Institutions in the business of banking with fiduciary responsibilities are expected to setup multiple lines of defense to safeguard public money & assets and maintain high operational standards to keep up with stakeholder’s expectations.
Surya’s OPSRISK module helps banks and other financial institutions to collect Operational Risk Incidents (Incident Register) and automate Risk Control & Self Assessment Policy (RCSA).
While RCSA framework is an ex-ante operational risk defense utility, Incident Register serves as post-facto incident logging mechanism.

RCSA framework covers:

  • Creation of Risk Libraries by listing
    1. Business Processes & associated Activities
    2. Business Risk Elements (Risk Events, Sources of Risk, Category of Risk, Risk Controls, KRIs)
  • Mapping Risk Elements to Business Processes
  • Associating mapped Business Processes with Operating Units (business verticals and support functions)
  • Defining Assessment Periods with submission deadlines
  • Submitting Self Assessments with Inherent, Control and Residual Risk Ratings
  • Identifying Control Deficiencies and submit Risk & Control Action Plans
  • Assessing overall rating of Operating Units and approve Action Plans

Incident Register on the other hand, gives support in:

  • Logging risk incidents by all personnel of the
  • Classification of incidents as per institution’s policy (usually
    driven by COSO or BASEL guidelines)
  • Supervisory review by control departments from Head Office
  • Capturing monetary losses and tracking recovery tranches
  • Setting up Corrective Action Plan with definite deadlines