ORM practices of commercial banks; to determine the impact of ORAA on ORM practices of commercial banks; and finally, the impact of ORMC on ORM practices of commercial banks. Lastly, the structure of paper is as follows: in section 2, literature is reviewed; section 3 illustrates the theoretical framework; in section 4, methodology has been discussed; section 5 shows the results, and in the last section, conclusion and recommendations have been given. 2. Literature review ORM has become one of the fastest-growing and most complex risk disciplines in banking industry (Koomson, 2011). In 2006 Basel Committee of Banking Supervision provide the operational risk definition as: “Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. This definition includes legal risk, but excludes strategic and reputational risk” According to REPS Hussain and Ajmi (2012), ORM includes all the procedures, policies, expertise and systems 7,2 that are required to manage all the risks occur due to financial transactions. Based on internal data loss, three approaches are used to calculate operational risk: basic indicator approach, standardized approach and the advanced measurement approach (Coetzee and Lubbe, 2014). Basel II and III encourage banks to identify, assess, measure, control and manage operational risk (Moosa, 2007; Shabbir, 2020). Pakhchanyan (2016) conducted a survey of the operational risk literature where he reviewed collected articles and identify studies that provide an overview of the operational risk literature, highlighting its importance and assessment methodologies. ORM processes includes: ORI, ORAA and ORMC ling. ORM initiated with its identification. Bocker and Kluppelberg (2005) suggest that the only feasible way to manage operational risk successfully is by identifying and minimizing it, which requires the development of adequate quantification techniques. It is a challenging issue to identify operational risk, as the factors of operational risk are not well defined (Muermann and Oktem, 2002). Both internal and external factors are included in risk identification process (Nastase et al., 2013). However, Wei (2007) suggested that “quantification of operational risk has been hindered by the lack of internal and external data on operational losses”. Geiger and Raghunandan (2002) propose that to identify operational risk, RIM (risk identification matrix) can be used. Identification tools comprised of: risk mapping, self-assessment, establishing key risk indicators and measurement processes (Nastase and Unchiasu, 2013). PWC (1999) also suggests that management may also identify operational risk through process mapping, in which business key processes are identified and mapped. According to Kuritzkes (2002) assessment of the operational risk is very crucial, for achieving the objectives, as objective establishment provide basis for determining how operational risk should be managed. “Top-down” single indicator method, “bottom-up” models including expert judgment and “causal models”, classical statistical approach are some methods used for measuring operational risk (Heinricj, 2006). Risk analysis involves analyzing risk type and outcomes of actions made. According to Herring (2002),there are different ways bank may use to identify and assess operational risk. These processes are: self-assessment, scorecards. According to Davies and Haubenstock (2002), banks are required to define their own approach, the scope of analysis and method used in analysis, either qualitative or quantitative. Banks are required to establish a guiding principle for the ORM process which guarantees that proper measure of operational risk is available in all bank business lines (Crouhy et al., 2003). According to Ishtiaq (2015) disclosure of information on time is necessary for banks, so that a reliable structure is provided to banks for the assessment of their operational risk monitoring. This can also be found from the case study by (Masenene, 2015)that information on operational risk must be communicated to right people and on right time. Firew (2013) argues that under bank guidelines for ORM, actual level of operational risk and operational risk tolerance level should compare. By this way, bank’soperational risk is continuously monitored and also would help to ensure that the bank’s operational risk level lies within acceptable range. In an operational risk context, a KRI is a metric that provides information on the level of exposure to some operational risk, at a given point in time. Preventive KRIs measure a rise in the causes of risk, either in probability (KRI of likelihood) or in potential impact should the risk materialize (Chapelle, 2019). Neifar and Jarboui (2018) suggest that Islamic banks shall disclose their ORM framework to inform stakeholders to know about the process of managing OR including the way that the bank identify, assess, monitor and control the OR and how effectively it manages this type of risk. Masenene (2015) also stated that the effectiveness of internal controls needs to monitor The impact of after their placement so that they could be function properly. According to Allen and Bali operational (2007), controlling operational risk is more important than market and credit risk. Control risk activities are placed to safeguard the execution of management directives (Andrew, 1995). management These policies and procedures help to ensure that risk is addressed and mitigating activities