Embed Size (px)
Citation preview
MASTER’STHESIS
Submi t ted i n p a r t ia l fu l f i l lmen t o f the r equ i rement s fo r the Deg ree o f Mas te r de spéc i a l i s a t i on en m i c rof i nance
(Eu ropean Mi c rof in ance P rog ramme)
Operationalriskanalysisanditsmanagement(ExtensiveInternshipReport)
ByAdèleVOYEUX
Supervisor:ProfessorMathiasSchmitAssessor:ProfessorMarekHudonInternshiporganization:CIDERURAL,Lima,Peru
Academic year 2015-16
1
Abstract
As part of my Master’s Degree in Microfinance at the Solvay Business School, I
completed a three months internship from the 14th of May to the 12th of August 2016 at
CIDERURAL, (a second-tier cooperative composed of 13 cooperatives) located in
Lima, Peru, but also in Los Andes, a cooperative that Ciderural serves placed in
Abancay, capital of Apurimac, Peru.
During my studies, I was fascinated by risk management, and its importance in today’s
fast growing microfinance industry. I thus decided to study operational risk in more
detail and analyze how the theories learnt in class are applied in real life and on the
field.
In this report, Los Andes’ operational risk and its management will be analyzed, and
from my observations and experience, recommendations will be provided to improve
the organization’s operations and hence help its development.
Before starting this report, I wanted to personally give my sincere gratitude to the
European Microfinance Program, SOS Faim, Ciderural, and the whole team in the Los
Andes Cooperative to give me the opportunity to conduct this internship in
microfinance, and extend my knowledge on how the various operational risk
management theories learnt in class are applied on the field, and more specially at a
cooperative level.
2
Table of Contents
ABSTRACT 1
I.INTRODUCTION 3
II.PRESENTATIONOFTHECONTEXT,THEINSTITUTIONSANDTHEINTERNSHIP 4
A.THEMICROFINANCEENVIRONMENTINPERU 4B.CIDERURAL 6VISION 7MISSION 7VALUES 7PRINCIPLES 7ACTIVITIES 7ORGANIZATIONALSTRUCUTRE 9STRATEGICALPLAN2014-18 9C.INTERNSHIPGOALS 10D.LOSANDES 12HISTORY 12VISION 13MISSION 13PRODUCTANDACTIVITIES 14
III.OPERATIONALRISKMANAGEMENT 15
A.RIKMANAGEMENT 15COSOINTEGRATEDFRAMEWORK 17B.THEIMPORTANCEOFOPERATIONALRISKMANAGEMENT 19C.THECREDITPROCEDURE 21INFORMATION 22EVALUATION 22CREDITAPPROVAL 23GUARANTEEFORMALIZATION 23DISBURSEMENT 23MONITORING/RECUPERATION 24
IV.LOSANDESOPERATIONALRISKANALYSIS 24
A.METHODOLOGY 24B.LOSANDES’OPERATIONALRISKANALYSIS 261.RISKCULTUREANDOBJECTIVESETTING 262.EVENTIDENTIFICATION 273.RISKASSESSMENT 354.RISKRESPONSE 405.CONTROLACTIVITIES 436.INFORMATIONANDCOMMUNICATION 517.MONITORING 52
V.CONCLUSION 53
REFERENCES 56
APPENDIX 60
3
I. Introduction : Microfinance is perceived as a way to alleviate poverty, and its industry is experiencing
an exceptional annual growth of 15-20% (Etzensperger, 2014). Peru is also part of this
admirable success, as in the last 5 years, it has been recognized with the best financial
inclusion environment (Dabla-Norris, et al., 2014).
Peru’s number of cooperatives is constantly increasing, forming the main part of its
microfinance industry. As the competition is kicking in and the cooperatives are
escalating in size, the need of a risk management department is also augmenting
(Kruijff & Hartenstein, 2014). To be able to stay sustainable over the long term, and
take adequate decisions to meet their social and financial objectives, the cooperatives
first need to be in control and properly manage the risks that can appear along the way
(Mersland & Strøm, 2012).
Operational risk is one of the major risks the cooperatives face. The risk has just been
recently recognized, and as it is a difficult and complex one to manage, the small
institutions just decided to put it aside. In the Banana Skins Report, most of the
microfinance institutions, believe that credit and overindebtedness are the most
important risks they face, and do not consider operations as a crucial one (Lascelles,
Mendelson, & Rozas, 2014). Nonetheless, it can negatively impact the cooperatives
social and financial situation, as it affects member’s satisfaction, reputation, and can
create major financial losses.
