OPERATIONAL RISK MANAGEMENT PRACTICES AND FRAUD …
Transcript of OPERATIONAL RISK MANAGEMENT PRACTICES AND FRAUD …
OPERATIONAL RISK MANAGEMENT PRACTICES AND FRAUD
MITIGATION IN BANKING INSTITUTIONS IN RWANDA:
A CASE STUDY OF KCB BANK RWANDA
JOEL MBYAYINGABO
MBA/3808/13
A Research Project Submitted in Partial Fulfillment for the Award of a
Degree in Master of Business Administration (Finance and Accounting
Option) of Mount Kenya University
NOVEMBER 2018
ii
DECLARATION
This research study is my original work and has not been presented to any other
institution. No part of this research should be produced without the author’s consent or
that of Mount Kenya University
Student Name: JOEL MBYAYINGABO
Sign…………………………………Date……………………….
Declaration by the Supervisor
This research has been submitted with our approval as the Mount Kenya University
supervisor.
Name: Dr, RUSIBANACLAUDE, PhD.
Sign…………………………………Date……………………….
iii
DEDICATION
I dedicate to Dahlia Umulinga, Athanase Bizimungu, Tharcissie Iyakaremye & Yvonne
Umutoni
iv
ABSTRACT
The objectives of this study are to examine the effect of operational risk management
practices on Fraud prevention in KCB Bank Rwanda, to analyze the most frequent types
of operational risks in people, process and systems, to determine the effect of ORM on
Fraud prevention and to examine the impact of ORM on financial institution’s control
environment. The study intends to enable the banks executives and indeed the regulators
of the banking sector and other financial institutions to be aware of the importance of
operational risk in preventing Fraud in this fast growing and changing environment. The
research is equally significant because it would provide answers to factors that are
constantly raised on the amount of capital being invested in operational risk
management and it was also prove the success and growth associated with the
implementation of operational risk management. This research was a valuable tool for
students, academician, institutions, corporate managers and individuals that interested in
operation management practices specifically on ways to detect and mitigate fraud. The
study was descriptive in research design. The target population is 232 employees of
KCB Bank Rwanda and the sample size is 54 employees sampled using purposive
sampling in main departments and branches of the bank. Primary data was collected
using questionnaire and interview while secondary data was collected from various
books, annual reports, among others. Data collected was coded, analyzed and presented
using graphs, tables, frequencies will be done using SPSS version 20. Correlation and
regression analysis of the study variable was also be done. Results show that 33.3% of
respondents argued that people (employees) are the source contributing in operational
risk management. Furthermore, 48.1% of respondents witnessed the primordial role that
a process can play in operational risk management. Finally, 18.5% of respondents
argued the system used by the bank can be a helpful source in operational risk
management. This study therefore recommends that the commercial banks should
handle their operations appropriately as the changes in the factors like Insolvency and
Credit risk bring about an effect on the profitability of commercial banks hence effecting
their financial performance. Taking care of these risks will ensure stability at the
Commercial banks sector in Rwanda and help provide funds through credit lending to
businesses which help promote economic development. This study also establishes that
operational risk management are positively correlated with the financial performance of
the commercial banks in Rwanda while Fraud mitigation strategies negatively influences
financial performance of commercial banks in Rwanda. This study therefore
recommends that commercial banks in Rwanda should balance off their borrowing and
deposit rates since these banks are faced with many risk factors inclusive of operational
risk management and Fraud mitigation strategies as these do affect the financial
performance of these commercial banks.
v
TABLE OF CONTENTS
DECLARATION ............................................................................................................. ii
DEDICATION ................................................................................................................ iii
ABSTRACT .................................................................................................................... iv
TABLE OF CONTENTS .................................................................................................v
LIST OF TABLES .......................................................................................................... ix
FIGURES ....................................................................................................................... xi
LIST OF ABBREVIATIONS AND ACRONYMS ..................................................... xii
DEFINITION OF KEY TERMS ................................................................................ xiii
CHAPTER ONE: INTRODUCTION ............................................................................1
1.0 Introduction ..................................................................................................................1
1.1 Background of the study ...............................................................................................1
1.2 Problem statement ........................................................................................................6
1.3 Objective of the study ...................................................................................................7
1.3.1 General objectives .....................................................................................................7
1.3.2 Specific objectives .....................................................................................................7
1.4 Research questions .......................................................................................................7
1.5 Significance of the study ..............................................................................................7
1.6 Limitation of the study .................................................................................................8
1.7 Scope of the Study ........................................................................................................9
vi
1.7.1 Content Scope ............................................................................................................9
1.7.2 Time Scope ................................................................................................................9
1.7.3 Geographic Scope ......................................................................................................9
1.8 Organization of the Study .............................................................................................9
CHAPTER TWO: REVIEW OF RELATED LITERATURE ..................................10
2.0 Introduction ................................................................................................................10
2.1 Theoretical Literature .................................................................................................10
2.1.1 Operational Risk Management ................................................................................10
2.1.2 Operational Risk Assessment ..................................................................................12
2.1.3 Operational Risk Controls Implementation .............................................................15
2.1.4 Operational Risk Monitoring ...................................................................................21
2.1.5 Operational Risk Management and Fraud Mitigation .............................................23
2.2 Empirical literature .....................................................................................................24
2.3 Critical Review and Research Gap identification ......................................................26
2.4 Theoretical Framework ..............................................................................................27
2.4.1 Fraud Triangular Theory .........................................................................................27
2.4.2 X Efficiency Theory ................................................................................................29
2.5 Conceptual framework ...............................................................................................30
2.6 Summary ....................................................................................................................31
vii
CHAPTER THREE: RESEARCH METHODOLOGY .............................................32
3.0 Introduction ................................................................................................................32
3.1 Research Design .........................................................................................................32
3.2 Target Population .......................................................................................................32
3.3 Sample Design ............................................................................................................33
3.3.1 Sample Size .............................................................................................................33
3.3.2 Sampling Technique ................................................................................................34
3.4 Data Collection Methods ............................................................................................35
3.4.1 Data Collection Instruments ....................................................................................35
3.5 Data analysis Procedure .............................................................................................37
3.6 Ethical Consideration .................................................................................................37
CHAPTER FOUR: RESEARCH FINDINGS AND DISCUSSION ..........................39
4.0. Introduction ...............................................................................................................39
4.1. Demographic Characteristics of respondents ............................................................39
4.1.2 Age group of respondents ........................................................................................40
4.1.3 Time spent working in this institution .....................................................................41
4.1.4 Educational level of respondents .............................................................................41
4.1.5. Kind of job hold by the respondents ......................................................................42
4.2 Presentation of findings ..............................................................................................43
4.2.1 Analysis of Operational risks management practices in KCB Rwanda ..................43
viii
4.2.2 Examination of Fraud mitigation strategies used in KCB Rwanda .........................48
4.2.3 Impact of operational risk management practices on Fraud mitigation in KCB
Rwanda. ............................................................................................................................52
CHAPTER FIVE: SUMMARY, CONCLUSION AND RECOMMENDATIONS ..57
5.0 Introduction ................................................................................................................57
5.1. Summary of the findings ...........................................................................................57
5.1.1 Analysis of Operational Risks Management Practices in KCB Rwanda ................57
5.1.3 Impact of operational risk management on Fraud mitigation in KCB Rwanda ......60
5.2 Conclusion ..................................................................................................................61
5.3 Recommendations for Policy and Practice .................................................................62
5.4 Suggestions for Further Research ...............................................................................63
REFERENCES ...............................................................................................................64
APPENDICES ...............................................................................................................71
QUESTIONNAIRE ..........................................................................................................72
ix
LIST OF TABLES
Table 3.1 Target Population and Sample Size ................................................................ 34
Table 4.2 Gender of Respondents ................................................................................... 39
Table 4.3 Age of respondents .......................................................................................... 40
Table 4.4 Time spent working in this institution ............................................................. 41
Table 4.5 Educational level of respondents ..................................................................... 42
Table 4.6 Kind of job hold by the respondents ............................................................... 42
Table 4.7 From the given list, tick all the sources that contribute to operational risk. ... 43
Table 4.8 Presence of operational risk management practices in KCB Bank–Rwanda .. 44
Table 4.9 The extent KCB conducts risk assessment to daily operational risk
management ..................................................................................................................... 45
Table 4.10 The extent KCB conducts risk control implementation to daily operational
risk management .............................................................................................................. 46
Table 4.11 The extent KCB conducts risk monitoring to daily operational risk
management ..................................................................................................................... 47
Table 4.12 The extent KCB conducts Operation risks enforcement to daily operational
risk management .............................................................................................................. 47
Table 4.13 Provision of Fraud deterrence strategies ....................................................... 49
x
Table 4.14 Presence of Fraud prevention strategies in KCB in daily operational risk
management ..................................................................................................................... 50
Table 4.15 Presence of Fraud investigation strategies in KCB in daily operational risk
management ..................................................................................................................... 50
Table 4.16 Presence of Fraud prosecution strategies in KCB in daily Fraud mitigation
operations ........................................................................................................................ 51
Table 4.17 Correlations between each element of operational risk management practices
......................................................................................................................................... 52
Table 4.18 Correlations between each element of Fraud Mitigation Strategies in KCB-
Rwanda ............................................................................................................................ 53
Table 4.19 Correlational analysis between ORM and Fraud Mitigation Strategies ........ 55
xi
FIGURE
Figure 2.1: Conceptual Framework ................................................................................. 30
xii
LIST OF ABBREVIATIONS AND ACRONYMS
ATM: Automated teller Machine
B2B: Business to business
B2C: Business-to-Consumer
BNR: National Bank of Rwanda
CFE: Certified Fraud examiners
CPA: Certified Public accountants
CORF: Operational Risk management function
GDP: Gross domestic product
EPS Electronic payment system
IAIS: International Association of Insurance Supervisors
ORC: Operational Risk Category
ORM: Operational risk management
ORMF: Operational Risk management framework
SOCA: Serious Organized Crime Agency
SOX: Sarbanes–Oxley
xiii
DEFINITION OF KEY TERMS
Risk: A measure of the probability and consequence of uncertain future events. Risk can
also been defined as “the effect of uncertainty on objectives,” meaning that
consequences are evaluated in light of objectives and desired conditions.
Operational risk: risk of loss resultant from inadequate or failed internal processes,
people and systems or from external events.
Operational Risk Management: is defined as a continual cyclic process which includes
risk assessment, risk decision making, and implementation of risk controls, which results
in acceptance, mitigation, or avoidance of risk.
Risk control: A strategy that involves deliberate action taken to reduce potential for
loss, maintain risk at acceptable levels, or enhance potential for benefits, in a manner
consistent with objectives, desired outcomes, and the management context.
Bank fraud: Is any form of behaviour by which one intends to gain a dishonest
advantage over another, and it is thus an act or omission intended to cause wrongful gain
to one person and wrongful loss to the other
Fraud Mitigation: This refers to risk strategy of preventing and/or reducing the effect
of fraud.
1
CHAPTER ONE: INTRODUCTION
1.0 Introduction
This study will elaborate the contextual part of this thesis by giving its importance,
problem statement, objectives of this study, significance as well as the scope.
1.1 Background of the study
The banking industry plays a fundamental role in the economic growth of a country. It
leads to an increasing the level of the economic activity by availing intermediation
services between providers of funds and the users of the funds. Worldwide, the ability or
inability of banks to successfully fulfill their role as intermediaries has been a central
issue in some of the financial crises that have been witnesses so far. Hull (2007) posits
that a special feature of banking activities is to act as delegated monitors of borrowers
on behalf of the ultimate lenders (depositors). In this relationship between the banks and
depositors, on one hand and between banks and borrowers, on the other hand, banks
need to secure the trust and confidence of these clients. This requires safe and sound
banking practices that increase confidence of depositors. However, this has not always
been the case as bank failures in different countries have been experienced.
Banking industry, all over the world, are exposed to various risks that if not well
managed can escalate to bank failures. As a matter of fact, various bank failures and
crises have been as a result of mismanagement of risks. For instant, the banking crises in
Asia in the 90’s; the financial crisis of 2007/ 2008 are a constant reminder of how far
mismanagement of risk can go for bank or the industry at large. Therefore, the failure of
a particular bank to adequately fulfill its intermediation role arises from its failure to
2
manage risks efficiently. One of such risks which is increasingly becoming a source of
concern both for policy makers and the players is the banking operational risk (BIS,
2004).
Although operational risk is by itself not a new concept, it has by far not received the
same amount of attention as credit and market risk until recent years. Fundamental
changes in financial markets, increasing globalization and deregulation, as well as
corporate restructuring had a large impact on the magnitude and nature of operational
risks confronting banks. This is coupled by the very dynamic and challenging market
that the banks are operating in. Infact, Ansoff (1989) noted that the environment is
constantly changing, and so it makes it imperative for organizations to continuously
adapt their activities to succeed. In order to survive in this very dynamic environment,
organizations need strategies to focus on their customers and to deal with the emerging
environmental challenges. These environmental changes are more complex to some
organizations than others and for survival an organization must maintain a strategic fit
with its environment. The environment is important and an organization has to respond
to its dynamism, heterogeneity, instability and uncertainty (Bagchi, 2003).