are used in order to achieve bank’s objectives. Kuritzkes (2002) argues that control activities must place in the functions of the bank at all levels. Masenene (2015,p.25) proposes that ORM system reliability depends upon the strength of its internal control processes and reporting system. In case banks unable to monitor and control operational risk, financial penalties are placed by the regulators (Mainelli, 2002; Shabbir, 2018a, b, c; Lewis, 2004). Kasim and Hussin (2010) argue that in banking operations there is close relationship between CG and risk management. “Corporate Governance” refers to corporate discipline. According to BIS (2006), ISACA (2009) governance, risk management and control (GRC) play a critical role in minimizing operational risk. Corporate failure results, due to inefficient risk management and inefficient CG, i.e. inefficient control of activities by the BODs (Manab et al.,2010). Al Hussiny (2010) argues that bank may use CG as risk mitigation strategy, to safeguard the interest of its stakeholders. According to Quon et al. (2012), Shahzad and Rehman (2015), risk management and CG are interdependent and interrelated. Good CG and effective risk management leads to improvement in bank performance (Manab et al.,2010; Shahzad and Zaman, 2016; Sobil and Reding, 2004). Van Greuning and Brajovic-Bratanovic (2009a, b) argued that for management of operational risk, CG process key players (like the director and executive managers) are responsible. It is observed that good ORM, senior management involvement and support is required who could give considerable attention to operational risk along with the allocation of resources (Davies and Haubenstock, 2002). Directing senior managers is the responsibility of BODs about setting tolerance level for operational risk and for all major areas of operations the establishment of correspondent processes, procedures, controls and systems (Ishtiaq, 2015). Firew (2013) proposed that for effective ORM by the operational risk managers, BODs may set out strategies, policies and guidelines. Neifar and Jarboui (2018) also suggest that Islamic banks shall encourage to ensure an effective risk culture because it is an important task for learning how to manage unexpected situations. A culture that is conducive to effective risk management urges open and upward communication, sharing of knowledge and best practices, continuous process improvement and a deep commitment to ethical and responsible business behavior. In light of the above literature, the current study aims to bridge the gap between the relationships of ORM, its processes and CG practice, which will provide a way to realize the vision of mitigating operational risks and optimizing the performance of banking sector. Thus the study is an empirical analysis of operational risks management and role of CG practice followed by the banking sector of developing economieslikePakistan. 3. Theoretical framework The relationship between proper identification, assessment and analysis, monitoring and control of operational risk and ORM takes center stage: in addition to this relationship, the study proposed that banks can improve their ORM through CG. The study will help to explain the cause-and-effect relationship between the operational risk process, CG and ORM in banks. Following framework has been proposed: REPS Operational risk 7,2 Identification H1 Operational risk H2 Assessment and Analysis Operational Risk Management Operational risk Monitoring H3 and controlling H4 Corporate Governance Board of directors Senior management Following hypothesis has been H1. There is a significant impact of operational risk identification on operational risk management. H2. There is a significant impact of operational risk assessment and analysis on operational risk management. H3. There is a significant impact of operational risk monitoring and control on operational risk management. H4. There is a significant impact of corporate governance on operational risk management. 4. Research methodology Sampling method and data collection process and techniques has been discussed in this section. One of the non-probability judgmental sampling techniques, expert sampling technique that has been used in this study is the best way to elicit the views of operational risk managers on the proposed cause an effect relationship of operational risk process and CG on ORM. The experts have demonstrable experience and expertise in the field of ORM in banks. However, 200 questionnaires were distributed among the operational risk managers, area managers, zonal head coordinator and risk managers of commercial banks in Rawalpindi and Islamabad. The questionnaire has been used to collect data for finding the impact of ORM processes and CG on ORM. All the questions were close-ended and five-point Likert scale has been used to get response against every item. Data have been analyzed in Statistical Package for Social Sciences (SPSS) to find data reliability, demographics and descriptive analysis to investigate correlation among variables and to perform regression analysis. The study empirically examine whether the processes of ORM such as the risk identification, risk assessment and analysis and risk monitoring and controlling leads to improved risk management or not. Where, results of the study confirm that the operational risk assessment and analysis (one of X) play an insignificant role toward the risk management