Operational risk needs to be studied in detail, to understand its main sources and then
effectively control it. Operational risk can be caused by the personnel, the technology,
the internal processes and some external events (Barrientos, 2015). We will mainly
focus on Los Andes’ credit process and analyze the risks arising from its operations.
The first part of this report is composed of the descriptions of Peru, the institutions I
have been working in, and my internship. In a second part, risk management, and in
particular the importance of operational risk management in the cooperatives is
explained. Finally, in a third part, Los Andes’ operational risk and its management will
be analyzed, accompanied by various recommendations based on my experience, the
observations made and my knowledge in microfinance.
4
II. Presentation of the context, the institutions and the internship
a. The microfinance environment in Peru : “The significant and sustained growth of the Peruvian GDP benefited the poorest, which
resulted in a decrease in inequality” Ana Revenga, Senior Director of the Poverty
Reduction Unit of the World Bank (Bernard, 2015).
Over the past decade, Peru has experienced a favourable external environment, with
prudent macroeconomic policies and structural reforms, that helped it create a high
growth scenario of 5.9%, combined with a low inflation rate of 2.9% (WORLD BANK,
2016). Naturally, this increase in employment and income led to a reduction in the
poverty rates, from 55.6% to 21.8% between 2005 and 2015. Peru is hence known as
having one of the best economic growth and poverty reduction (WORLD BANK,
2016).
Nontheless, the country is still facing a fair share of structural challenges, and is lacking
behind its neighbours. In 2015, the Organization for Economic Cooperation and
Development asked Peru to consider re-examining and reorganising its denomination of
rural and urban regions (Bernard, 2015).
Being a considerable exporter, Peru’s economy is highly influenced by the prices of the
raw materials. Before 2011, the prices were experiencing a boom, being in favour of
Peru, however, after this date they started to fall, damaging the economy. In addition to
this, their main buyer, China, is suffering from a slowdown in its growth, negatively
affecting Peru’s exports (Ministerio De La Producion, 2014). To cope with the
downward trend in material prices, the government decided to implement the National
Plan of Product Diversification (PNDP), whose main objective is to "create new engines
of economic growth with diversification and economic sophistication, reduce
dependency on commodity prices, improve productivity, increase formal employment
and quality, and create sustainable economic growth in the long term" (Ciderural,
2014a). Peru has the advantage of having a very diversified and fertile territory,
composed of 80% of the different microclimates of the world. There is great potential
that hasn’t been fully exploited, and quality products could be produced to meet the
internal and external demand of the country (Ciderural, 2014a).
In order for the Nacional Plan to work, the rural households will need access to finance
to be able to use, control and manage the ressources effectively. Microfinance in Peru
took off in the 1990s, boosted by a new policy framework of economic liberalization,
5
set out in The Other Path, a book written by the famous Peruvian economist Hernando
De Soto (Soto, 1986). He believes that there is a huge economic potential that is locked
in informality.
According to the Global Microscope survey, which assesses the regulatory environment
for financial inclusion across 12 indicators and 55 countries, Peru has the best
microfinance industry, and this for the last 5 years (Dabla-Norris, et al., 2014). This
exeptional financial inclusion environment is mainly caused by the fact that 85% of the
SME’s have a bank account, of which 63% have either a loan or a line of credits. But
the small enterprises and users are completely left out, as the high level of fees and
collaterals demanded are a considerable obstacle for them (Dabla-Norris, et al., 2014).
More than half of the rural households live below the poverty line and 1.3 million
farmers in Peru do not have access to formal financial services (IFC, 2013). Despite the
ever-increasing competition among Microfinance Institutions (MFIs) in the cities,
micro-lending in Peru mostly focuses on the urban areas (IFC, 2013). This is mainly
because they consider the rural clients as non-worthy, due to the remoteness of the areas
and their lack of collaterals. Consequently, small businesses do not have the capacity to
grow, and the households do not have the ability to save, manage risks, and smooth and
diversify their income and consuption (Etzensperger, 2012).
In addition to the unwillingness of the financial institutions to serve the rural areas, the
population is also relunctant to borrow from the institutions as they don’t have the
financial education and the trust needed in them. This is the reason for a low banking
penetration of 29% (of adults have a bank account) when there is a relatively high Gross
National Savings of 23% of the GDP, compared to a 15% one in the LAC (Latin
American) countries (Dabla-Norris, et al., 2014).
