REVIEW: "Operational Risk: Regulation, Analysis, and Management", Carol Alexander

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Nov 5, 2003.

  1. BKOPRISK.RVW 20030913

    "Operational Risk: Regulation, Analysis, and Management", Carol
    Alexander, 2003, 0-273-65966-9, U$59.95/C$89.99
    %E Carol Alexander
    %C One Lake St., Upper Saddle River, NJ 07458
    %D 2003
    %G 0-273-65966-9
    %I Prentice Hall
    %O U$59.95/C$89.99 +1-201-236-7139 fax: +1-201-236-7131
    %P 336 p.
    %T "Operational Risk: Regulation, Analysis, and Management"

    In 1999, the Basel Committee on Banking Supervision (BCBS), spurred by
    recent bank collapses, started working toward an Accord in regard to
    risk management. The eventual Accord, also known as Basel II, was not
    wholly defined, but established three points or "Pillars": that banks
    establish a capital reserve somewhat commensurate with their total
    risk, that risk management plans be subject to a supervisory review,
    and that such plans be disclosed. Operational risk was defined as
    "the risk of loss resulting from inadequate or failed internal
    processes, people and systems or from external events." That sounds
    oddly like what anyone else just calls risk, but bankers are primarily
    concerned with what they see as separate issues: credit risk and
    market risk. This book appears to be a reaction, from the banks, to
    the provisions of the Accord.

    It is a commonly held myth that bankers are pompous, self-satisfied,
    out of touch with the real world, and fond of the sound of their own
    voices. The contents of this volume will do little to dispel that
    perception. There is always a problem of quality with works of
    collected essays by different authors, but few of these papers seem to
    be direct or useful.

    Part one is about regulation, and specifically the BCBS proposals.
    Chapter one outlines the provisions of the Basel Accord. Rather than
    a framework for considering risk, chapter two offers random thoughts
    on the matter. We finally get the definition of operational risk, and
    some more detail on the BCBS risk measurement approaches, in chapter
    three. Chapter four has more complaints about the Basel measures.
    Chapter five does have some discussion of fraud controls, but embedded
    in verbiage. Chapter six seems intent on proving that the idea of
    reserve capital in risky situations is not insurance.

    Part two is entitled "Analysis." Chapter seven deals with statistical
    models of operational loss, with a lot of mathematics and little
    practicality. The loss distribution approach (LDA), in chapter two,
    is based on historical data and does not seem to consider that most
    severe events, such as the Barings Bank collapse, are due to
    innovation and changed conditions. Simulation is proposed in chapter
    nine, but without regard to validation of the models used. Chapter
    ten presents a very interesting look at economic capital, a
    calculation of the amount of reserve cash that a company would need to
    cover emergencies in a given year. It is seen as a useful, single
    indicator of risk, and validation is appraised, but, unfortunately,
    only in terms of how acceptable or convincing your figure is going to
    be with the board of directors.

    Part three turns to risk management. Chapter eleven presents a
    scorecard process for risk assessment, but betrays a fundamental
    misunderstanding of the concept by trying to get quantitative data out
    of a qualitative mechanism. The operational risk management framework
    given in chapter twelve is reasonable, if limited and generic, and
    chapter thirteen is basically a duplication of that content. The
    material on Bayesian analysis, in chapter fourteen, does finally admit
    that the technique is poor at identifying risks. Chapter fifteen goes
    through some examples of calculating risk, but the content is still

    The material contained in this book is narrow, repetitive, and padded
    out with excessive verbiage. Most of the writing is not particularly
    clear. Even given the intent as a response to a particular set of
    directives, the text is vague and uninformative. It adds almost
    nothing to the risk management literature.

    copyright Robert M. Slade, 2003 BKOPRISK.RVW 20030913


    "If you do buy a computer, don't turn it on." - Richards' 2nd Law
    ============= for back issues:
    [Base URL] site
    or mirror
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews: [Base URL]mnbk.htm
    [Base URL]review.htm
    Security Educ.:
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Nov 5, 2003
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tony Spadaro

    The lesson to be learnt from Darius Alexander

    Tony Spadaro, Sep 27, 2003, in forum: Digital Photography
    Howard McCollister
    Sep 29, 2003
  2. Doug MacLean
    Doug MacLean
    Sep 7, 2004
  3. One-Shot Scot

    Alexander: A Huge Bomb!

    One-Shot Scot, Nov 28, 2004, in forum: DVD Video
    Stephen Cooke
    Dec 5, 2004
  4. One-Shot Scot

    Alexander: DVD by February?

    One-Shot Scot, Dec 28, 2004, in forum: DVD Video
    Jan 12, 2005
  5. DVD Verdict
    DVD Verdict
    Nov 3, 2005

Share This Page