which also highlight that X is different than Y. This is predominantly due to the fact that banks in Pakistan still lack behind on the assessment and analysis of operational risk in order to manage it effectively. This is mainly due to the reason that majority of banks are still using basic indicator approach to assessing operational risk however there is a strong need to adopt standardize or advance approach for the assessment of operational risk by employing qualitative techniques (audit findings, scorecards and self-assessment) and quantitative techniques (loss distribution, economic models) to better manage operational The impact of risk. Moreover, as we have incorporated the role of CG in the proposed framework therefore operational the regression analysis is suitable methodology. risk management 5. Findings and discussion The following section discusses the results of reliability analysis, demographic analysis, descriptive and normality analysis, Pearson correlation and multiple linear regression. 5.1 Reliability analysis Cronbach’s alpha (α), an internal consistency statistical tool is used by the researcher to measure the reliability as suggested by researchers (Pallant, 2013; Gujarati and Porter, 2009 and Shabbir, 2018a, b, c).Table 1 shows reliability measure values of all the variables, and it can be seen from the table that Cronbach’s alpha values for all variables are more than (0.60) which is in the acceptable range (Hair et al., 2006). 5.2 Demographic analysis Majority of the respondents were male, i.e. (76%). Most of the respondent’s age is between 30 and 39 years. None of the respondents fall in the age group of 40–49 and above. Work experience of majority of the participants is 16–20 years with a share of 37.7% in the total data. The highest education attained by the respondents is a master’s degree with a frequency and percentage of (121, 72.5%) (see Table 2). 5.3 Normality and descriptive analysis Table 3 depicts mean and standard deviation values of all the variables. Participants score highest mean score on ORI and ORAA (m5 3.974) and the lowest score on ORM (m5 3.8308). Highest standard deviation value for ORMC (0.5676) indicates variability in respondent’s response from the average (m 5 3.8915). Normality analysis is tested through skewness and kurtosis. Table 3 shows that data is normal as all values lie in the acceptable range, i.e. 1to þ1 for skewness and 3to þ3 for kurtosis. 5.4 Correlation Significant positive correlation is observed between all variables (p ≤ 0.01). Table 4 shows no problem of correlation among all the independent variables. 5.5 Multicollinearity Multicollinearity has been tested by employing both tolerance and VIF. The acceptable range of VIF and Tolerance, i.e. (<510 and >0.20) and Table 5 indicates that there is no issue of multicollinearity in the data. Variables No. of items Cronbach’s alpha (α) ORI 6 0.779 ORAA 6 0.750 ORMC 8 0.776 CG 6 0.738 ORM 9 0.750 Note(s): ORI 5 Operational risk identification, ORAA 5 Operational risk assessment and analysis, Table 1. ORMC 5 Operational risk monitoring and control, CG 5 Corporate governance, ORM 5 Operational risk Reliability analysis of management the study variables REPS Frequency Percentage frequency 7,2 Gender Male 127 76% Female 40 24% Age 18–29 years 65 38.9% 30–39 years 78 46.7% 40–49 years 24 14.4% Work experience <55 years 48 28.7% 6–10 years 35 21.0% 11–15 years 63 37.7% 16–20 years 10 6.0% Above 20 years 11 6.6% Education Undergraduate 3 1.8% Graduate 33 19.8% Master’s degree 121 72.5% Table 2. Demographic analysis PhD 10 6.0% Variables Mean St. Deviation Skewness Kurtosis ORI 3.974 0.563 0.505 0.967 ORAA 3.974 0.559 0.376 1.349 ORMC 3.891 0.567 0.368 0.380 CG 3.948 0.564 0.485 0.776 ORM 3.830 0.502 0.237 0.107 Note(s): ORI 5 Operational risk identification, ORAA 5 Operational risk assessment and analysis, Table 3. ORMC 5 Operational risk monitoring and control, CG 5 Corporate governance, ORM 5 Operational risk Descriptive and normality analysis management Variables ORI ORAA ORMC CG ORI 1 ORAA 0.441** 1 ORMC 0.537** 0.490** 1 CG 0.483** 0.511** 0.612** 1 Table 4. Correlation Note(s): **Correlation is significant at the 0.01 level (2-tailed) Variables Tolerance VIF ORI 0.651 1.537 ORAA 0.665 1.504 ORMC 0.530 1.887 Table 5. Multicollinearity CG 0.551 1.816 5.6 Multiple regression analysis The impact of The researcher done the regression analysis to measure the cause-and-effect relationship of operational multiple independent and one dependent variable. Independent variables ORI, ORAA, ORMC risk and CG regressed on dependent variables, i.e. ORM. management Y ¼ 0:206 X þ 0:019 X þ 0:121 X þ 0:451 X þ μi 1 1 2 3 4 Dependent variable ORM is measured by ORI, ORAA, ORMC and CG. Table 6 also shows values for these variables. The value for R 5 0.579, tells that 57.9% variance in ORM was explained by the desired model, while the remaining 42.1% variation is explained by other factors which the researcher does not include in this model. Rejection or acceptance of a hypothesis depends upon P value in regression analysis. If the value of P is greater than 0.1, it means that the hypothesis is rejected. Variables importance is indicated by beta coefficients. The beta coefficient for ORI with value 0.206 is showing that with one unit increase in ORI, there will be a 20.6% increase in ORM which shows an equal change in both constructs. The t value and the Sig. opposite ORI, i.e. (3.656, 