In USA, cases of bank failures over the past two decades are many. Some of the most
prominent of these failures include indymac Bank, Washington Mutual Bank both in
2008; Colonial Bank in 2009; Western Bank in 2010. More recent cases of bank failure
in US include Premier Bank (in 2015), Allied Bank (in 2016) and proficio Bank (in
2017), among others (Bovenzi ,2015). Most of these cases are due to failure in one way
or another of daily operations in the banks. However, it is only recent that operation risk
has been visibly been recognized as a separate an important risk that requires constant
3
measuring and monitoring. That implies that emphasis on operational risk within banks
has increased, leading regulators, auditors and rating agencies to expand their focus to
include operational risks as a separate entity besides market and credit risk.
In UK, similar cases of bank failures due to operational risk have also been experienced
over the past years, some even to as recent as 2015. These failures led to closure of the
said banks, or acquisition by other superior banks. For instance, UBS bank, NatWest
Bank and Ulster Bank all in 2013 whose failure denied customers access to their
accounts for days and even for weeks. It also led to inability to conduct any transactions
between the bank and clients. This caused many to miss their salaries, prominent
transactions and hence loss of a lot of money (Bovenzi, 2015).
The implementation advocated by an increasing number of studies on this subject of
bank failures is to consider any event that disrupts the normal flow of business processes
as case of operational risk. Also to be included as cases of operational risk are those
events that generate financial loss or damage to the image of the bank. Operational risks
refer to the risk of loss resulting from inadequate or failed internal process, people and
systems or from external events (Basel ,2001). They are the risks encountered during
the daily operations of a business relating to the specific functions and which can be
typically managed from within the organization (Kloman,2003). Some of the operational
risks result in an increase in the organizations’ operating cost for example, legal suits
while others lead to a decrease in the organization’s revenue for example the loss of a
customer to competition due to poor service (Hull ,2007). The concept of operational
risk appears at first glance not very innovative, since the banks did not wait for the Basel
Committee to organize their activities in the form of procedures, and to develop internal
4
audit departments to verify the correct application of these procedures. However,
spectacular failures have attracted the attention of regulators on the need to provide
banks with prevention and coverage mechanisms against operational risks through
segregation of department duties, allocation of dedicated capital or establishing the
forums.
Fraud has been classified in various ways and using various parameters. These ways
include management of the banks (otherwise referred to as management fraud); insiders,
these perpetrators are purely the employees of the banks; outsiders, these include
customers and/ornon-customers of the banks; and outsiders/insiders, this is a
collaboration of the bank staff and outsiders (Ojo, 2008).
Fraud, which literarily means a conscious and deliberate action by a person or group of
persons with the intention of altering the truth or fact for selfish personal gain, is now by
farther single most veritable threat to the entire banking industry (Basel, 2001). Pressure
relates to duress that is caused by an employee's perceived immediate need for assets
Risk management is an increasingly important process in many businesses. Business
risks are proliferating in an increasingly competitive world today and this is beyond
dispute. Risks to business continuity and to intangible assets such as intellectual
property and reputation are rising as the economy becomes ever more global.
The threat of Fraud to banks emanates from both their internal and external
environments. According to Cressey (1953) for Fraud to be successful, three things must
be present namely opportunity, pressure and rationalization. Banks must therefore craft
effective response strategies to manage the threat posed by fraud. The strategies will
invariably require allocation of resources in terms of human, financial etc. yet these
5
resources are scarce and are competed for by various arms of the banks. Without
resources, banks would not be able to manage fraud. An effective operational
management practice is one backed by adequate resources.
Proactive management of operational risk, in addition to allowing compliance with the
requirements of the Basel Committee, necessarily leads to improved production
conditions: streamlining of processes which results in increased productivity, improved
quality leading to a better brand image. In particular, such an approach allows the
development of quantitative tools which define measurable objectives for operational
teams in terms of reduction of operational risks (Bessis, 2015).
Furthermore, the increasing complexity and sophistication of operations and the
increased volumes means that the cases of failure are not favorable to any commercial
bank. The general environment favors greater awareness of operational risk which
becomes, just as credit risk and market risk management, an intrinsic component of
banking activities. The development of a method for monitoring operational risk faces
many internal obstacles, whether psychological or organizational. However, the subject
is gaining acceptance and the methodological body grows and takes shape gradually.
Risk management lies at the heart of all financial institutions such as insurance, banking
and investment. Effective risk management is a central part of financial and operational
management of banking institutions and is fundamental to the ability of a bank to
generate profits consistently and maximize the interests of shareholders and other
stakeholders.
6
1.2 Problem statement
There has been significant public concern about the level of Fraud within financial
institutions, and particularly in the banking institutions. Detecting Fraud is a challenging
task as perpetrators actively engage in deception in an attempt to conceal their behavior.
Further, internal control systems may be inadequate while auditors may have limited
experience in Fraud detection. This is coupled with the fact that fraudulent activities are
inherently unpredictable and difficult to detect. Because of the extensive implicit and
explicit costs of fraud, identifying ways to increase the probability of Fraud detection is
of great interest to all stakeholders. Despite, the emphasis and the pressure from
regulators, directors and customers on the financial institutions to put more focus on
operational risks to identify, measure, evaluate and manage all possible risks to mitigate
fraud, cases of Fraud keep surging even in the areas that were regarded as low risk areas.
Banks experience difficulties in implementation of a sound operational risk management
framework primarily due to lack of conceptual understanding, inadequate expertise in
modeling techniques and poor risk management culture. Besides the expansion of
banking industry in Rwanda, it calls for a sound risk management practices and
techniques for their survival, as well as, to be competitive enough in this turbulent
business environment in service delivery, as it’s a key driver behind profitability (BNR,
2016). To do so, it is a must to identify, select and apply the appropriate risk
measurement and management mechanisms, which can be able to deter, detect and
mitigate fraud. Banks generally operate in environments where risk changes often, hence
the need for an efficient risk management process, categorized by risk type to be able to
address the specific risk factors. It is therefore the interest of the current research to
7
investigate the effect of operational risk management practices on Fraud mitigation in
Rwanda.
1.3 Objective of the study
Objectives of the study are divided into General and Specific Objectives
1.3.1 General objectives
To examine the effect of operational risk management practice son Fraud mitigation in
Rwanda, taking a case study of KCB Bank Rwanda.
1.3.2 Specific objectives
i). To analyze the operational risks management practices in KCB Rwanda
ii). To examine various Fraud mitigation strategies used in KCB Rwanda.
iii). To examine the impact of operational risk management practices on Fraud
mitigation in KCB Rwanda.
1.4 Research questions
i). What are the various operational risks management practices in KCB Bank
Rwanda?
ii). What are the various Fraud mitigation strategies used in KCB Bank Rwanda?
iii). What is the impact of operational risk management practices on Fraud mitigation
in KCB Rwanda?
1.5 Significance of the study
The study would enable the banks executives and indeed the regulators of the banking
sector and other financial institutions to be aware of the importance of operational risk in
Fraud identification, assessment and control in this fast growing and changing
8
environment. The research is equally significant because it would provide answers to
factors that are constantly raised on the amount of capital being invested in operational
risk management and it would also prove the success and growth associated with the
implementation of ORM practices.
This research would a valuable tool for students, Academician, institutions, corporate
managers and individuals that want to know more about ORM specifically on ways in
which it detects and mitigate Fraud in financial institutions. It would offer the insight on
the level of risk management in local market which would help investors to know the
risk appetite and controls adequacy of our financial institutions.
1.6 Limitation of the study
The research has encountered limitations in the due cause of this study. For instance,
some respondents took long time to be convinced that the research is an academic and
they thought that the information was being gathered for control and appraisal purpose
or for other activities. Some of the respondents become suspicious to the study and were
reluctant to give the required information about the study because they thought that the
information given affected adversely their position. In such cases, the researcher time in
explaining that the research was purely for academic purpose. This also was supported
with a letter for data collection from Mount Kenya University. The researcher assured
the respondents confidentiality of the information gathered. Further expected limitation
is language problems. Based on the language background of the respondents, some
concepts in the questionnaire was not be clear to the respondents. This necessitated
providing translations of the questionnaire to a language suitable to the respondents in
order to collect accurate responses.
9
1.7 Scope of the Study
1.7.1 Content Scope
In undertaking the research, much attention was focused on how operational risk
management is being used to prevent fraud. This took into consideration the ORM in
Fraud governance, bank’s response plan to frauds and prevention mechanisms before
and after the adoption of operational risk management.
1.7.2 Time Scope
The researcher considered event that happened in the last 6 years, that is 2012-2017
1.7.3 Geographic Scope
Research focused on KCB Rwanda and its branches across the country and the content
was only limited to how operational risk management can be used as a tool to detect and
mitigate fraud.
1.8 Organization of the Study
This proposal is made of five chapters. Chapter one briefly introduces the study and
gives the background, research objectives, research questions, significance, limitations
and scope of the study. The chapter concludes with organization of the study. Chapter
two discusses the review of related literature, empirical literature, theoretical literature
and summary included, and chapter three stresses on research design and methodology.
The fourth chapter presents, interprets, discusses and analyzes findings according to the
study specific objectives. Finally, the last chapter summarizes key findings discussed in
chapter four. It provides concluding remarks to the study and proposes recommendations
to the study. The chapter gives suggestions for further studies.
10
CHAPTER TWO: REVIEW OF RELATED LITERATURE
2.0 Introduction
In this chapter, the research discusses the theoretical and empirical literature of
operational risk management and the way it has been used as a tool to prevent and
mitigate frauds focusing on the financial institutions.
2.1 Theoretical Literature
2.1.1 Operational Risk Management
There has been growing interest in operational risk management both by policy makers
and in literature by scholars. Operational risks refer to the risk of loss resulting from
inadequate or failed internal process, people and systems (Basel, 2001). From this
definition, it is clear that operational risk management has a great importance in
financial institution since they rely heavily on the components of operational risks to
provide the service to their customers.
A simple vision of successful risk taking is that organizations should expand their
exposure to upside risks while reducing the potential for downside risks thus adopting
prudential risk management strategies(Birindelli, & Ferretti, 2017).There is no single,
universally accepted definition of the word risk and this means that it is used to describe
many different situations. In most of the published definitions, the underlying concept in
the description of the term risk is a phenomenon closely associated with uncertainty of
events (Poojari, 2003). However, in light of corporate risk management and insurance,
Risk can be defined as the threat that an event or action will adversely affect the
11
Organization’s ability to maximize shareholder value and to achieve desired business’s
objectives (Young,2012).
Risk Management has been defined as a group of actions that are integrated within the
wider context of a company or organization, which are directed toward assessing and
measuring possible risk situations as well as elaborating the strategies necessary for
managing them (Hopkin, 2010). Risk management encompasses; identifying and
assessing risks inherent to an organization and then responding to them in a manner that
will reduce their impact and maximize the shareholder value (Rejda 2008). It comprises
the activities and actions taken to ensure that an organization is conscious of the risks it
faces, makes informed decisions in managing these risks, and identifies and harnesses
potential opportunities (Comcover, 2008).
Managing risks well requires careful considerations of the key concepts of minimizing
loss, maximizing opportunity and preparing for uncertainty. These concepts should be
outlined in the organization’s management framework that enlists a structured approach
to managing risks and developing a culture of positive risk management within the
organization. Risk management is also a developing subject, not least because the
economic, social, legal, technical and political environments in which organization
operate are constantly changing (Poojari, 2003). This implies that the effective risk
management within an organization require a proactive approach in responding to the
ever evolving challenges in the work place and the general business environment.
Bessis (2010) determines that the objective of risk management is to survey risk with
specific end goal to monitor and control them to serve other key capacities in a bank
notwithstanding its direct financial function. These comprise of helping with the release
12
of the bank's definitive procedure by furnishing it with a superior perspective without
bounds and accordingly characterizing proper business strategy and helping with
creating game changers through the computation of right pricing and the plan of other
differentiation methods taking into account clients' risk profiles.
2.1.2 Operational Risk Assessment
Risks not only come from the external environment but also from within the
organization posing a greater threat to successful realization of its objectives.
