The big guys don’t always know what they’re doing

You’d think that a really big software company, like Adobe, would know what it’s doing But no. You may have noticed that there was a big data breach: millions of usernames and (encrypted) passwords were stolen. But they were encrypted, so no big deal, right? Ah. Well. That’s the point. As this article explains, it […]

The FSA and risk based capital

The FSA has published proposals for a new framework for risk-based capital rquirements for both life and non-life insurers. Although the details of the calulations differ, the overall structure is the same for both types. The proposals were issued in July and August 2003; the consulation period ends on 30th November 2003. General framework Insurers […]

The FSA and operational risk

The FSA has produced several documents that are concerned with operational risk, and others that are concerned with systems and controls. The FSA sometimes distinguishes between operational risk (as part of business risk) and control risk and sometimes doesn’t. For example, the guidance was originally intended to be part of a separate module, PROR, and […]

User-developed software

User-developed software is, as its name suggests, software that is developed by users rather than by specialist developers. It includes spreadsheets, parameter driven financial models, personal databases, VB code, and so on. Caution: user-developed systems may be hazardous to your organization Davis, 1981 User-developed software has many advantages, and can really leverage the expertise of […]

Operational Risk

Operational risk is gaining an increasingly high profile. In the UK, the Turnbull report recommended that listed companies should manage their operational risk explicitly; and the FSA includes operational risk in its new ARROW framework for risk assessment. Historically (though the history is admittedly rather short), operational risk has received most attention from the banking […]