0.000) indicate that variable is significantly contributing to the equation for predicting ORM (Sekaran, 2003). Therefore, hypothesis H1 is accepted. Acceptance of the hypothesis shows that banks are properly identifying and prioritizing operational risk. Commercial banks have developed procedures for identifying operational risk found in their products, procedures and they are working properly on the identification of external and internal events. Banks are instructed by SBP (2015) to identify risk through risk mapping, key risk indicators and self-assessment tools, results show that banks are using these tools to identify operational risk. The results are in line with the study of Ishtiaq (2015) that proper identification of operational risk legitimate the effective management of operational risk. Similar kind of relationship was also observed by Pearl-Kumah et al. (2014) in the banking sector of Ghana in which they identify a positive significant relationship between risk identification and risk management practices. The work of study is also supported by Al Hussiny (2010) and Masenene (2015, pp. 30-31) in the context of UAE banking industry and Dar-Es-Salaam selected banks respectively. The results of current study indicates that commercial banks in Pakistan are properly identifying operational risk as per Basel guidelines implemented by SBP to manage operational risk more effectively as mentioned by SBP in BPRD circular No. 4 on 20th May, 2014 that proper identification of operational risk is very essential for effectively managing operational risk and results are also in line with this statement that proper identification leads to good management. Beta coefficient value for ORAA is 0.019, which means that 1.9% increase in the dependent variable is due to ORAA which is a nominal charge, but in both constructs, equal change is predicted. T-value 0.342 along with significance level at 0.733 predicts that this variable has no significant impact on ORM (Sekaran, 2003). Therefore, H2 is rejected. From the analysis, an insignificant impact of ORAA on ORM indicates that banks still lack behind on the assessment and analysis of operational risk in order to manage it Independent variables Bt Sig. ORI 0.206 3.656 0.000 Table 6. ORAA 0.019 0.342 0.733 Regression analysis for ORMC 0.121 1.956 0.052 predictor variables and CG 0.451 7.368 0.000 operational risk Note(s): R 5 0.579; F(4, 162) 5 55.694. *p ≤ 0.1,**p ≤ 0.05, ***p ≤ 0.01 management effectively. Findings indicates that banks have no or less capabilities for assessing REPS operational risk through qualitative techniques (audit findings, scorecards and self- 7,2 assessment) and quantitative techniques (loss distribution, economic models), and they do not have contingency plans to minimize the losses in the event of severe business disruption Saleem et al. (2020). This is because of the reason that all the banks in Pakistan are using basic indicator approach and they do not reach on standardizing or advance approach where all of the above-mentioned techniques are used to analyze operational risk. Commercial banks are trying to follow these processes yet they are not able to do it. While they are managing operational risk through identification, monitoring and control with respect to basic indicator approach. From the above discussion and analysis, it is concluded that proper assessment and analysis of operational risk do not contribute to ORM as techniques used are of advanced approach and commercial banks of Pakistan are managing it through basic indicator approach. Whereas, (B 5 0.121) for ORMC reveal that one unit increase in ORMC leads to 12.1% increase in ORM, predicting equal change in both constructs. T-statistics value for this variable is 1.956 with significance value (p 5 0.052) also shows that ORMC is significantly contributing to the equation for predicting ORM practices (Sekaran, 2003). Hence, hypothesis H3 is accepted. Acceptance of hypothesis shows that commercial banks are monitoring actual level of operational risk with permissible level as supported by Firew (2013) in selected Ethiopian Commercial Banks for providing regular and timely feedback on daily basis. Beside this, they also had made plans for identified operational risk. Banks also made insurance to cover daily operational risk. Commercial banks in Pakistan are reporting operational risk-related matters on timely basis according to disclosure requirement of SBP Shabbir (2016). The results are in line with the study of Ishtiaq (2015) that proper monitoring and control of operational risk legitimate the effective management of operational risk. This is also supported by the work of Pearl-Kumah et al. (2014) in the Ghana banking industry and Masenene (2015, p. 28) in Dar-Es-Salaam selected banks. Kuritzkes (2002) also proposes that policies and procedures help to ensure that risk is address and mitigating activities are used in order to achieve bank’s objectives. According to fundamental principles of risk management framed by SBP, every bank should implement a comprehensive mechanism to monitor and control operational risk. An inference can be drawn while considering the significant impact of operational risk monitoring, and control on ORM practices that with effective monitoring and control of operational risk, it can manage properly. From the above discussion, it is concluded that proper monitoring and control of identified operational risk can improve