Operational risk is considered internal if the financial institution has control over it, and
external if it is due to uncontrollable events such as natural disasters, security breaches,
political risk (Hull, 2007). Among those risks internal to the organization are the
operational risks which result from the day to day running of the organization. The Basel
Committee on Banking Supervision 2010 identified seven categories of operational risk
exposures which are applicable in the general financial services sector. They include;
internal fraud, external fraud, employment practices and workplace safety, clients,
products and business practices, damage to physical assets, business disruption and
system failures and execution, delivery and process management. These risks can be
managed by designing workable business continuity programs within the organizations
operations to anticipate the risk and devise proper recovery mechanisms. An
organization therefore needs to develop a clear program in which these risks are
comprehensively identified, listed, and prudently managed to minimize their effects on
the firm’s profitability (Gokte, 2012). Operational risks management therefore has been
defined as, the anticipation, analysis and modification of operational risks within an
13
organization in a structured format, using clearly defined programs and risk management
tools to reduce the probability of an unfortunate occurrence (Bagchi, 2008).
The first step of managing operational risk is to identify it. According to Muermann and
Oktem (2002), identifying operational risk is especially challenging in banking industry
because the operational factors are not well defined. Geiger (2000) suggested using a
risk identification matrix (RIM) to identify and segregate operational risk. The causes
aroused to differentiate the operational from other risks. Operational risks are all
unexpected losses, which have their origin in internal errors, or staff related deficiencies
in the processes and systems and also in external events. Risk identification and
assessment are fundamental characteristics of ineffective operational risk management
system. Effective risk identification considers both internal factors and external factors.
Sound risk assessment allows the bank to better understand its risk profile and allocate
risk management resources and strategies most effectively. Calomir is and Herring
(2002) stated that firms in general, respond to risks in three different ways: "lay off' the
risk, try to reduce the risk; and retain the risk and deal with it by actively managing it.
The exact approach a bank adopts for dealing with its risks depends on both the nature
of risk and the strategy of the individual organization. This view is also supported by
Lopez (2002), when he stated that there was so far no clearly established single way or
approach to manage operational risk and that each bank would establish and develop its
own method.
Bloom and Galloway (2000) and Allen and Saunders (2002) all agreed that many banks
currently adopt a top-down approach, i.e. using a percentage of their non-interest
expenses to calculate their operational risk capital. Fung (2006) indicated that there are
14
a number of drawbacks of this approach. This approach does not truly reflect a bank's
risk profile against which the capital is required. It is only a rough estimate of the
amount of insurance the bank should be carrying to mitigate the effects of potential
exposure to operational risk.
It is clear that this top-down approach could no longer meet the real business needs of
banks, which increasingly require a more sophisticated means of assessing and
mitigating operational risk. For this reason, some of the banks are switching to a bottom-
up approach, which can provide a better approach to risk management. A bottom-up
approach evaluates operational risk from the perspective of individual business unit that
make up an organization’s production process. The advantage of this approach is that it
creates a loop so that banks can avoid the worst repercussions of operational failures,
such as crisis management and management shake-ups (Birindelli & Ferretti, 2017).
In order to manage Fraud risk, organizations should periodically identify the risks of
Fraud within their organization. Fraud risks should be identified for all areas and
processes of the business and then be assessed in terms of impact and likelihood. In
addition to the monetary impact, the assessment should consider non-financial factors
such as reputation. An effective Fraud risk assessment will highlight risks previously
unidentified and strengthen the ability for timely prevention and detection of fraud.
Opportunities for cost savings may also be identified as a result of conducting the Fraud
risk assessment (Scott, Thompson& Calkin, 2013).
Operational risk management in banks has been increasingly emphasized in the past
decade. Big financial scandals, frauds and information technology system failures are
important drivers for the greater attention both inside and outside banking institutions to
15
their exposures to and internal handling of such risk. The exposure to different kinds of
operational risk is nothing new for the individual bank. But as Moosa (2007) stresses the
trend towards greater dependence on technology, more intensive competition, and
globalization have left the corporate world more exposed to operational risk than ever
before. For banks, the occurrence of an extreme and major “one-off event in its daily
operations may even be more damaging than its credit losses in connection to the current
collapse of the financial markets. However, the ability of the bank to properly assess and
control, or hedge itself against, the negative economic consequences of such events
seems to be less developed than its management of credit and market risks ( Flores,
Ponte & Rodríguez, 2006).
2.1.3 Operational Risk Controls Implementation
The Basel Committee on Banking Supervision has identified seven categories of
operational as; Internal and External Fraud, Client, product and business practices,
Business disruptions and system failures, Execution, delivery and process management.
Internal Fraud refers to the acts intended to defraud, misappropriate property or
circumvent regulations, the law or company policies which involve at least one party
internal to the organization. External Fraud refers to the acts by third parties intended to
defraud, misappropriate property or circumvent the law. Examples include forgery and
damage from computer hacking (Basel, 2003).
Fraud can be committed by various stakeholders ranging from customers, suppliers, to
organizations own blue collar workers, clerical workers and managers (Sadgrove 2005).
Report by Ernst and Young (2013)on global Fraud survey indicated that some of the
preconditions that allow Fraud to be committed are the existence of an opportunity to
16
steal and lack of control. The report recommends that the solution to Fraud risk lies in
the need to raise standards to march the rising intensity of Fraud risk as well as seeking
for better rather than more information. Client, product and business practices arise from
unintentional or negligent failure to meet professional obligations to specific clients or
from the nature or design of a product. Examples include; misuse of confidential
customer information, money laundering and the sale of unauthorized products (News
track Corporate News; Issue1, 2013-2014).
Business disruptions and system failures can emanate from the disruption of business or
system failures. Examples could include; hardware and software failures,
telecommunication problems and utilities outage. Execution, delivery and process
management risks include; failed transaction processing or process management, and
relations with trade counter- parties and vendors. Banks must assess their exposure to
each type of these risks in all its lines of business right from customer acquisition to
claim settlement (Hull, 2007).
Fraud risk is a contributor to the operational risks of a business. Operational risks refer
to the errors and events in a transaction or process that put the assets of the business at
risk. Some of the risks considered as operational risks include: incorrect and intentional
false accounting, theft of assets or misappropriation of assets. Most banks focus on a
limited number of risks mostly commonly of third party thefts but it’s important to
classify risks to possible type of offence and the potential perpetrators (Gates & Jacob,
2009).
It is important to assets Fraud risk in each and every area of the business. However,
special attention must be granted to high risk areas and departments such as cash and
17
cash management, payments, sales and fixed assets. Management and acquisition of
loans is also a key area of Fraud risk management. As most researchers have found,
Fraud has a significant negative impact on the sustainability and profitability of a
business. Businesses must therefore invest time and resources to the identification,
management and control of fraud(CIMA, 2009). Further, existing studies have shown
that the most effective methods of combating Fraud include: reducing the motive of
employees, enhancing internal controls thus reducing opportunities and ensuring that
there is no justification of acts of Fraud through proper supervision and implementation
of rules and regulation plus punitive action against Fraud (CIMA, 2009). Kingsley
(2012) noted that to reduce cases of Fraud while enhancing the Fraud detection and
prevention strategies, businesses must have internal control systems embedded in the
operational framework. Fraud in the banking sector and indeed in all businesses can be
reduced if all control devices built into the system are implemented, enhanced and
respected.
Banks incur substantial operating costs by refunding customers’ monetary losses (Gates
&Jacob, 2009), while bank customers experience considerable time and emotional
losses. They have to detect the fraudulent transactions, communicate them to their bank,
initiate the blocking and re-issuance or re-opening of a card or account, and dispute the
reimbursement of their monetary losses (Douglass & Malthus, 2009). It is therefore in a
bank’s self-interest to put measures to prevent Fraud or detect it as soon as it happens.
An anti-Fraud strategy includes elements of prevention, detection, deterrence and
response.
18
Business must develop concise and clear strategic responses towards fraud. This will
include effective communication on the seriousness of Fraud and the probable punitive
measures taken due to Fraud in the business. Identified cases must form case studies and
examples of the stern action taken by the business against fraud. This is one of the most
effective ways to combat Fraud in the organization (CIMA, 2009).
This is designed to promote operational efficiency, provide dependable financial
statistics ,protect the assets and records and encourage adherence to prescribed policies.
A sound internal control system have features that promote efficiency and effective
tracking of transactions and ensuring that all activities are properly authorized, recorded,
and reconciled(Kingsley, 2012).
According to Gates and Jacob, (2009) an internal control system should have all
principles and procedures that support the organizations effective and effective
operation. They deal with things like approval and authorization procedures, restrictions
and control over transactions, reconciliation of activities and accounts and provision of
security to assets. The number of internal controls that an organization can have depends
on nature and size. Internal controls minimize fraud. Examples of such controls may
include requirement of multiple signatures for high value transactions, restriction
belongings that can be brought into an office and conducting random searches.
As part of the risk management framework, the organization must review the internal
controls and ensure that any weaknesses in the internal controls are addressed.
Furthermore, the organization has the responsibility of ensuring that internal controls are
assessed and updated to meet global trends and best practices constantly. This will
19
reflect good practice. Finally, these internal controls should be entrenched within the
organization culture and operations (CIMA, 2009).
Therefore as stated by Yoon (2003), sound internal controls will help in reducing the
possibility of significant human errors and irregularities in internal processes and
systems, and will assist in their timely detection when they do occur. Operational risk
inputs play a significant role in both the management and measurement of operational
risk. Operational risk inputs aid the organization in identifying the level and trend of
operational risk, determining the effectiveness of risk management.
Attitudes within an organization often lay the foundation for a high or low Fraud risk
environment. Where minor unethical practices may be overlooked (e.g. petty theft,
expenses frauds), larger frauds committed by higher levels of management may also be
treated in a similar lenient fashion. In this environment there may be a risk of total
collapse of the organization either through a single catastrophic Fraud or through the
combined weight of many smaller frauds. Organizations which have taken the time to
consider where they stand on ethical issues have come to realize that high ethical
standards bring long term benefits as customers, suppliers, employees and the
community realize that they are dealing with a trustworthy organization. They have also
realized that dubious ethical or fraudulent practices because serious adverse
consequences to the people and organizations concerned when exposed. The definition
of good ethical practice is not simple. Ideas differ across cultural and national
boundaries and change over time. But corporate ethics statements need not be lengthy to
be effective (Cristina, 2008; Lehman, 2000).
20
Almost every time a major Fraud occurs many people who were unwittingly close to it
are shocked that they were unaware of what was happening. Therefore, it is important to
raise awareness through a formal education and training program as part of the overall
risk management strategy. Particular attention should be paid to those managers and
staff operating in high risk areas, such as procurement and bill paying, and to those with
a role in the prevention and detection of fraud, for example human resources and staff
with investigation responsibility (Adusei-Poku, K., 2005).
Establishing effective reporting mechanisms is one of the key elements of a Fraud
prevention program and can have a positive impact on Fraud detection. Many frauds are
known or suspected by people who are not involved. The challenge for management is
to encourage these ‘innocent’ people to speak out to demonstrates that it is very much in
their own interest. Research by the IBE has shown that although one in four employees
is aware of misconduct in the workplace, over half of those people stay silent (Leap
2007).
An internal control system comprises all those policies and procedures that taken
together, support an organization’s effective and efficient operation. Internal control
typically deal with factors such as approval and authorization processes, access
restrictions and transaction controls, account reconciliations and physical security. These
procedures often include the division of responsibilities and checks and balances to
reduce risk (Leap, 2007).
Pre-employment screening is the process of verifying the qualifications, suitability and
experience of a potential candidate for employment. Techniques used include
confirmation of educational and professional qualifications, verification of employment
21
background, criminal history searches, and credit checks. For all screening, the
organization must obtain the individual’s written permission and all documents must
bear the individual’s name. Screening applicants should reduce the likelihood of people
with a history of dishonest or fraudulent behavior being given a role within the
company, and is therefore an important Fraud prevention procedure. A significant
proportion of CVs contain serious discrepancies, and in Fraud cases investigated, there
are often signs in the employee’s background that would have been a warning to a
potential employer had screening been conducted. Research has also shown that
employers who conduct pre-employment screening experience fewer cases of Fraud by
employees (Mikes, 2009).
2.1.4 Operational Risk Monitoring
The operational risks revive in financial institutions because of their activities and their
main mandate. Banks have processes and procedures that all the units, departments and
branches must follow to have one language across. This presents a high risk because
established processes and procedures can fail and this failure can be disastrous because
it is followed everywhere. The entire organization risk management is monitored and the
necessary adjustments are done. Monitoring is accomplished through ongoing
management activities, separate evaluations, or both. Financial institutions nowadays are
facing technological pressure to automate services and newly implemented or old
systems are ever facing the risks such as denial of services, hacking or the systems are
vulnerable to be exploited by external parties (Adeyemo, 2012).
The causes of operational risks results from the normal business activities of the
financial institutions and are present everywhere through the service delivery channels
22
both internally and externally. It is important to note that most of the external events that
affect the normal business activities are classified under the operational risks (Acharyya
2010, Goldstein, et al. 2010).Some people with good objective principles can fall into
bad company and develop tastes for the fast life, which tempts them to fraud. Others are
tempted only when faced with ruin anyway. Globalization and new technology have
provided banking industry with profit making opportunities but have also made it more
vulnerable to operational risk, (Bloom &Galloway, 1999).
