Alternatives to Risk Management Models

When implementing risk control measures, it is important to identify the points and processes of the financial transaction and then relate them according to the type of IT risk management framework used for the Global Risk Assessment (GRA).

One of the most common risk management framework models is the "V" model, which resembles the one used in IT, for the control, development and implementation of projects. It follows a chronological process from the definition of a project to its implementation. Based on this model, and the stratification contemplated therein, considerations are made to implement methods and solutions for risk mitigation.

Although widely disseminated, it is not the only model that is applied. A financial organization, for example, follows a different IT risk management framework model that aims for continuous cyclical improvement. This model is called: Model Risk Management Framework.

This model ensures that:

• Appropriate risk management policies and a governance framework are in place.
• Models are developed and implemented in a robust and appropriate manner.
• These models undergo appropriate validation and independent reviews before and after implementation.

FRAMEWORK STRUCTURE FOR RISK MODEL MANAGEMENT

It is divided into four Phases and has a total of seven stages of progression:

PHASE I - RISK MODEL MANAGEMENT POLICIES AND GOVERNANCE FRAMEWORK:

• MODEL PROPOSAL AND REFERENCE TERMS (Shared Responsibility with GRA):

Understand the reasons behind creating a model and expectations about how its outcome will be used.

• MODEL DEVELOPMENT (Responsibility of GRA):

The model is logical, is developed in a robust and appropriate manner for its intended purpose and is consistent with global standards.

•     PRE-IMPLEMENTATION VALIDATION (Responsibility of GRA):

(FLOD) First Line of Defense) control to ensure that the model is conceptually correct, that the data used are adequate, and that the results fulfill the intended purpose.

PHASE II- VALIDATION OF THE MODEL AND INDEPENDENT REVIEW OF STANDARDS

•     INDEPENDENT REVIEW (Responsibility outside of GRA):

Second Line of Defense (SLOD) control where key models are subjected to independent review to provide a reliable test and additional assurance to management, helping to identify limitations prior to model use.

PHASE III- DEVELOPMENT OF THE MODEL AND IMPLEMENTATION OF STANDARDS

• APPROVAL (Shared responsibility with GRA):

The model has already received appropriate approval from the relevant authority or responsible individual(s) before being used or implemented

PHASE IV- MODEL DEFINITION, IDENTIFICATION AND INVENTORY

• IMPLEMENTATION (Shared responsibility with GRA):

The model has already been implemented according to its original design and purpose after appropriate tests have been performed

• VALIDATION AND REPORT OF THE MODEL (Shared Responsibility with GRA):

The model is working satisfactorily and is being used according to its original design and purpose. This includes a series of activities, including first line monitoring and validation, as well as independent validation and review.

There are ready-to-use software products that are properly supported so that their implementation is smooth and seamless, allowing to establish or complement the lines of defense against risk at different levels.