In these situations, cooperativism can be seen as a solution to serve the most remote and
poorest areas in Peru, and thus fight against poverty. “A cooperative is an autonomous
association of persons united voluntarily to meet their common economic, social, and
cultural needs and aspirations through a jointly-owned and democratically-controlled
enterprise” (ICA, 2015). With cooperation, cooperatives are here to offer opportunities
to people with short ressources, with quality financial and non-financial services to help
them increase their business and generate better revenues, and finally escape poverty. In
addition to this, the members are chosen carefully, mainly using soft information,
helping them overcome the huge collateral obstacle.
6
b. Ciderural
Ciderural is a Peruvian second-tier cooperative established the 31st of March 2008 by 6
first tier Saving and Loan cooperatives (COOPAC), the NGO SOS FAIM, and a
producer organisation. The main aim of this union is to support the Peruvian agriculture
in line with its social and sevice-oriented mission (Ciderural, 2014a).
Ciderural serves its members in two manners:
- Supplying financial services, such as credits.
- Strenghen the credit unions, by advising them on their products and services,
providing technical assistance, and help them defend the interests of the
cooperative members.
Over the past 6 years, Ciderural grew a lot, and is now composed of 13 Credit Unions –
located in 10 of the 23 different departments of Peru – SOS faim; 4 agricultural
cooperatives and 13 central of producers. The cooperatives are of different sizes, with
the largest one called Los Andes, located in the region of Apurimac, in the south of Peru
(Ciderural, 2014a).
Figure 1: Ciderural and its member cooperative’s location in Peru.[CIDERURAL
Brochure, 2014]
7
Vision
On the long term, Ciderual has a clear vision of being a “central for the cooperatives,
helping them be sustainable by offering them financial and non-financial services for
the well development of their members and the rural sector” (Ciderural, 2016).
Mission
The vision is respected with the aid of a clear mission statement: “Promote the
development of our partners and the rural cooporatives economy, with financial
services, training, technical assistance, of high quality and added value” (Ciderural,
2016).
In Peru, Ciderural is admirable for the fact that its 13 member associations have a total
of 64,418 members in 2015, of which 55% were women. In 2015, the Peruvian farmers,
in total received more than US$ 17,569,627 from these cooperatives (Ciderural, 2015a).
Values
Cooperatives have a distinctive character revealed in the values they share. They respect
the value of equity, democracy, equality, self-responsibility, solidarity, self-help, and
the members believe in ethical values such as honesty, caring for others, openness and
social responsibility (ICA, 2015 & Ciderural, 2016).
Principles
To well respect and put the values into practice, seven internationally recognised
principles were created, by which the cooperatives have to operate (ICA, 2015;
Ciderural, 2016):
1. Open and Voluntary Membership
2. Democratic Member Control
3. Member Economic Participation
4. Autonomy and Independence
5. Education, Training and Information
6. Cooperation among Cooperatives
7. Concern for Community
Activities
As mentioned before, Ciderural is curently composed of 13 Credit Unions; SOS Faim;
13 Producer Organisations and 4 Agricultural Cooperatives (Ciderural, 2014a).
8
A cooperative is a gathering of people working towards a common goal. Various types
of cooperatives exist and not all of them offer the same services.
An agricultural cooperative, also known as a farm supply cooperative, consists of
farmers that put together their resources such as land and machinery, in the aim of
sharing them and working collectively (Cropp & Ingalsbe, 1989).
On the other hand, in a central of producers, the different members do not share their
ressources. The central is composed of small farmers that produce the same products.
Ciderural’s producer organisations are focused on three main sectors: coffee, cocoa and
cereals. The central offers to buy their products at a higher price than on the market,
giving them the possibility to enter the value chain and not be left out. This agreement
also has the advantage of removing the burden and stress of managing to sell all the
products on the market from the small producer (Zuñiga, 2016).
The only cooperatives that offer credit and deposit services to its members are the credit
unions (COOPAC). Ciderural’s work is mainly with the COOPACs. Most of the
cooperatives are small, weak and face many menaces that limit their developpement.
They therefore need external help, in the aim of staying sustainable over the long term
and respond to their member’s interest. Ciderural will offer them financial as well as
non-financial services. In terms of financial services, it provides capital to finance all its
member associations, who work on behalf of their own 99,462 members. The loans are
granted at a lower interest than the one on the market, and they amounted to $ 4,046,100
in 2015 (Ciderural, 2015a). Non-financial services are the most demanded ones by the
credit unions. In Peru, more than 90% of the cooperatives are small, and do not have a
full access to all types of information and communication technology, as they are too
expensive for them (Ciderural, 2014a). Ciderural as an umbrella organisation will
therefore provide technical assistance to its thirteen credit unions and will also negotiate
funding on their behalf from state programmes (SOS FAIM, 2011). Ciderural doesn’t
have any competitors in the domain, as they are the only second tier cooperative
offering these services in Peru.