It seems that the industry’s risk control capability has not kept pace with these
developments as proved by, example the Barings Bank saga in 1995. The occurrence
together with many others motivated banks to take a more proactive approach to
operational risk management. Davies and Haubenstock (2002) mentioned that good
operational risk management needed the support and involvement of senior management
who could decide that operational risk was important and deserved attention and the
most important point was to allocate resources accordingly. Without their support,
operational risk management will be ranked on the last on the list or will be only carry
out with the minimum requirement of regulatory body. One important point is that the
senior management should play an important role in establishing a corporate
environment in which operational risk management can flourish (Croupy, Gala and
Mark, 2001).Banks should implement a process to regularly monitor operational risk
profiles and material exposures to losses. There should be regular reporting of pertinent
information to senior management and the board of directors that supports the proactive
management of operational risk.
23
2.1.5 Operational Risk Management and Fraud Mitigation
Many of the world’s most prominent organizations have experienced large-scale frauds.
These frauds have had disturbing effects on our world’s economy. Bank Fraud is the
loss resulting from inadequate or failed internal processes, people and systems, or from
external events. Given the prevalence of Fraud and the negative consequences associated
with it, there is a compelling argument that organizations should invest time and
resources towards tackling fraud. There is, however, sometimes debate as to whether
these resources should be committed to Fraud prevention or Fraud detection. (Fraud risk
management, 2008).
According to Dolan (2004) the Fraud management lifecycle is made up of eight stages.
Deterrence, the first stage, is characterized by actions and activities intended to stop or
prevent Fraud before it is attempted; that is, to turn aside or discourage even the attempt
at Fraud through, for example, card activation programs. The second stage of the Fraud
Management Lifecycle, prevention, involves actions and activities to prevent Fraud from
occurring. In detection, the third stage, actions and activities, such as statistical
monitoring programs are used to identify and locate Fraud prior to, during, and
subsequent to the completion of the fraudulent activity.
The intent of detection is to uncover or reveal the presence of Fraud or a Fraud attempt.
The goal of mitigation, stage four, is to stop losses from occurring or continuing to occur
and/or to hinder a fraudster from continuing or completing the fraudulent activity, by
blocking an account, for example. In the next stage, analysis, losses that occurred
despite deterrence, detection, and prevention activities are identified and studied to
determine the factors of the loss situation, using methods such as root cause analysis.
24
The sixth stage of the Fraud Management Lifecycle, policy, is characterized by activities
to create, evaluate, communicate, and assist in the deployment of policies to reduce the
incidence of fraud. Balancing prudent Fraud reduction policies with resource constraints
and effective management of legitimate customer activity is also part of this stage
(Dolan, 2004).
Investigation, the seventh stage, involves obtaining enough evidence and information to
stop fraudulent activity, recover assets or obtain restitution, and to provide evidence and
support for the successful prosecution and conviction of the fraudster(s). Covert
electronic surveillance is a method used in this stage. The final stage, prosecution, is the
culmination of all the successes and failures in the Fraud Management Lifecycle. There
are failures because the Fraud was successful and successes because the Fraud was
detected, a suspect was identified, apprehended, and charges filed. The prosecution stage
includes asset recovery, criminal restitution, and conviction with its attendant deterrent
value (Yaukey, 2002).
2.2 Empirical literature
Suren (2016) carried a research on Operational Risk Management in Financial
Institutions: A Literature Review. Following the three-pillar structure of the Basel II/III
framework, the article categorizes and surveys 279 academic papers on operational risk
in financial institutions, covering the period from 1998 to 2014. In doing so, different
lines of both theoretical and empirical directions for research are identified. In addition,
this study provides an overview of existing consortia databases and other publicly
available sources on operational loss that may be incorporated into empirical research,
as well as in risk measurement processes by financial institutions. Finally, the paper
25
highlighted the research gaps in operational risk and outlined recommendations for
further research.
Abiola, (2009) in her research An Assessment of Fraud and its Management in Nigeria
Commercial Banks. The research aimed at finding practical means of minimizing the
incidence of Fraud in Nigerian banks. During the course of the investigation efforts were
made to identify various means employed in defrauding banks and at the same time
determine the effects of Fraud on the banking services. Findings revealed that so many
factors contributed to incidence of Fraud in the banks amongst which include poor
management of policies and procedures; inadequate working conditions; bank’s staff
staying longer on a particular job, and staff feeling frustrated as a result of poor
remunerations.
Akindele, (2011) investigated on Fraud as a negative catalyst in the Nigerian Banking
Industry. The researcher was interested on this topic since Fraud in the Nigerian
Banking Industry before the merger and acquisition and recapitalization efforts was at
alarming rate. It had caused many banks to collapse, and many investors and depositors
funds were trapped in. The study was a survey research and questionnaire was used for
the collection of primary data while libraries, journals, write-ups, seminar papers and
books by popular authors were used for secondary data. The findings showed that lack
of adequate training, communication gap, and poor leadership skills were the greatest
causes of Fraud in Nigerian banking industry. It was concluded that adequate internal
control system should be put in place and that workers satisfaction and comfort should
be taking care off.
26
A more related empirical research is by Namanda (2010) entitled the role of operational
risk management strategies in combating Fraud in financial institutions taking a case
study of Standard chartered Bank, Uganda. The main aim of study was to establish the
role of operational risk management in combating Fraud in banking institutions focusing
on Standard Chartered Bank. A cross sectional research design was used to collect data
from various departments such as Operations, Credit, risk/ Audit and Treasury
departments. Purposive sampling technique was used to select 50 respondents from the
staff of Standard Chartered bank. The main findings revealed that operational risk
management strategies greatly impact on the risk of fraud; hence the risk of Fraud
reduces.
2.3 Critical Review and Research Gap identification
This section provides a critical review of the literature discussed in previous section. In
the research conducted by Suren (2016) the main concentration was on theoretical
literature. Though the paper highlighted the research gaps in operational risk and
outlined recommendations for further research, it does not have any empirical
investigation.
On her part Abiola, (2009) in conducted a research aimed at finding practical means of
minimizing the incidence of Fraud in Nigerian banks. During the course of the
investigation efforts were made to identify various means employed in defrauding banks
and at the same time determine the effects of Fraud on the banking services. This
research hence concentrated on Fraud and does not therefore link operational risk
management practices. Akindele, (2011) research was interested on Fraud in the
27
Nigerian Banking Industry without much emphasis on operation risk. Namanda (2010)
had a more related research but the main issues is that her work is not yet published.
2.4 Theoretical Framework
2.4.1 Fraud Triangular Theory
In1950, Cressey, started the study of Fraud by arguing that there must be area son
behind everything people do. Questions such as why people commit Fraud led him to
focus his research on what drives people to violate trust. He interviewed 250 criminals
in a period of 5 months and concluded that employees who commit Fraud generally are
able to do so because of the interaction between perceived pressures (usually financial),
perceived opportunity and rationalization. Hence the theory is known as triangular
because it involves three key aspects that lead to fraud. Perceived pressure or incentive
relates to the motivation that leads to unethical behaviors. Every Fraud perpetrator faces
some type of pressure to commit unethical behavior. Albrecht et al. (2006) pointed out
that, the word perceived is important because pressure does not have to be real; if the
perpetrators believed that they are pressurized, this belief can lead to fraud. Perceived
pressure can result from various circumstances, but it often involves a non-sharable
financial need. Financial pressure has a major impact on an employee’s motivation and
is consider the most common type of pressure.
The second necessary element for Fraud to occur is perceived opportunity. Opportunity
is created by ineffective control or governance system that allows an individual to
commit organizational fraud. In the field of accounting, this is termed as internal control
weaknesses. The concept of perceived opportunity suggests that people will take
advantage of circumstances available to them (Kelly and Hartley, 2010). Perceived
28
opportunity is similar to perceived pressure in that the opportunity does not have to be
real. The perpetrator must simply believe or perceive that the opportunity exists. In most
cases, the lower the risk of being caught, the more likely it is that Fraud will take place
(Cressey 1953). Other factors related to perceived opportunity can also contribute to
fraud, such as the assumption that, the employer is unaware, the assumption that
employees are not checked regularly for violating organizational policies, the belief that
no one will care, and that no one consider the behavior to be a serious offense (Sauser,
2007).
The third element of the FTT is rationalization. This concept suggests that the
perpetrator must formulate some type of morally acceptable rationalization before
engaging in unethical behavior. Rationalization refers to the justification that the
unethical behavior is something other than criminal activity. If an individual cannot
justify unethical actions, it is unlikely that he or she will engage in fraud. Some
examples of rationalizations of fraudulent behavior include “I was only borrowing the
money”, “I was entitled to the money”, “I had to steal to provide form family”, “I was
underpaid/my employer had cheated me” (Cressey, 1953). It is important to note that
rationalization is difficult to observe, as it is impossible to read the perpetrator’s mind
(Cressey 1953 in Wells, 2005). Individuals who commit Fraud possess a particular
mind-set that allows them to justify or excuse their fraudulent actions (Hooper and
Pornelli, 2010).
A development of the Fraud triangular theory is the Fraud diamond theory by Wolfe and
Hermanson (2004). It is generally viewed as an expanded version of the FTT with a
fourth aspect of fraud, namely, capability. According to Wolfe and Herman son
29
(2004:38) Opportunity opens the doorway to fraud, and incentive (i.e. pressure) and
rationalization can draw a person toward it. However, the person must have the
capability to recognize the open doorway as an opportunity and to take advantage of it
by walking through, not just once, but repeatedly. With the additional element presented
in the FDT affecting individuals’ decision to commit fraud, the organization and
auditors need to understand employees’ individual traits and abilities in order to assess
the risk of fraudulent behaviors in the public sector. The elements of FDT are
interrelated to the extent that an employee cannot commit Fraud until all of the elements
are present. The theory proposes that pressure can cause someone to seek opportunity,
and pressure and opportunity can encourage rationalization. At the same time, none of
these two factors, alone or together, necessarily cause an individual to engage in
activities that could lead to Fraud until the fraudster has the capability to do so (Hooper
and Pornelli, 2010). The additional element, i.e., capability is what differentiates the
FDT of Wolfe and Herman son (2004) from the FTT of Cressey (1950).
2.4.2 X Efficiency Theory
Leibenstein (1966) introduced the X-efficiency theory. The theory is sometimes also
referred to as X-inefficiency theory. This theory states that firms are inefficient if they
allocate too many inputs without proper management. This theory also describes all the
technical and locative efficiencies of individual firms that are not scale or scope
dependent. Thus X-efficiency is a measure of how well management is aligning
technology, human resource management, and other resources to produce a given level
of output. The X efficiency hypothesis argues that financial institutions with better
management and practices control costs and increase profit, moving the firms to best-
30
practice, lower bound cost curve. This theory postulates that Fraud occurred where
operational management of allocated resources is not effective. This theory further
views that employees will commit Fraud in environments with poor internal control
systems. This ends up creating inefficiency in organizations which in turn can lead to
cases of mismanagement and cases of fraud.
2.5 Conceptual framework
Independent variables Dependent variables
Intervening Variables
Source: Researcher, 2018
Figure 2.1: Conceptual Framework
The conceptual framework has three concentric coops superimposed, with the left one
providing the operational risk management practices. The first cage shows the main
Operational risk Management
Practices
Operational risk Assessment
Operational Risk Controls
Implementation
Operational Risk Monitoring
Operational Risk enforcement
Fraud Mitigation
Fraud deterrence
Fraud prevention
Fraud investigation
Fraud prosecution
Risk management policies
Organizational structure
Government policy &Central
bank regulations
ICT development in the country
31
elements of operational risk management practices that are operational risk assessment,
controls implementation and monitoring.
This is radiating towards the right coop which shows the study’s dependent variables
(Fraud mitigation aspects). Then Fraud mitigation aspects include Fraud deterrence,
Fraud prevention Fraud investigation and prosecution. The down coop clearly shows the
intervening or contributing factors that helps the operational risk management to have
successful effect on Fraud mitigation.
2.6 Summary
This chapter focused on the concepts of operational risk management practices in
commercial banks. From this literature review it is evident that operational risk
management is current an important topic in the banking industry compared to the
increasingly technological environment. It seems the main operation exposures to a bank
fall within the broad categories of people, processes, systems and those factors outside
the direct control of the bank. It is also evident that a bank risk manager should consider
the outcomes of more than one results methodology before making crucial risk
management decisions in order to insure sound decision making. Also the role of the
board of directors, line managers and internal audit are emphasized in this discussion to
ensure a sound operational risk management. Policies and procedures, internal controls
and risk reporting are the other elements of risk management which are identified as
forming an important part of operational risk management.
32
CHAPTER THREE: RESEARCH METHODOLOGY
3.0 Introduction
This section puts forward and describes the research method that was used in the study.
