http://www.iopsweb.org/toolkit/
Module 4: Risk Mitigants and Risk Scoring
Having identified the major risks to meeting its
supervisory objectives (see Module 3), the pension
supervisory authority needs to consider possible
mitigants and controls so that risk is assessed on a
net rather than a gross basis. The authority then
needs to establish a method for weighting these
risks, according to the probability of their occurrence
and their importance and impact on the goals of the
supervisory authority – i.e. a risk scoring model has
to be devised.
Some pension supervisory authorities derive
individual risk-scores for the entities which they
oversee. However, it may not be feasible for
supervisory authorities to derive an individualized
risk score for every single supervised entity –
particularly in pension systems where many
thousands of funds operate. In such cases, supervised
entities are categorized in a simplified way – usually
in terms of their size or impact of failure– with the
funds which have the greatest 'impact' receiving the
greatest supervisory attention (as described in
Module 5).
This module is designed to help supervisory
authorities who wish to build a risk-scoring model
which will be used to guide their supervisory actions.
Section 1 looks at risk mitigants and how to assess
risk on a net basis. Risks can be managed in a variety
of ways, including good corporate governance, a
capable senior management team, well-documented
procedures, strong internal controls, an independent
internal audit function, effective risk management
processes, strong actuarial and financial analysis
capabilities, and comprehensive external audits. Risk
can also be mitigated on a system-wide basis.
However, the most important factor is a pension
fund's risk-management system.
Section 2 considers the how to build risk scores in
more detail, looking at the following:
Weightings - assigned to different risk
categories and controls, driven by external
factors, the nature of the pension system, as
well as the nature, scale and complexity of
the entity's risk being assessed.