ORM processes. The highest beta value is for CG (β 5 0.451) tells that with one unit increase in CG, there will be 45.1% increase in ORM. Relationship strength is described by (t) values. CG t value and the Sig. opposite CG, i.e. (7.368, 0.000) indicates that variable is significantly contributing to the equation for predicting ORM (Sekaran, 2003). Therefore, hypothesis H4 is accepted. A positive and significant relationship between the CG and ORM practices indicates that when senior management and BODs receive and review information on daily basis and according to that they set proper procedures and processes for providing direction to employees. It will result in effective ORM. This result is also confirmed from the study that good CG and effective risk management leads to improvement in bank performance (Manab et al., 2010; Muhammad et al., 2020; Nguyen et al., 2020; Sobil and Reding, 2004). Van Greuning and Brajovic-Bratanovic (2009a, b) argues that for management of operational risk, CG process key players (like the director and executive managers) are responsible. According to Arif and Shabbir (2019), Quon et al. (2012), risk management and CG are interdependent and interrelated. Koomson (2011) also confirms that good CG leads to effective ORM. According to The impact of Koomson (2011) managing operational risk is not the sole responsibility of directors or senior operational managers but everyone in the bank is equally responsible to manage operational risk. risk According to current study, when operational risk manage with governance body, it can be management manage more effectively. If operational risk mange effectively, there will be less forgery, fraud and less failure of systems. From all of the above discussion, it is concluded that ORM processes which include ORI, monitoring and control along with over sightedness of BODs and senior management involvement can improve the ORM practices in commercial banks. Thus, in this relation, only ORAA is not significantly adding to the prediction while other three variables are significantly predicting positive impact. 6. Conclusion and recommendation This study focuses on finding the impact of ORM processes and CG on ORM. Results indicate that proper identifying, monitoring and controlling, along with the studious attention of bank’s BODs and senior management will lead to effective ORM. Banks are using mapping techniques, key risk indicators and self-assessment tools for the identification of operational risk which increase the effective ORM at bank end. It is also concluded from the study that banks still lack behind on the assessment and analysis of operational risk to manage it effectively. This is mainly due to the reason that majority of banks are still using basic indicator approach to assessing operational risk however there is a strong need to adopt standardize or advance approach for the assessment of operational risk by employing qualitative techniques (audit findings, scorecards and self-assessment) and quantitative techniques (loss distribution, economic models) to better manage operational risk. There is also a need for developing contingency plans to minimize the losses in the event of severe business disruption for the effective management of operational risk. This is also concluded that Commercial banks in Pakistan are properly monitoring and reporting operational risk-related matters on timely basis according to disclosure requirement of SBP. Another imperative conclusion of the study is the significance of the positive role that corporate board and senior management play for the effective management of operational risk. Therefore it is recommended that banks management need to disclose all the process of managing operational risk to the corporate board thus to the shareholders of the bank. In light of this, it was suggested that procedures should be in place to inform Board members about the operational risk assessment and minimization procedures. These procedures should be periodically reviewed to ensure that executive management controls risk through means of a properly defined framework. Lastly, although as the study confirms that the Bard of directs and senior management involvement is contributing toward the effective ORM, however, there is a dire need to propagate the conscious culture of ORM in commercial banks of Pakistan. In future, a study may conduct on ORM practices of development banks, microfinance banks and other small financial institutions. In future studies, the element of tolerance level may be studied which each bank is required to set for its ORM. More elements of CG like board size, management quality can be used in future studies. For secondary research, operational risk loss data could be studied. ORM practices of Islamic and Conventional banks can also explore in future studies. The first limitation of this study is that it does not include other risks associated with the banking sector, e.g. market and credit risk. The research employed survey method, the questionnaire used in the study were close-ended. In close-ended questionnaires, respondents cannot express their views. In survey method, biasness can also occur as the perception of the respondents for their banks is asked. This study’s sample size is composed of only commercial banks (financial institutions) it does not include non-financial organizations that REPS also face difficulty in ORM. This study has also not