It presented the research design, target population, sample design, data collection
method and data analysis procedures. The chapter concluded with ethical considerations.
3.1 Research Design
A research design is used to structure the research, to show how all of the major parts of
the research project, that is the samples or groups, measures, treatments or programs,
and methods of assignment, work together to try to address the central research question
(Mugenda & Mugenda, 2003). The study was both descriptive and correlation in
research design. A descriptive research design is where events are recorded, described,
interpreted, analyzed and compared /contrasted. Descriptive method involves a step by
step collection and presentation of data, using tables, graphs and descriptive statistics to
provide a clue about the study.
3.2 Target Population
Target population refers to the entire group of individuals or objects to which
researchers are interested in generalizing the conclusions. Population is the entire group
of individuals, events or objects having common characteristics (Mugenda & Mugenda,
2003). According to Cooper and Schindler (2006) population is the total collection of
elements about which a researcher wishes to make some inferences. For the purpose of
this study the target population is the staff of KCB Bank Rwanda. According to the
human resource department, the total number of employees in KCB is 224 (Human
33
Resource Department, 2017).However, the target population for this research is those
employees in five departments that are concerned with risk management on daily basis.
Namely, risk and compliance department, internal audit, finance, operations and retail
departments with a total number of 103 employees.
3.3 Sample Design
3.3.1 Sample Size
A sample size is a number of individual selected from a population for a study in a way
that they represent the larger group from which they were selected. It would then be
possible to generalize the characteristics of the sample to the population (Bailey, 1982).
It is a subgroup of the elements of the population selected for participation in the study
(Dattalo, 2008). In order to carry out this study, an appropriate sample was determined
from target population. Since the target population is finite, Yamane’s formula (1967) is
used to estimate the sample size.
Where n is the sample size, N is the total population and e is the sampling
error. By using the formula above when e= 0.5 and N= 103
The sample size n is 54.
34
3.3.2 Sampling Technique
Sampling technique consists of choosing a limited number of individuals, objects or
events for whom the observation allows to read the conclusion that was applicable to the
whole population concerned. The sampling technique to be used is purposive sampling
to ensure that sufficient information is gathered from competent people that deal with
risk management and Fraud mitigation on daily basis. A purposive sample is a non-
probability sample that is selected based on characteristics of a population and the
objective of the study .This method is used to select the most relevant departments in
relation to the operational risk management and Fraud mitigation. Stratified random
technique is then applied to divide the population to different strata where sample sized
are drawn according to their proportion.
Table 3.1 Target Population and Sample Size
Categories Target population Sample selection
Risk & Compliance 7 4
Internal Audit 6 4
Finance 10 6
Operations 20 10
Retail 60 30
Total 103 54
Source: Researcher
35
3.4 Data Collection Methods
3.4.1 Data Collection Instruments
Primary data will be obtained through self-administrated questionnaires and interview.
According to Kothari (2009), a questionnaire is most appropriate tool for collecting
primary data. The questionnaire that was applied was structured in design, to include
closed ended questions. It was divided into two main parts as follows: Part A was used
to collect the General Information about the Respondent while Part B was used in
capturing the specific objectives of study. The questionnaire will make use of a five
point Likert Scale to measure the variables of study.
Furthermore, interview was used to collect primary data to supplement data collected
through questionnaire. According Saunders, Lewis and Thornhill (2007), an interview is
more appropriate where further information about the subject is needed. This is because
by its nature, interview provides the respondents express views in details. Hence, this
tool will be used specifically to gather information from the senior staff.
Secondary data are data gathered by making use of the existing data (Bernard et al,
2002). The main source was the review of internal documents that mainly comprise of
operational risk reports, RCSAs, (Risk control self-assessment) Annual financial reports
and all records containing relevant information. Secondary data complimented primary
data by comparing what was done, what is being done, and bridge information gaps in
information that was gotten from respondents as it is expected that some information
may not be readily provided.
36
3.4.2 Administration of Data Collection Instruments
Every research work has a framework for collecting data. Its function is to ensure that
the required data are collected accurately and economically. Therefore, as far as this
study is concerned, the questionnaire was distributed by the researcher to the respondent.
This will mainly be self-administered where the researcher gives the respondents the
questionnaires and collected the responses the following day. Where appropriate, the
researcher waited for the respondents to fill the questionnaire and go with them the same
day. This process may take a period of two weeks due to delay of responses from some
respondents. The respondents was given an explanation before as to why the researcher
is carrying out the study so as to let them feel free about giving their views towards the
questionnaire. In addition, interview schedule was appropriately planned so as enable
easy facilitation of interview with the senior staff.
3.4.3 Reliability and validity
Research validity is a very vital psychometric property of measurement. Therefore there
was a need to establish it before using the research instruments. According to Borg and
gall (1989), content validity refers to whether an instrument provide adequate coverage
topic. The help and expertise and assistance from the supervisor was much needed in
order to help improve content validity of the findings. The questions appropriateness and
generalization to the topic was validated by the supervisor. To secure on his expertise
and experiences, the supervisor gave various objective advices on the contents and
judged the suitability and relevance of the instruments for this study. His observations,
amendments and recommendations was considered before the final distribution and use
of the questionnaire.
37
The reliability analysis is used to establish both the consistency and stability of the
research instrument. Consistency shows how well the research instrument measures the
model and the conceptual framework. Cronbach’s alpha was used to test for reliability.
This is a coefficient that indicates how well the items in a set are positively correlated to
one another, and its further used to measure the internal consistency of the main
variables of the study. A test is considered reliable if the same results are gotten
repeatedly. Cronbach’s alpha is computed in terms of the average inter correlations
among the items measuring the concept. The closer the Cronbach’s alpha is to 1, the
higher the internal consistency reliability of the research instrument (Saunders, et. al.
2007). In this study the Cronbach’s alpha was calculated using SPSS giving a result of
0.875 which was deemed sufficient to grant reliability of the instrument.
3.5 Data analysis Procedure
Data from the field was edited, coded and tabulated according to themes which emanate
from the research objectives and questions. In this study, data analysis was done using
SPSS in order to facilitate analysis of the significant relationship between variables.
Tables and charts were used for the process of editing and coding. This allowed the
researcher to easily analyze and summarize the findings in accordance with objectives of
the study. Correlation analysis used to identify the relationship between the dependent
variable and the independent variables.
3.6 Ethical Consideration
The researcher will first seek permission to carry out this research from the university
and from KCB human resource management for the study before the collection of the
required data. Each respondent of the study was informed about the purpose and
38
objective of the study and the questionnaires and interview was then be administered.
During this research, the researcher kept his honesty and integrity, in Data collection and
analysis, to serve effectively the institution, the school, further researchers of the topic
and the country. The researcher avoided any kind of bias to provide relevant and reliable
information. The information from respondent was used only for academic purpose and
the researcher is willing to provide explanations, advices or clarification on the subject
matter if need arises.
39
CHAPTER FOUR: RESEARCH FINDINGS AND DISCUSSION
4.0. Introduction
In this chapter the data gathered was presented, analyzed and interpreted using descriptive
analysis approach. A total of 54 questionnaires were distributed to beneficiaries of the
KCB. All distributed questionnaires were filled and returned to the researcher.The
researcher presents the analysis of the data using tables and charts. Also the descriptive
statistics were also used to summarize the objectives. Frequencies and percentages were
also used in order to present the majority response on each variable. The data was
interpreted in line with the objectives whereby narratives were written using simple
English for easy understanding.
4.1. Demographic Characteristics of respondents
Data were collected from the total of 54 respondent’s .In addition; data were collected
from employees and administrative management of Kenya Commercial Bank. It is
recalled that data were collected from key informants in order to have control on
information provided by junior employees for data validity
Table 4.2 Gender of Respondents
Frequency Percent Valid Percent
Cumulative
Percent
Valid Male 31 57.4 57.4 57.4
Female 23 42.6 42.6 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
From the table 4.2, the majority of respondents are men 57.4 % while females are
42.6%. Women's involvement in operational risk management of the bank in Rwanda
40
with reference to KCB is low compared to the number of males. This has been
influenced by cultural factors that did not allow women to run a business without the
permission of husbands. Instead, they had to stay at home to reproduce and raise
children. This helps explain why their involvement is still low, but the government is
encouraging women to be more active in different sectors of the economy.
4.1.2 Age group of respondents
The ages of the respondents were categorized between 18-25 years old, 26-30 years old,
,31-35 year; 36-40 years; 41-45 years; 46-50 years old and above 50 years old as shown
in Table 4.2
Table 4.3 Age of respondents
Frequency Percent Valid Percent
Cumulative
Percent
Valid 18-25 yrs 4 7.4 7.4 7.4
26-30yrs 8 14.8 14.8 22.2
31-35yrs 19 35.2 35.2 57.4
36-40yrs 14 25.9 25.9 83.3
41-45yrs 3 5.6 5.6 88.9
46- 50yrs 4 7.4 7.4 96.3
Above 50
years 2 3.7 3.7 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
As reflected in Table 4.2, 7.4% of respondents were between 18-25 years of age, 14.8%
were 26-30 years old and 31-35 years old were 35.2% of respondents. In addition, 36-40
years were 25.9%; 41-45 years were 5.6% of respondents. In the group of 46-50 years,
there were 7.4% of employees and finally, 3.7% were above 50 years old. This implies
41
that age characteristics was balanced in this study. Omboye (2013) says that age of
respondents is a factor that should be considered in psychology studies and here age of
employees affect operational risks management in banking industry.
4.1.3 Time spent working in this institution
The experience of the respondents was grouped between 1-5 years of experience, 1-5
years, and more than 10 years of experience. Results are presented in Table 4.4
Table 4.4 Time spent working in this institution
Frequency Percent Valid Percent
Cumulative
Percent
Valid 1-5 yrs 29 53.7 53.7 53.7
5-10yrs 16 29.6 29.6 83.3
Above 10 yrs 9 16.7 16.7 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
According to Table 4.4, the majority of respondents have been working in KCB in the in
the period ranged between 1 and 5 years. This means that 53.7% of respondents have an
experience between 1 and 5 years. In addition, 29.6% have an experience between 5
years and 10 years and only one 1.6.7% were experienced enough and had more than 10
years of experience. The high level of experience therefore implied that the respondents
were in position to manage their position with competence and practical skills.
4.1.4 Educational level of respondents
Data findings on educational level of respondents show that most employees can
effective implement operational risk management strategies in accordance with skills
42
they have. However, looking at the table indicate that most employees are more
educated
Table 4.5 Educational level of respondents
Frequency Percent Valid Percent
Cumulative
Percent
Valid Diploma 10 18.5 18.5 18.5
Bachelor 27 50.0 50.0 68.5
Master 14 25.9 25.9 94.4
PhD 3 5.6 5.6 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
According to the data collected presented in Table 4.2, 50.0% of respondents completed
bachelor’s degree from different high learning institutions or universities. In addition,
25.9% of respondents attained master level of education while only 18.5% completed
diploma level. And PhD were 5.6% of respondents
4.1.5. Kind of job hold by the respondents
The researcher asked respondents to specify the role/occupation they have in KCB bank.
Table 4.6 Kind of job hold by the respondents
Frequency Percent Valid Percent
Cumulative
Percent
Valid Head of Department 10 18.5 18.5 18.5
Supervisor 6 11.1 11.1 29.6
Junior Staff 27 50.0 50.0 79.6
Any other job 11 20.4 20.4 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
43
As reflected in Table 4.4, different categories of people who have either interest or
adequate information regarding the functionality and daily operations of KCB Ltd
have participated in this study by providing information on the situation of operational
risks management and Fraud mitigation strategies in KCB Ltd . In this regards, 50.0%
of respondents were junior staff members, 20.4% were occupied any other job in KCB
Ltd, 18.5% of respondents were heads of department, 11.1% of respondents were
supervisors.
4.2 Presentation of findings
This section presents the frequency of responses of the employees which KCB Rwanda
based on the objectives of the study. The study had Fraud risk mitigation) as dependent
variable and operational risk management as independent variable. The employees were
requested to indicate their opinion of the frequency of occurrence on each type of Fraud
risk.
4.2.1 Analysis of Operational risks management practices in KCB Rwanda
The first objective of the current study is to assess operational risk practices used
adopted by Kenya Commercial Bank. Operational risk is defined as the risk of loss
resulting from inadequate or failed internal processes, people and systems or from
external events. This definition includes legal risk, but excludes strategic and
reputational risk.
44
Table 4.7 From the given list tick all the sources that contribute to operational risk.
Frequency Percent Valid Percent
Cumulative
Percent
Valid People 17 31.5 31.5 31.5
Process 27 50.0 50.0 81.5
Systems 10 18.5 18.5 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
Results presented in Table 4.7 show that 33.3% of respondents argued that people
(employees) are the source contributing in operational risk management. Furthermore,
48.1% of respondents witnessed the primordial role that a process can play in
operational risk management. Finally, 18.5% of respondents argued the system used by
the bank can be a helpful source in operational risk management.