They manage to offer all of these services at a lower price than the market one, because
of the revenues they make from the financial and non-financial services they supply, but
also the donations they receive from SOS Faim Belgium, an NGO that supports
microfinance all around the world (SOS FAIM, 2016).
9
Organisational Structure
Macario Veramendi Zuñiga is the present CEO of Ciderural. He has the responsibility
to respond to the wishes and demands of the board of director made of four different
committees: the education committee; the administrative board; the supervisory board
and the electoral committee. The committees themselves are composed of cooperative
members that have been elected during the General Assembly, to represent the
member’s interest. In total, the four committes are composed of 14 delegated members.
As the committees are composed of cooperative members, that might not have all the
financial education and skills necessary to efficiently run a cooperative, it is Ciderural’s
job with the aid of its 8 employees to fulfill their demand, while advising them on the
better solutions. A more detailed organisation structure can be found under Appendix 1.
Strategical Plan 2014-18
Ciderural has a strategical plan for the years 2014 to 2018, to become a central with the
objective of systemising the vision, mission, values, and objectives of all its member
cooperatives.
The services, processes and IT systems will thus be standardised across all the
cooperatives. In addition to this, they will share their knowledge, experience and
ressources. This will help the cooperatives to benefit from the economies of scale and
reach a satisfying level of capacity, efficacity and productivity that will positively affect
the quality of life of the rural families in Peru (Ciderural, 2014a).
The plan will be executed around five main poles: finanancial intermediation; cooperate
services; institutional reinforcement with development projets; training and
management of the human capital; and social performance. This project will of course
be the fruit of Ciderural’s effort but also the participation of the cooperatives. It is a
dynamic constant process where the cooperatives have to regularly bring their ideas and
advices (Ciderural, 2014a).
In additon to this, Ciderural wants to start taking into account the environmental pillar,
as the laws on environmental awareness are substantially increasing in Peru. To do this,
they will install new organisational politics, to promote projects that do not harm the
environment, and internally be more efficient by using less electricity, fuel, water and
paper (Ciderural, 2014a).
10
c. Internship goals Right after the Peruvian governement decided to implement the National Plan of
Product Diversification (PNDP), the demand for credits in the rural areas started to
increase. The industry had to adjust because of the new products, technologies and
regulations coming in. Most of the cooperatives in Peru are fairly small, and are not
conscient of the risks that these modifications can trigger. Moreover, in Peru, the
cooperatives don’t possede specific regulations and are under the SBS law supervising
the banks. These guidelines are incomplete as their don’t respect their size and social
objective (SBS, 2009).
Cooperatives can easily be compared to humans when it comes to managing their risks.
Most of the time, we are not conscient of the different illnesses we can get, and will thus
not take the measures necessary to not get sick. We will only ask for external help once
we are not feeling well. To examine its patients and determine the reason behind their
illness, the specialist will use the same methods and tools on all of them. Once the
reasons behind the sickness are detected, he will prescribe medicines, and the patient
will only heal if he well respects the instructions given by him.
Similarly, the cooperatives are not conscient of the risks they face, and will only notice
them once they hit. However to stay healthy and meet their objectives, they need to be
able to well control the risks. The external help that the cooperatives need can be
provided by Ciderural. They will be the one analysing the risks they face, and give them
recommendations on how to manage and control them.
As mentioned before, the doctor uses the same tools and methods to examine all of its
patients. Part of Ciderural’s strategical plan is therefore to create a standardised risk
management system for all the cooperatives. Ciderural will be considered as the central,
where the guidelines on how to manage the risks will be designed for the cooperatives.
This project started to be implemented at the end of 2014, with the help of BRS. They
chose to base themselves on the Coso Integrated Framework, adapting it to a
cooperative level (Ciderural, 2014a).
For this to work, it is crucial for the cooperatives to accept the instructions and
implement them internally, same way as the patient has to follow the doctor’s orders.
They will all follow the Coso Integrated Framework, when managing their risks. Then
each cooperative is engaged to send a monthly risk report to Leandro Moron Chill,
manager of Ciderural’s risk department. He is in charge of analysing them, and give
11
guidance. Of course each cooperative will receive different recommendations, as they
depend on the cooperatives risks, importance, apetite, and objective. As a result, the
guidelines on how to identify, evaluate, treat and monitor the risks will be similar,
however their implementation will be different, depending on each cooperatives
characteristics.