included some other categories of banks, 7,2 like development banks, microfinance banks. References Al Hussiny, S. (2010), A Study of Risk Management in the United Arab Emirates Banking Industry, Doctoral dissertation, The British University in Dubai (BUiD). Allen, L. and Bali, T.G. (2007), “Cyclicality in catastrophic and operational risk measurements”, Journal of Banking and Finance, Vol. 31 No. 4, pp. 1191-1235. Arif, A. and Shabbir, M.S. (2019), “Common currency for Islamic countries: is it viable?”, Transnational Corporations Review, Vol. 11 No. 3, pp. 222-234. Bastomi, M., Salim, U. and Aisjah, S. (2017), “The role of corporate governance and risk management on banking financial performance in Indonesia”, Jurnal Keuangan dan Perbankan, Vol. 21 No. 4, pp. 670-680. BIS (Bank for International Settlements, Basel Committee on Banking Supervision (2006), “International convergence of capital measurement and capital standards, A revised framework”, available at www.bis.org/publ/bcbs128.htm. Bocker, K. and Kluppelberg, C. (2005), Operational VaR: A Closed-Form Approximation, Risk-London- Risk Magazine, Vol. 18 No. 12, p. 90. Chapelle, A. (2019), Operational Risk Management: Best Practices in the Financial Services Industry, John Wiley & Sons. Coetzee, P. and Lubbe, D. (2014), “Improving the efficiency and effectiveness of risk-based internal audit engagements”, International Journal of Auditing, Vol. 18 No. 2, pp. 115-125. Crouhy, M., Galai, D. and Mark, R. (2003), Essential of Risk Management, McGraw-Hill, London. Davies, J. and Haubenstock, M. (2002), “Building effective indicators to monitor operational risk”, The RMA Journal, Vol. 84 No. 8, pp. 40-43. Firew, T. (2013), “Establishing financial markets in Ethiopia: the environmental foundation, challenges and opportunities”, Journal of Business and Administrative Studies, Vol. 4 No. 1, pp. 1-44. Geiger, M.A. and Raghunandan, K. (2002), “Auditor tenure and audit reporting failures”, Auditing: A Journal of Practice and Theory, Vol. 21 No. 1, pp. 67-78. Gujarati, D.N. and Porter, D.C. (2009), Basic Econometrics, International edition, McGraw-Hills, New York. Hair, J.F., Anderson, R.E., Tatham, R.L. and Black, W.C. (1998), Multivariate Data Analysis, 5th ed Prentice-Hall, Englewood Cliffs, NJ. Heinrich, G. (2006), Operational Risk, Payments, Payment Systems, and Implementation of Basel II in Latin America: Recent Developments, Vol. 4 No. 1, pp. 42-45. Herring, R.J. (2002), “The basel 2 approach to bank operational risk: regulation on the wrong track”, The Journal of Risk Finance, Vol. 4 No. 1, pp. 42-45. Hussain, H.A. and Al-Ajmi, J. (2012), “Risk management practices of conventional and Islamic banks in Bahrain”, The Journal of Risk Finance, Vol. 13 No. 3, pp. 215-239. ISACA (Information Systems Audit and Control Association) (2009a), The Risk IT Framework, Printed in the United States of America. Ishtiaq, M. (2015), Risk Management in Banks: Determination of Practices and Relationship with Performance. Kasim, I. and Hussin, M.R. (2010), Enterprise-wide Risk Management (EWRM) Practices: Between Corporate Governance Compliance and Value Creation. Koomson, A. (2011), Operational Risk Management and Competitive Advantage in the Ghanaian The impact of Banking Industry, (Doctoral dissertation). operational Kuritzkes, A. (2002), “Operational risk capital: a problem of definition”, The Journal of Risk Finance, risk Vol. 4 No. 1, pp. 47-56. management Lam, J. (2001), Risk Management–the CRO Is Here to Stay, Prentice-Hall, New York, NY. Lewis, N.D.C. (2004), Operational Risk with Excel and VBA: Applied Statistical Methods for Risk Management,þ Website, John Wiley & Sons, Vol. 244. Mainelli, M. (2002), Industrial strengths: operational risk and banks, Balance Sheet, Vol. 10 No. 3, pp. 25-34. Masenene, F.A. (2015), An Assessment on the Effectiveness of Operational Risk Management among Tanzanian Financial Institutions: the Case Study of Selected Banks in Dar es Salaam, Doctoral dissertation, The Open University Of Tanzania. Moosa, I.A. (2007), “Operational risk: a survey”, Financial Markets, Institutions and Instruments, Vol. 16 No. 4, pp. 167-200. Muermann, A. and Oktem, U. (2002), “The near-miss management of operational risk”, The Journal of Risk Finance, Vol. 4 No. 1, pp. 25-36. Muhammad, I., Shabbir, M.S., Saleem, S., Bilal, K. and Ulucak, R. (2020), “Nexus between willingness to pay for renewable energy sources: evidence from Turkey”, Environmental Science and Pollution Research, Vol. 3 No. 6 pp. 1-15. Nastase, P. and Unchiasu, S.F. (2013), “Implications of the operational risk practices applied in the banking sector on the information systems area”, Accounting and Management Information Systems, Vol. 12 No. 1, p. 101. Neifar, S. and Jarboui, A. (2018), “Corporate governance and operational risk voluntary disclosure: evidence from Islamic banks”, Research in International Business and Finance, Vol. 46, pp. 43-54. Nguyen, V.K., Shabbir, M.S., Sail, M.S. and Thuy, T.H. (2020), “Does informal economy impede economic growth? Evidence from an emerging economy”, Journal of Sustainable Finance and Investment, Vol. 2 No. 7, doi: 10.1080/20430795.2020.1711501. Pakhchanyan, S. (2016), “Operational risk management in financial institutions: a literature review”, International Journal of Financial Studies, Vol. 4 No. 4, p. 20. Pallant, J. (2013), SPSS Survival Manual, McGraw-hill education. Pearl-Kumah, S., Sare, Y.A. and Bernard, B. (2014), “Corporate