The study investigated the presence of these departments in financial organization in
Rwanda. Results are presented in Table
Table 4.8 Presence of operational risk management practices in KCB Bank–
Rwanda
Frequency Percent Valid Percent
Cumulative
Percent
Valid Strongly Agree 20 37.0 37.0 37.0
Agree 17 31.5 31.5 68.5
Not Sure 2 3.7 3.7 72.2
Disagree 8 14.8 14.8 87.0
Strongly disagree 7 13.0 13.0 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
45
It was found that almost all of the respondents of this study strongly agreed that there
were Risk Management Practices in KCB Rwanda Ltd composing of 37.0% total
respondents, and 31.5% of respondents agreed.However,3.7% of participants were not
sure,14.82% of respondents disagreed, and finally 13.0% of respondents strongly
disagreed with the existence of operational risk management practices in KCB-Rwanda.
This may be due to the reason that the departments available were not maximally
utilized in terms of activeness as it is supported by the views of interviewed respondents.
On the other hand, the interview was used to investigate more on the same issue. Most
of the respondents showed that ORM practices were not active hence there were no
effectiveness on controlling daily risks in these banking institutions. Andrew (1995)
asserts that control activities should occur throughout the organization, at all levels and
in all functions.
Table 4.9 The extent KCB conducts risk assessment to daily operational risk
management
Frequency Percent Valid Percent
Cumulative
Percent
Valid Strongly agree 28 51.9 51.9 51.9
Agree 13 24.1 24.1 75.9
Not sure 3 5.6 5.6 81.5
Disagree 5 9.3 9.3 90.7
Storngly disagree 5 9.3 9.3 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
Results presented in Table 4.9 demonstrated responses on risk assessment as one of
operational risk management strategies. In this regards, 51.9% of respondents strongly
agreed that KCB-Rwanda used risk assessment, 24.1% of participants agreed while
46
5.6% were not sure about the position to take. However, 9.3% of respondents disagree
and the same percent strongly disagree. Reconsidering the findings presented in Table
4.9, the researcher conducted that KCB-Rwanda applied risk assessment practices.
Table 4.10 The extent KCB conducts risk control implementation to daily
operational risk management
Frequency Percent Valid Percent
Cumulative
Percent
Valid Strongly Agree 10 18.5 18.5 18.5
Agree 17 31.5 31.5 50.0
Not Sure 7 13.0 13.0 63.0
Disagree 11 20.4 20.4 83.3
Storngly Disagree 9 16.7 16.7 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
Results from Table 4.10 presented responses related to the risk control implementation
practices used in Kenya Commercial Bank. For this reason, 18.5% of respondents
strongly agreed, 31.5% of respondents agree and 13.0% of partcipantswere not sure. In
addition, 20.4% of participant agreed that KCB-Rwanda used highly risk control
implementation in its everyday activities and 16.7% strongly agreed with the statement.
This showed that staff were convinced that the controls in place were adequate even
though it could be improved.
47
Table 4.11 The extent KCB conducts risk monitoring to daily operational risk
management
Frequency Percent Valid Percent
Cumulative
Percent
Valid Storngly Agree 15 27.8 27.8 27.8
Agree 13 24.1 24.1 51.9
Not Sure 9 16.7 16.7 68.5
Disagree 9 16.7 16.7 85.2
Strongly Disagree 8 14.8 14.8 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
Results presented in Table 4.11 demonstrated different risk monitoring practices used in
KCB-Rwanda. In this regards, responses on whether risk monitoring is a key aspect in
risk operational management, 27.8% of respondents strongly agree, 24.1% of
participants agree, 16.7% of respondents were not sure, and 16.7% of respondents
disagree and 14.8% of respondents strongly disagree.
Table 4.12 The extent KCB conducts Operation risks enforcement to daily
operational risk management
Frequency Percent Valid Percent
Cumulative
Percent
Valid Strongly Agree 13 24.1 24.1 24.1
Agree 13 24.1 24.1 48.1
Not Sure 3 5.6 5.6 53.7
Disagree 14 25.9 25.9 79.6
Strongly Disagree 11 20.4 20.4 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
48
Results from Table 4.12 show responses related to operation risks enforcement applied
in Kenya Commercial Bank. In this regards, 24.1% of respondents strongly agreed with
that statement whether, the response plan is adequate, 24.1% of respondents agree and
5.6% of participants neither agree nor disagree. Therefore, 25.9% of participants
disagree while only 20.4% of respondents strongly agree.
4.2.2 Examination of Fraud mitigation strategies used in KCB Rwanda
The second objectives of this study was to determine Fraud risk mitigation strategies
adopted by KCB Bankin Rwanda in order to achieve its predetermined financial
objectives and performance. In this regards, a number of combined initiatives result in
an overall preventative environment in respect of Fraud and corruption. These include
the following but not exhaustive
49
Table 4.13 Provision of Fraud deterrence strategies
Frequency Percent Valid Percent
Cumulative
Percent
Valid Strongly Agree 12 22.2 22.2 22.2
Agree 11 20.4 20.4 42.6
Not Sure 5 9.3 9.3 51.9
Disagree 13 24.1 24.1 75.9
Strongly Disagree 13 24.1 24.1 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
Findings reflected in the Table 4.13 responses on whether Fraud deterrence strategies
are developed in KCB. Results related to this statement, evidenced that 22.2% of
respondents strongly agree, 20.4% of participants agree, 9.3% of respondents neither
agree nor disagree, 24. % of respondents disagree, and 24.1 strongly disagree. The
advanced technology in certain developed countries has built up new forms of password
protection. The password employs biological features of the users or known as
biometrics such as thumbprint, voiceprint, retina pattern and digital signature (Bierstaker
et al., 2006).
In fact, tests can be programmed into live corporate systems in order to provide
continuous monitoring of transactions rather than audit on historical data during normal
audit process. Finally, the researcher found out that increased role of audit committee
can mitigate Fraud risks. The presence of an audit committee has not significantly
affected the likelihood of Fraud but rather it depends on the way audit committee
operates (Alleyne and Howard, 2005).
50
Table 4.14 Presence of Fraud prevention strategies in KCB in daily operational
risk management
Frequency Percent Valid Percent
Cumulative
Percent
Valid Strongly Agree 14 25.9 25.9 25.9
Agree 18 33.3 33.3 59.3
Not Sure 3 5.6 5.6 64.8
Disagree 8 14.8 14.8 79.6
Strongly Disagree 11 20.4 20.4 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
Findings reflected in the Table 4.14 responses on whether Fraud prevention strategy is
developed in KCB. Results related to this statement, evidenced that 25.9% of
respondents strongly agree, 33.3% of participants agree, 5.6% of respondents neither
agree nor disagree, 14.8 % of respondents disagree, and 20.4% of respondents strongly
disagree.
Table 4.15 Presence of Fraud investigation strategies in KCB in daily operational
risk management
Frequency Percent Valid Percent
Cumulative
Percent
Valid Strongly Agree 9 16.7 16.7 16.7
Agree 12 22.2 22.2 38.9
Not Sure 4 7.4 7.4 46.3
Disagree 10 18.5 18.5 64.8
Strongly Disagree 19 35.2 35.2 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
51
Findings reflected in the Table 4.15 responses on whether Fraud investigation strategies
are developed in KCB. Results related to this statement, evidenced that 16.7% of
respondents strongly agree, 22.2% of participants agree, 7.4% of respondents neither
agree nor disagree, 18.5 % of respondents disagree, and 35.2% of respondents strongly
disagree.
Table 4.16 Presence of Fraud prosecution strategies in KCB in daily Fraud
mitigation operations
Frequency Percent Valid Percent
Cumulative
Percent
Valid Strongly Agree 5 9.3 9.3 9.3
Agree 6 11.1 11.1 20.4
Not Sure 3 5.6 5.6 25.9
Disagree 10 18.5 18.5 44.4
Strongly Disagree 30 55.6 55.6 100.0
Total 54 100.0 100.0
Source: Primary data (2018)
Findings reflected in the Table 4.16 responses on whether Fraud prosecution strategies
are developed in KCB. Results related to this statement, evidenced that only 9.3% of
respondents strongly agree, 11.1% of participants agree, 5.6% of respondents neither
agree nor disagree, 18.5 % of respondents disagree, and 55.6% of respondents strongly
disagree.
52
4.2.3 Impact of operational risk management practices on Fraud mitigation in
KCB Rwanda.
The third objective of the present study was to find out the impact of operational risk
management practices on Fraud mitigation in Kenya Commercial Bank. The study had
one dependent variable (Fraud risk mitigation strategies) and one independent variables
namely; operational risks management practices in KCB BankLtd.
Table 4.17 Correlations between each element of operational risk management
practices
Source: Primary data (2018)
Risk
assessment
Risk control
implementation
Risk
monitori
ng
Operation
Risks
Enforcement
Risk
assessment
Pearson Correlation 1 .282* .412** -.847**
Sig. (2-tailed) .039 .002 .000
N 54 54 54 54
Risk control
implementati
on
Pearson Correlation .282* 1 .753** -.662**
Sig. (2-tailed) .039 .000 .000
N 54 54 54 54
Risk
monitoring
Pearson Correlation .412** .753** 1 -.634**
Sig. (2-tailed) .002 .000 .000
N 54 54 54 54
Operation
risks
enforcement
Pearson Correlation -.847** -.662** -.634** 1
Sig. (2-tailed) .000 .000 .000
N 54 54 54 54
*. Correlation is significant at the 0.05 level (2-
tailed).
**. Correlation is significant at the 0.01 level
(2-tailed).
53
According to Table 4.17, the correlation between risk assessment produced Pearson
correlation coefficient .282 and p= 0.038 between Risk control implementation and
operational risk management was .412, p=0.002 between Risk monitoring was 412,
p=0.002 and Operational risk enforcement was -847, p=0.000. This shows that the
relationships were all positive and statistically significant. Each of these elements
significantly increase effective operational risk management practices in KCB-Rwanda.
Table 4.18 Correlations between each element of Fraud Mitigation Strategies in
KCB-Rwanda
Deterrence in
KCB
Fraud prevention
in KCB
Fraud investigation
in KCB
Fraud prosecution in
KCB
Fraud deterrence in KCB Pearson Correlation 1 -.897** .061 -.588**
Sig. (2-tailed) .000 .662 .000
N 54 54 54 54
Fraud prevention in KCB Pearson Correlation -.897** 1 .043 .513**
Sig. (2-tailed) .000
.759 .000
N 54 54 54 54
Fraud investigation in KCB Pearson Correlation .061 .043 1 .359**
Sig. (2-tailed) .662 .759
.008
N 54 54 54 54
Fraud prosecution in KCB Pearson Correlation -.588** .513** .359** 1
Sig. (2-tailed) .000 .000 .008
N 54 54 54 54
**. Correlation is significant at the 0.01 level (2-tailed).
Source: Primary data (2018)
54
According to Table 4.18, the correlation between Fraud deterrence Pearson correlation
coefficient r=-897 and p= 0.000 between Fraud prevention was 0.061=0.662 between
Fraud investigation .043, p=.759 and Fraud prosecution was. This shows that the
relationships were all positive and statistically significant. Each of these elements
significantly increase effective and adequate Fraud mitigation in KCB-Rwanda.
55
Table 4.19 Correlational analysis between ORM and Fraud Mitigation Strategies
Risk
assessme
nt
Risk control
implementatio
n
Risk
monitor
ing
Risks
enforce
ment
Fraud
deterre
nce
Fraud
preventi
on
Fraud
investigati
on
Fraud
prosecution
Risk
assessment
Pearson
Correlation 1 .282* .412** -.847** .835** -.741** -.036 -.374**
Sig. (2-tailed) .039 .002 .000 .000 .000 .796 .005
N 54 54 54 54 54 54 54 54
Risk control
implementati
on
Pearson
Correlation .282* 1 .753** -.662** .670** -.612** .084 -.527**
Sig. (2-tailed) .039 .000 .000 .000 .000 .545 .000
N 54 54 54 54 54 54 54 54
Risk
monitoring
Pearson
Correlation .412** .753** 1 -.634** .626** -.615** -.145 -.448**
Sig. (2-tailed) .002 .000 .000 .000 .000 .297 .001
N 54 54 54 54 54 54 54 54
Operation
risks
enforcement
Pearson
Correlation -.847** -.662** -.634** 1 -.988** .869** -.048 .599**
Sig. (2-tailed) .000 .000 .000 .000 .000 .731 .000
N 54 54 54 54 54 54 54 54
Fraud
deterrence
Pearson
Correlation .835** .670** .626** -.988** 1 -.897** .061 -.588**
Sig. (2-tailed) .000 .000 .000 .000 .000 .662 .000
N 54 54 54 54 54 54 54 54
Fraud
prevention
Pearson
Correlation -.741** -.612** -.615** .869** -.897** 1 .043 .513**
Sig. (2-tailed) .000 .000 .000 .000 .000 .759 .000
N 54 54 54 54 54 54 54 54
Fraud
investigation
Pearson
Correlation -.036 .084 -.145 -.048 .061 .043 1 .359**
Sig. (2-tailed) .796 .545 .297 .731 .662 .759 .008
N 54 54 54 54 54 54 54 54
Fraud
prosecution
Pearson
Correlation -.374** -.527** -.448** .599** -.588** .513** .359** 1
Sig. (2-tailed) .005 .000 .001 .000 .000 .000 .008
N 54 54 54 54 54 54 54 54
*. Correlation is significant at the 0.05
level (2-tailed).
**. Correlation is significant at the 0.01
level (2-tailed).
Source: Primary Data, 2018
56
The table shows the correlation matrix between operational risk management practices
(risk assessment, risk control implementation, risk monitoring and operational risk
enforcement) and Fraud risk mitigation Fraud mitigation strategies in KCB Bankin
Rwanda (Fraud deterrence, Fraud prevention, Fraud investigation and Fraud
prosecution). Analyzing the Table, there is inferred the relationship existent between
Fraud mitigation strategies and risk assessment, risk control implementation, risk
monitoring and operational risk enforcement was positive to the magnitude of 0.894,
0.493, 0.661 and 0.402 respectively. The positive relationship signifies a correlation
between the risk assessment, risk control implementation, risk monitoring and
operational risk enforcement factors and the Fraud mitigation strategies Fraud
deterrence, Fraud prevention, Fraud investigation and Fraud prosecution with risk
assessment having the highest value and Fraud prosecution having the lowest correlation
value.
Nevertheless, all the factors had a significant p-value (p<0.5) at 95 confidential level.
The significance values for relationship between risk assessment, risk control
implementation, risk monitoring and operational risk enforcement were 0.018, 0.031,
0.024 and 0.048 respectively. This implies that risk assessment was the most significant
factor, followed by risk control assessment then risk monitoring while operational risk
enforcement was the least significant.
57
CHAPTER FIVE: SUMMARY, CONCLUSION AND
RECOMMENDATIONS
5.0 Introduction
This chapter presents the summary of findings, conclusions and recommendations
derived from the findings of the study. The chapter also introduces the limitations that
are encountered in the study with suggestions for further research.
5.1. Summary of the findings
The data findings analyzed also showed that taking all other independent variables, a
unit increase in Fraud risk mitigation in KCB Bank in Rwanda. This section presents the
frequency of responses of the employees which KCB Bankin Rwanda based on the
objectives of the study. The study had Fraud risk mitigation as dependent variable and
operational risk management as independent variable. The employees were requested to
indicate their opinion of the frequency of occurrence on each type of Fraud risk.
5.1.1 Analysis of Operational Risks Management Practices in KCB Rwanda
The first objective of the current study is to assess operational risk practices used
adopted by Kenya Commercial Bank. Operational risk is defined as the risk of loss
resulting from inadequate or failed internal processes, people and systems or from
external events. This definition includes legal risk, but excludes strategic and
reputational risk.
Results presented in Table 4.7 show that 33.3% of respondents argued that people
(employees) are the source contributing in operational risk management. Furthermore,
58
48.1% of respondents witnessed the primordial role that a process can play in
operational risk management.
It was found that almost all of the respondents of this study strongly agreed that there
were Risk Management Practices in KCB Bank composing of 37.0% total respondents,
and 31.5% of respondents agreed. This may be due to the reason that the departments
available were not maximally utilized in terms of activeness as it is supported by the
views of interviewed respondents. Results presented in Table 4.9 demonstrated
responses on risk assessment as one of operational risk management strategies. In this
regards, 51.9% of respondents strongly agreed that KCB-Rwanda used risk assessment,
24.1% of participants agreed while 5.6% were not sure about the position to take.
Reconsidering the findings presented in Table 4.9, the researcher conducted that KCB-
Rwanda applied risk assessment practices.
Results from Table 4.10 presented responses related to the risk control implementation
practices used in Kenya Commercial Bank. For this reason, 18.5% of respondents
strongly agreed, 31.5% of respondents agree. Results presented in Table 4.11
demonstrated different risk monitoring practices used in KCB-Rwanda. In this regards,
responses on whether risk monitoring is a key aspect in risk operational management,
27.8% of respondents strongly agree, 24.1% of participants agree. Results from Table
4.12 show responses related to operation risks enforcement applied in Kenya
Commercial Bank. In this regards, 24.1% of respondents strongly agreed with that
statement whether, the response plan is adequate, 24.1% of respondents agree.
59
5.1.2. Fraud Risk mitigation strategies in KCB
The second objectives of this study was to determine Fraud risk mitigation strategies
adopted by KCB Bank in Rwanda in order to achieve its predetermined financial
objectives and performance. In this regards, a number of combined initiatives result in
an overall preventative environment in respect of Fraud and corruption. These include
the following but not exhaustive
Findings reflected in the Table 4.13 responses on whether Fraud deterrence strategies
are developed in KCB. Results related to this statement, evidenced that 22.2% of
respondents strongly agree, 20.4% of participants agree. The presence of an audit
committee has not significantly affected the likelihood of Fraud but rather it depends on
the way audit committee operates (Alleyne and Howard, 2005).
Furthermore, findings on whether, changes in bank organization and activities to
mitigate frauds are identified and implemented in accordance with bank risk profile.
Responses related to whether, appropriate action are taken to correct or avoid the impact
of Fraud and this action is traced until are mitigated.
Findings reflected in the Table 4.14 responses on whether Fraud prevention strategy is
developed in KCB. Results related to this statement, evidenced that 25.9% of
respondents strongly agree, 33.3% of participants agree. Findings reflected in the Table
4.15 responses on whether Fraud investigation strategies are developed in KCB. Results
related to this statement, evidenced that 18.5 % of respondents disagree, and 35.2% of
respondents strongly disagree. Findings reflected in the Table 4.16 responses on whether
Fraud prosecution strategies are developed in KCB. Results related to this statement,
60
evidenced that 18.5 % of respondents disagree, and 55.6% of respondents strongly
disagree.
Furthermore, the researcher revealed that Fraud hotline to be used in mitigating Fraud
risks. The employees should be encouraged to report any suspicious activity without fear
of reprisal that accompanies being a whistleblower (Brody and Pacini, 2006). This
technique does not only serve as an effective detection tool but can function as a
deterrence tool as well, whereby the potential fraudster will likely have to consider the
risks of being caught.
5.1.3 Impact of operational risk management on Fraud mitigation in KCB Rwanda.
The third objective of the present study was to find out the impact of operational risk
management practices on Fraud mitigation in KCB Bank. The study had one dependent
variable (Fraud risk mitigation strategies) and one independent variables namely;
operational risks management practices in KCB Bank Ltd.
According to Table 4.17, the correlation between risk assessment produced Pearson
correlation coefficient .282 and p= 0.038 between Risk control implementation and
operational risk management was .412, p=0.002 between Risk monitoring was 412,
p=0.002 and Operational risk enforcement was -847, p=0.000. This shows that the
relationships were all positive and statistically significant. Each of these elements
significantly increase effective operational risk management practices in KCB-Rwanda.
According to Table 4.18, the correlation between Fraud deterrence Pearson correlation
coefficient r=-897 and p= 0.000 between Fraud prevention was 0.061=0.662 between
Fraud investigation .043, p=.759 and Fraud prosecution was. This shows that the
61
relationships were all positive and statistically significant. Each of these elements
significantly increase effective and adequate Fraud mitigation in KCB-Rwanda.
5.2 Conclusion
From the analysis, it can be noted that the three independent variables had varying
degrees of effect on the financial performance of commercial banks in Rwanda. The
study concludes that operational risk influences the returns of commercial banks
Rwanda positively. The study also deduced that credit risk, Insolvency risk and
Operational efficiency positively influenced the financial performance of commercial
banks in Tanzania. The results are similar to the work of Cebenoyan et al., (1999) and
Saunders and Wilson (2001), who found that there was a negative impact on Return on
Equity ROA, which suggests a relationship between increased financial performance
and operational risk.
Juxtaposing the essence of risk management in banks, and the effectiveness of the Basel
Framework for risk management, there is a substantial argument against the efficiency
of the framework itself. Empirical findings from several studies such as Francis and
Osborne (2009), Borio and Drehmann (2009) and Clement (2010), including this has
shown that risk management efficiency in banks is co-determined by macroeconomic
factors which vary with cycles. These macroeconomic factors have not been well
integrated into the Basel guide. Although other risks rates like credit ratings have been
suggested to qualify.
The study also revealed that Insolvency risk positively influences financial performance
of the Commercial banks in Rwanda. These findings are consistent with the works of
Macha (2010) who stated that Insolvency risk are influences the financial performance
62
of Commercial banks. He further stated that Operational efficiency is attractive as
instrument that can be used to improve the financial performance of commercial banks
.Macha(2010) also in his study on operational risk management in the financial sectors
in Tanzania found that of 56 financial intermediaries, only 20 of them have insurance
against operational risk.
5.3 Recommendations for Policy and Practice
This study established that operational risk management, Fraud risk mitigation strategies
and operations efficiency play a key role on the financial performance of the commercial
banks in Rwanda .This study therefore recommends that the commercial banks should
handle their operations appropriately as the changes in the factors like Insolvency and
Credit risk bring about an effect on the profitability of commercial banks hence effecting
their financial performance. Taking care of these risks will ensure stability at the
Commercial banks sector in Rwanda and help provide funds through credit lending to
businesses which help promote economic development.
This study also establishes that operational risk management are positively correlated
with the financial performance of the commercial banks in Rwanda while Fraud
mitigation strategies negatively influences financial performance of commercial banks
in Rwanda. This study therefore recommends that commercial banks in Rwanda should
balance off their borrowing and deposit rates since these banks are faced with many risk
factors inclusive of operational risk management and Fraud mitigation strategies as these
do affect the financial performance of these commercial banks.
63
5.4 Suggestions for Further Research
This study examines the effects of Operations risk management on the Fraud mitigation
of commercial banks in Rwanda. Because of data unavailability, it was not possible to
include other independent variables in our study. Therefore I suggest further research on
the effects of Operations risk inclusive of those other variables such as capital adequacy
on the financial performance of commercial banks in Rwanda. The study showed that
the Credit risk influences the Fraud risk mitigation in commercial banks in Rwanda .The
analytical model may be incomplete.
For example, the extent of commercial banks‟ foreign operations and ownership
structure might impact on Fraud mitigation. The study excluded these variables due to
data and cost constraints. Future research should consider these issues.
Since the study findings on returns of commercial banks in Rwanda contradicts some of
those done by earlier researchers who had established that Credit risk management, and
Fraud mitigation strategies have a significant positive association with financial
performance such that commercial banks that are more capital-intensive have lower
financial performance. Further studies should be done to establish the cause of such
discrepancy.
64
REFERENCES
Abiola, I. (2009). An Assessment of Fraud and its Management in Nigeria Commercial
Banks. European Journal of Social Sciences – Vol. 10, (4), 628-640.
Ackermann, Thomas, (2011).Consumer Protection and the Role of Advice in the Market
for Retail Financial Services. Journal of Institutional and Theoretical Economics
167, 22–25.
Acoca, Brigitte, (2008).Online Identity Theft: A Growing Threat to Consumer
Confidence in the Digital Economy. Demosthenes Chryssikos/Nikos
Passas/Christopher D. Ram
Adusei-Poku, K.(2005). Operational Risk Management – Implementing a Bayesian
Network for Foreign Exchange and Money Market Settlement, University of
Göttingen
Agena . (2004).Intelligent solutions for quantifying Operational Risk, Agena White
Paper, Agena Ltd.
Akindele R.I (2011). Fraud as a Negative Catalyst in the Nigerian Banking Industry.
Journal of Emerging Trends in Economics and Management Sciences
(JETEMS) 2 (5): 357- 363.
Albrecht, W. S., Albrecht, C. & Albrecht, C. C. (2008). Current Trends in Fraud and its
Detection: A Global Perspective. Information Security Journal Vol.17. Retrieved
from www.ebscohost.com on 11th June, 2017.
Anderson, Keith B./Erik Durbin/Michael A. Salinger, (2008). Identity Theft. The
Journal of Economic Perspectives22, 171–192.
65
Anderson, Ross/Tyler Moore, (2006). The Economics of Information Security. Science
314, 610–613.
Ashforth, Blake E./Vikas Anand, (2003): The Normalization of Corruption in
Organizations. In: Research in Organizational Behavior 25, 1–52.
Bagchi, S. K. (2003). Operational Risk Management: Real time Management Reporting.
Jaico Publishing House.