governance and risk management in the banking sector of Ghana”, European Journal of Accounting Auditing and Finance Research, Vol. 2 No. 2, pp. 1-17. PricewaterhouseCoopers (1999), Operational Risk Management, Credit Suisse Group, Zurich. Quon, T.K., Zeghal, D. and Maingot, M. (2012), “Enterprise risk management and firm performance”, Procedia-Social and Behavioral Sciences, Vol. 62, pp. 263-267. Saleem, H., Shabbir, M.S., Khan, B., Aziz, S., Husin, M.M. and Abbasi, B.A. (2020), “Estimating the key determinants of foreign direct investment flows in Pakistan: new insights into the co-integration relationship”, South Asian Journal of Business Studies, Vol. 10 No. 1, pp. 91-108. SBP (2015), “Financial stability review”, available at: https://www.sbp.org.pkiFSRi2015. Sekaran, U. (2003), “Towards a guide for novice research on research methodology: review and proposed methods”, Journal of Cases of Information Technology, Vol. 8 No. 4, pp. 24-35. Shabbir, M.S. (2016), “Combine effect of automated Services and traditional Services quality on customer satisfaction: evidence from banking sector of Pakistan”, International Journal of Economics and Management Sciences, Vol. 5 No. 3, pp. 18-26. Shabbir, M.S. (2018a), “Classification and prioritization of waqf lands: a Selangor case”, International Journal of Islamic and Middle Eastern Finance and Management, Vol. 11 No. 1, pp. 40-58. Shabbir, M.S. (2018b), “The Determination of Money: a comparative analysis of Zakat (Alms) and REPS Income Tax payers among selected ASEAN countries”, Global Review of Islamic Economics and 7,2 Business, Vol. 6 No. 1, pp. 051-061. Shabbir, M.S. (2018c), “Privatization predicament and Shari’ah compliant alternate solutions”, Kashmir Economic Review, Vol. 27 No. 1, pp. 28-37. Shabbir, M.S. (2020), “Human prosperity measurement within the gloom of Maqasid Al-Shariah”, Global Review of Islamic Economics and Business, Vol. 7 No. 2, pp. 105-111. Shabbir, M.S. and Wisdom, O. (2020), “The relationship between corporate social responsibility, environmental investments and financial performance: evidence from manufacturing companies”, Environmental Science and Pollution Research, Vol. 3 No. 9, pp. 1-12, doi: 10. 1007/s11356-020-10217-0. Shabbir, M.S., Bashir, M., Abbasi, H.M., Abbasi, H.M. and Abbasi, H.M. (2020), “Effect of domestic and foreign private investment on economic growth of Pakistan”, Transnational Corporations Review, Vol. 5 No. 8, pp. 1-13. Shahzad, M. and Rehman, A. (2015), “Barriers to service quality in the banks of Pakistan: a comparative study of Islamic and conventional banks”, Business and Economics Journal, Vol. 178 No. 6, pp. 13-21. Shahzad and Zaman (2016), “Marketing strategic of financial Services by Islamic banks”, Standard Journal of Global Business and Management, Vol. 3 No. 2, pp. 15-23. Sobel, P.J. and Reding, K.F. (2004), “Aligning corporate governance with enterprise risk management”, Management Accounting Quarterly, Vol. 5 No. 2, p. 29. Van Greuning, H. and Brajovic-Bratanovic, S. (2009a), Analyzing Banking Risk: A Framework for Assessing Corporate Governance and Risk Management, World Bank Publications. Van Greuning, H. and Brajovic-Bratanovic, S. (2009b), Analyzing Banking Risk: A Framework for Assessing Corporate Governance and Risk Management, No. 48238, The World Bank, pp. 1-442. Wei, R. (2007), “Quantification of operational losses using firm-specific information and external databases”, Journal of Operational Risk, Vol. 1 No. 4, pp. 3-34. Further reading Balasubramaniam, C.S. and Pradhan, R.P. (2005), “Corporate governance and its role in banking sector”, Finance India, Vol. 19 No. 4, p. 1393. Channar, Z.A., Abbasi, P. and Maheshwari, M.B. (2015), “Risk management: a tool for enhancing organizational performance”, Pakistan Business Review, Vol. 17 No. 1, pp. 1-20. Daniel, O. (2014), Modelling Risk Management in Banks: Examining Why Banks Fail, Doctoral dissertation, Walden University. Dowdell, L.P. (2014), Postulation of Project Management Office Structures in Reducing Operational Risk of Financial Institutions, Doctoral dissertation, University of Phoenix. Fasika, F. (2012), Commercial Bank Operational Risks Management: Exploratory Study on Selected Ethiopian Commercial Banks, Master’s Thesis. Habib, S., Masood, H., Hassan, T., Mubin, M. and Baig, U. (2014), Operational Risk Management in Corporate and Banking Sector of Pakistan. Mart ınez-Sanchez, J.F., Mart ınez-Palacios, M.T.V. and Venegas-Mart ınez, F. (2016), “An analysis on operational risk in international banking: a Bayesian approach (2007–2011)”, Estudios Gerenciales, Vol. 32 No. 140, pp. 208-220. Rehman, A.A. (2016), A Comparative Study of Risk Management Practices between Islamic and Conventional Banks in Pakistan, Doctoral dissertation, Cardiff Metropolitan University. Appendix 1 The impact of operational risk management Commercial banks Sr. Commercial banks 1 Askari Bank Limited 2 United Bank Limited 3 Summit Bank Limited 4 Bank Alfalah Limited 5 Dubai Islamic Bank 6 Habib Bank Limited 7 Silk Bank Limited 8 Bank Islmi Pakistan Limited 9 Albaraka Bank (Pakistan) Limited 10 Samba Bank Limited 11 National Bank Of Pakistan 12 Faysal Bank Limited 13 JS Bank Limited 14 NIB Bank Limited 15 Habib Metropolitan Bank Limited 16 First Women Bank Limited 17 Meezan Bank Limited 18 Bank of Punjab 19 Bank of Khyber 20 Soneri Bank Limited Table A1. 