Basel Committee on Banking Supervision (2013). The Liquidity Coverage Ration and
Liquidity Risk Monitoring Tools, Bank for International Settlements, 1-75.
Basel Committee. (2001). The new Basel capital accord. Consultative Document, Basle,
January.
Bessis, J. (2015). Risk management in banking. John Wiley & Sons.
Birindelli, G., & Ferretti, P. (2017). Operational Risk Management in Banks. London,
UK: Palgrave Macmillan
Bovenzi, J. F. (2015). Inside the FDIC: Thirty years of bank failures, bailouts, and
regulatory battles. NY: John Wiley & Sons.
Calkin, David E.; Ager, Alan A.; Thompson, Matthew P., eds. (2011). A comparative
risk assessment framework:
Cantle, N., Clark, D., Kent, J.,and Verheugen, H. (2012, July). A brief overview of
current approaches to operational risk under Solvency II,Milliman White Paper.
Chapelle, A., Crama, Y., Hübner, G., and Peters, J.-P. (2007 , October). Practical
methods for measuring and managing operational risk in the financial sector:
ScienceDirect, Journal of Banking & Finance 32 (2008) 1049-1061.
66
Chernobai, A.S., Svetlozar T. R, Fabozzi F.J. (2007). Operational Risk: A Guide to
Basel Two Capital Requirements, Models and Analysis. Willey Finance.
Comcover, (2008).Risk Management: Better practice Guide, Commonwealth
Australia,Barton, Department of Finance.
Cressey, D. R. (1953). Other People’s Money. Montclair, NJ: Patterson Smith, pp.1-300.
Deloite & Touche (2007). Management of Operational Risks in Insurance: Current
Situations, trends and Benchmarks when dealing with Operational risks.
University of St. Gallen, Institute of Insurance & Economics.
Flores, F., Bonson-Ponte, E. & Escobar-Rodriguez, T. (2005). Operational Risk
Information System: A challenge for the Banking Sector.Journal of Financial
Regulation and Compliance. Vol.4(1), 21-35.
Fraser, J. & Simkins, B.J (2010). Enterprise Risk Management; Today’s
leadingResearch and Best Practices for Tomorrow’s Executives, River Street,
Willey & Sons
Fraud Advisory Panel, (2006-2007), Ninth Annual Review 2006-2007 Ethical behavior
is the best defense against fraud.
Fung, M. (2006). Identifying Operational Risk Management as a Source of Competitive
Advantage: A preliminary Study of Licensed Banks in Hong Kong.
Gates T. & Jacob K. (2009). Payment Fraud: Perception Versus Reality – A conference
Summary. Economic Perspectives , Vol. 32 No. 1
Hiwatashi, J.,( 2002). Solutions on measuring operational risk.Capital Markets
News,the Federal Reserve Bank of Chicago, (September)
67
Hooper, M. J,. & Pornelli, C. M. (2010). Deterring and detecting financial fraud: A
platform for action. http://www.thecaq.org/docs/reports-and-
publications/deterring-and- detecting
Hopkin, P. (2010). Fundamentals of Risk Management: Understanding, evaluating and
Implementing effective Risk Management, London: Kogan Page Ltd.
Hull, J. (2007). Risk Management and Financial Institutions.International edition.New
Jersey: Pearson Education International.
ISO. 2009. ISO guide 73:(2009), Risk management—Vocabulary. Geneva, Switzerland:
International Organization for Standardization.
http://www.iso.org/iso/catalogue_detail?csnumber=44651 [Accessed March 30,
2016] (See also http://www.iso.org/iso/home/standards/iso31000.htm).
Jobst, M, (2007), Risk Management; What Does the Future Hold? Journal of the Society
of Fellows.
Kelly, P. and Hartley, C. A. (2010). Casino gambling and workplace fraud: a cautionary
tale for managers. Management Research Review , Vol. 33, No. 3, 224-239.
Kingsley, S., A. (2012).Operational Risk and Financial Institutions: Getting Started. Pp.
3–28.
Lambrigger, D.D., Shevchenko, P.V., and Wuthrich, M.V. (2007, July). The
Quantification of Operational Risk using Internal Data, Relevant External Data
and Expert Opinions.
Leibenstein, H. (1966). Allocative efficiency vs. ‘X-efficiency,’ American Economic
Review 56, 392-415
68
Merna, T. & Al-Thani F.F. (2008). Corporate Risk Management, 2ndEd.; WestSussex,
Willey & Sons
Namada, R. (2010) The Role of Operational Risk Management Strategies inCombating
Fraud in Finanacial Institutions. Standard Chartered Bank. Unpublished Masters
Project MAkerere University.
National Bank of Rwanda, (2016). Financial Stability Report. BNR.
National Research Council. (2009). Science and decisions: Advancing risk assessment.
Washington, DC: The National Academies Press. 424 p.
Okezie A. (2012). An Analysis of Fraud in Nigerian Banks. American Charter of
Economics and Finance, Vol. 1 No.2 pp. 60-73.
Rejda, G.E. (2008). Principles of Risk Management and Insurance.10th Ed. New York
Pearson Education Inc.
Sadgrove, W.K (2005). The complete Guide to Business Risk Management; Farnham,
Ashgate Publishing Company.
Scott, Joe H.; Thompson, Matthew P.; Calkin, David E. (2013). Risk assessment
framework.
Sharma, B.R. (2003). Bank Frauds- Prevention & Detection. Universal law Publishing
Co. Pvt .Ltd.
Suren P. (2016) carried a research on Operational Risk Management in Financial
Institutions: A Literature Review. International Journal of Financial Studies
vol.10, 29-38.
69
Taber, Mary A.; Elenz, Lisa M.; Langowski, Paul G. (2013). A guide for applying a risk
management process at the incident level. Gen. Tech. Rep. RMRS-GTR-
298WWW.
The Association of certified Fraud examiners (ACFE), (2008),Report to the Nation on
Occupational Fraud and Abuse,
Thompson, M. P., MacGregor, D. G., & Calkin, D. E. (2016). Risk management: Core
principles and practices, and their relevance to wildland fire. United States
Department of Agriculture, Forest Service, Rocky Mountain Research Station.
Vaughan E. J. & Vaughan T.M. (2003). Fundamentals of Risk and Insurance. 2nd Ed.
New York, John Willey & Sons.
Watt, J. (2008). Risk Management: Better Practice Guide, Commonwealth, Australia.
Wels F. (2004). Corporate Fraud Handbook – Prevention and Detection. Wiley Hard
Cover
Yoe, Charles. (2011). Primer on risk analysis: Decision making under uncertainty. Boca
Raton, FL: CRC Press. 251 p.
Yoon, Y.K. (2003, May).Modelling Operational Risk in Financial Institutions Using
Bayesian Networks.
Ojo, (2008). These ways include management of the banks otherwise referred to as
management fraud; insiders, these perpetrators are purely the employees of the
banks; outsiders, these include customers and/ornon-customers of the banks; and
outsiders/insiders, this is a collaboration of the bank staff and outsiders
Mikes.( 2009).Research has also shown that employers who conduct pre-employment
screening experience fewer cases of Fraud by employees.
70
Yaukey.( 2002). The prosecution stage includes asset recovery, criminal restitution, and
conviction with its attendant deterrent value.
Mugenda & Mugenda.,(2003). A research design is used to structure the research, to
show how all of the major parts of the research project, that is the samples or
groups, measures, treatments or programs, and methods of assignment, work
together to try to address the central research question .
Kothari ,. (2009. Primary data will be obtained through self-administrated questionnaires
and interview.
71
APPENDICES
72
QUESTIONNAIRE
Dear respondent,
I, Joel MBYAYINGABO, a student at Mount Kenya University, is a student in MBA,
Accounting and Finance Option. This questionnaire is to obtain information about how
the operational risk management practices contribute to Fraud mitigation taking a case
study of KCB Bank Rwanda I will be grateful if you help me to get some information
when contacted. All information will be kept confidential and only used for the purpose
of this study. Your time to answer these questions will be highly appreciated.
INSTRUCTIONS
1. Tick the right answer
2. Fill the answer in the space provided
3. Explain in brief where it is required
SECTION A: GENERAL INFORMATION OF THE RESPONDENT
1.
Gender of Respondents (Tick
one 1) Male [], 2) Female [ ]
option only)
2.
Age of Respondents (Tick one
option 1) 18-25 yrs [ ] 5) 41-45yrs [ ]
only) 2) 26-30yrs [ ]
6) 46-
50yrs [ ]
3) 31-35yrs [ ] 7) Above 50 [ ]
4) 36-40yrs [ ]
3.
Time spent working in this
institution 1) 1-5 yrs [ ] 3) Above 10 yrs [ ]
(Tick one option only) 2) 5-10yrs [ ]
73
4.
Education level of Respondents
(Tick 1) Diploma [ ] 3) Master [ ]
one option only) 2) Bachelor [ ] 4) PhD [ ]
5.
The kind of Job hold by
the
1) Head of
Department [] 3) Junior Staff [ ]
respondents (Tick one option
only)
2) Supervisor [
] 4) Any other jobs, Specify
...................................................
SECTION B: QUESTIONS RELATED TO THE RESEARCH TOPIC
Objective One: To analyze the operational risks management practices in KCB
Rwanda
Q1. From the given list, tick all the sources that contribute to operational risk.
a) People
b) Process
c) Systems
Q2. With the given rating, please indicate your degree of agreement or disagreement to
the following statements.
Strongly Disagree
(SD)
Disagree
(D)
Not Sure
(NS)
Agr
ee
(A)
Strongly Agree
(SA)
1 2 3 4 5 Statements S
D
D N
S
A SA
Risk Assessment
1. Identifying the source of risk is an important step
in operational risk management
2. Different sources of risk have different degree of
operation risk
74
3. Fraud detection starts with operational
riskassessment
4. Assessing the internal environment is key to
identifying risk
5. Risk from external environment can also be
controlled
6. Internal sources of risk are more frequent than
external sources
7. External sources of risk have more severe impact
than internal sources
8. Employees and other people contribute a lot to
operational risks
9. In most cases, failure from machines and
processes are because of employees
10. Electronic machines failure in KCB is because of
their age
11. Systems failure increase the risk of Fraud in a
bank
12. Electric power shortage is well taken care of with
an adequate power backup
13. Operational risk awareness minimizes Fraud in
organization
Risk Controls Implementation
14. Having internal control systems put is a key
element in operation risk management
15. ORM involves checking accuracy of accounting
records
16. In this bank, checking transactions are routinely
done
17. Investigation of errors occurring is immediately
done
18. Procurement procedures are well adhered to in
this bank
19. The bank has put into place security measures
especially for identifying account holders
20. Job specification and separation are clearly in
place and respected
21. Physical check and verifications are continuously
carried out by competent persons
22. Auditors both internal and external have their
independence
Risk Monitoring
75
23. Risk monitoring is key aspect in risk operational
management
24. Internal controls that are in place are monitored on
daily basis
25. Process and procedures are closely monitored in
this bank
26. Monitoring of operational risk management
practices is done by separate officers
Q3. Rate the effectiveness of the following on Fraud control in the bank.
Not Effective
(NE)
Least
Effecti
ve (LE)
Not
Sure
(NS)
Effec
tive
(E)
Most Effective
(ME)
1 2 3 4 5
Statements N
E
L
E
N
S
E M
E
27. Strengthening of the internal control and
accounting systems
28. Assessment and prosecution of Fraud cases
29. Promoting an ethical working culture in
employees
30. Timely Fraud investigation procedures
31. Promoting an ethical working culture in
employees
32. Higher remuneration for employees
33. Allowing whistle blowing
34. Hiring highly trained employees
35. Use of ICT protection tools such as passwords
and firewalls
36. Establishing Fraud reporting centers and hotlines
37. Establishment of a control environment and
operational control procedures
76
INTERVIEW GUIDE
1) How long have you been working in the banking Industry?
2) How long have you been employed with KCB Bank?
3) From your experience, what are some of the Operational risks that are inherent in
your department?
4) How frequently does KCB experience utility (Power and Water) outage?
5) How do outages affect operations within your department?
6) What measures have KCB put in place to reduce/minimize the effects of such
downtimes.
7) How does your staff respond to incidences of workplace injuries within your
department?
8) What measures have KCB put in place to identify incidents of Fraud perpetuated by
employees/suppliers/agents/customers?
9) How do you treat the employees/suppliers/agents/customers found to be engaging in
fraudulent activities?
10) What measures have KCB put in place to reduce incidences of mis-selling of your
products by your sales agents/intermediaries?
11) How do you respond to customer complaints following incidences of mis-selling?
77
12) What employee training programmes does KCB have for newly employed staff on:
a. Business processes,
b. Products and operating systems.
c. Money laundering
13) How often does KCB review its authorization and referral policies?
14) How often do you review your checklist of risks inherent to your department?
15) What communication strategies do you employ in enlighten the employees on risks
inherent to your department?