21 Allied Bank Limited 22 MCB Bank Limited Sample banks for 23 Standard Chartered Bank Limited 24 Bank Al Habib Limited the study Appendix 2 Strongly Strongly Operational risk identification disagree Disagree Neutral Agree agree 1. My bank carries out a comprehensive and 12 3 4 5 systematic identification of its operational risk in terms of people and internal systems 2. My bank prioritizes its operational risks 12 3 4 5 according to Basel Accord guidelines 3. My bank has developed and applied 12 3 4 5 procedures for the systematic identification of internal and external events of operational risk 4. My bank identifies operational risk through 12 3 4 5 risk mapping 5. My bank identifies operational risk using self- 12 3 4 5 assessment tool 6. My bank uses key risk indicator tool for 12 3 4 5 identifying its operational risk Strongly Disagree Neutral Agree Strongly Operational risk assessment and analysis disagree agree 7. My bank assesses the likelihood of occurring 12 3 4 5 operational risk 8. My bank assesses its operational risk by 12 3 4 5 using quantitative analysis methods (e.g. risk indicators, loss distribution and economic models) Table A2. The descriptive (continued) analysis tables REPS 7,2 Strongly Strongly Operational risk assessment and analysis disagree Disagree Neutral Agree agree 9. My bank assesses operational risks by using 12 3 4 5 qualitative analysis methods (e.g. risk maps, audit findings, scorecards and self- assessments) 10. My Bank has contingency and business 12 3 4 5 continuity plans to ensure its ability to operate as going concern and minimize losses in the event of severe business disruption 11. My bank response to analyze operational 12 3 4 5 risks includes an assessment of the costs and benefits of addressing operational risks 12. My bank response to analyze operational 12 3 4 5 risk includes prioritizing of operational risks and active management for operational risk Strongly Disagree Neutral Agree Strongly Operational risk monitoring and control disagree agree 13. Monitoring the effectiveness of operational 12 3 4 5 risk management is an integral part of routine management reporting 14. My bank continuously compares the actual 12 3 4 5 operational risk levels with permissible operational risk level under Basel II 15. The level of control mechanism is 12 3 4 5 appropriate for the operational risk processes in my bank 16. My bank is reporting disclosure of 12 3 4 5 information on timely basis for monitoring the operational risk 17. My bank monitors the operational risk and 12 3 4 5 provides immediate feedback to the management 18. My bank’s response to operational risk 12 3 4 5 includes action plans for implementing decisions about identified operational risk 19. My bank’s evaluates the effectiveness of the 12 3 4 5 existing controls for operational risk 20. There is an active insurance made to cover 12 3 4 5 daily operational risks at my bank Corporate governance and operational risk Strongly Disagree Neutral Agree Strongly management disagree agree 21. Executive management and board of 12 3 4 5 directors receive operational risk-based management information on a regular basis 22. My bank’s executive management regularly 12 3 4 5 reviews the organization’s performance in managing its operational risks (continued) Table A2. The impact of Corporate governance and operational risk Strongly Strongly operational management disagree Disagree Neutral Agree agree risk management 23. The boards of directors are directly 12 3 4 5 responsible for operational risk management 24. The bank’s risk management procedures 12 3 4 5 and processes are documented and provide guidance to staff about managing operational risk 25. Senior management of the bank transforms 12 3 4 5 the strategic direction given by the board through operational risk management policy 26. Efficient operational risk management is one 12 3 4 5 of my bank’s objectives Strongly Disagree Neutral Agree Strongly Operational risk management disagree agree 27. There is a proper set of rules and guidelines, 12 3 4 5 for managing operational risk, available in the bank 28. Board and executive management of the 12 3 4 5 bank understands all categories of operational risk applicable to the bank 29. My bank has been encountered to daily 12 3 4 5 operational risk 30. My bank regularly prepares periodic report 12 3 4 5 of operational risk 31. The issue of operational risk control is taken 12 3 4 5 to a great consideration at my bank 32. My bank takes more consideration on 12 3 4 5 operational risks occurring to its systems and procedures 33. My bank takes more consideration on 12 3 4 5 operational risks occurring to its systems and procedures 34. My bank takes more consideration on 12 3 4 5 operational risk occurring to its people side 35. Lack of strong rules and principles for 12 3 4 5 operational risk management cause more operational risk to take place in my bank 36. Overall, my bank operational risk 12 3 4 5 management practices are consider excellent Table A2. Corresponding author Malik Shahzad Shabbir can be contacted at: email@example.com For instructions on how to order reprints of this article, please visit our website: www.emeraldgrouppublishing.com/licensing/reprints.htm Or contact us for further details: firstname.lastname@example.org
Review of Economics and Political Science – Emerald Publishing
Published: Mar 28, 2022
Keywords: Operational risk management; Basel accord; SBP; Corporate governance
Access the full text.
Sign up today, get DeepDyve free for 14 days.