To make sure that the cooperatives well understood the concept, Ciderural at the start of
the project, in 2014, hired an external consultant, Raul Najarro, to conduct workshops in
all the thirteen different cooperatives. The training sessions are here to form the
cooperative employees on the risk subject; teaching them on the 4 main risks they can
face: Liquidity, Market, Credit and Operational and the importance of managing them.
As previously mentioned, this is a fairly new project for Ciderural, and are still in the
process of implementing it. I myself participated at a training session on the 2nd and 3rd
of Jun, organised by Ciderural on the theme of risk management (Certificate under
Appendix 2). All of the risk managers of the 13 different cooperatives were present. The
presentation was held by Teresita Bareto Perez, an expert on the Microfinance subject
(Perez, 2016). During this presentation, it was pointed out by Macario Veramendi
Zuñiga, CEO of Ciderural, that there is not enough participation from the cooperatives.
Apparently, most of the time they either do not receive the report, receive it late, or
uncomplete. This is of course a huge deficiency for Ciderural, as it prevents them from
analysing and comparing the risks of the cooperatives. The cooperatives are managed
by the member’s themselves, that might not have the right financial education to
understand the importance of deadlines in a business. However, this is a common
problem in Peru, and more specifically in the rural areas. In these areas, there is less
action, the persons are a lot more relaxed, and are not exposed to many time limits.
Being late is also not badly seen in most of the Latin American countries, something
that would be unforgivable in the European countries. As ciderural has difficulties to
gather the right informations on the cooperatives, they decided to send me, presented as
a consultant, to their biggest cooperative Los Andes Cotarusi Aymares. They
themselves don’t have the time to go on the field, which I beleive to be a weakness. To
well analyse the risks of an institution, hard information is crucial, but soft information
is also important (Cornee, 2015).
Operational risk is one of the most important risks an institution faces. However it is a
fairly new concept that most of the cooperatives don’t know about and Los Andes is in
great need of supervision in this area.
12
I first worked a month in Ciderural, based in Lima, taking my time to well understand
how the business works and how they are attending the cooperatives. In Ciderural, my
supervisor was Gabriel Mesa, an external consultant who is here to help the risk
manager in analysing the risks the cooperatives face. I then moved to Los Andes where
I worked the rest of the time, based in the city of Abancay, capital of the Apurimac
region. There, my supervisor was Samuel Llasac, the risk manager of the cooperative.
My work consisted of analysing their operational risk, by evaluating how, in practice,
they identify, assess, treat, and monitor the risk. I will therefore determine if the Coso
Integrated Framework has been well understood and implemented in the organisation.
Finally I will of course, combined with the knowledge I gained during my studies in
microfinance, give my own recommendations on the subject, and present them to
Ciderural and the managers of Los Andes, in the hope of ameliorating their operational
risk management process.
d. Los Andes
History
Starting in the 1980’s, Peru experienced an Internal conflict between the Peruvian
governement and the insurgent People’s Guerilla Army (communist party) (Peru
Support Group, 2013). The region of Apurimac was one of the most affected ones, and
especially during 1986-1996. Most of the citizen’s fled their territory, and in 2000, they
came back to only discover ruins (Sanchez, 2016).
The 15th of February 2001, in Cotarusi – a district of Apurimac – dozens of farmers
came together to form the credit union Los Andes, in the aim of surviving this massive
destruction and start a new life. With cooperation, they can bring financial and
complementary services to their members, that will, combined with their own
ressources and efforts, ameliorate their economical situation and quality of life (Los
Andes, 2014).
In the 18th century, the Europeans were the first ones to put the idea of cooperativism
into writing, but this concept has been existing for more than 1000 years in Peru
(Kappes, 2014). The Incan practice and traditions of Ayni and Minka are here to
represent the idea of reciprocity and working together for a common interest (Carillo,
2012). Forming a cooperative, where the members have to work in cooperation and be
responsible, was thus completely natural to them.
Cooperatives are fairly different to any other normal type of business. First of all, they
13
are owned and democratically controlled by their own members. The outside investors
have no say, it is the board of directors composed by the own cooperative members that
have the final word. These representants are elected during the Annual General
Assembly, where each member has one vote, regardless of its investment in the
cooperative. They meet once a month, in the main branch in Abancay, to discuss the
various issues the cooperative faces. I myself participated to one of these meetings the
17th of Jun 2016. All of the delegates had the same opinion that a bigger office should
be constructed for Chalhuanca, as it is where the cooperative started to operate. As
Víctor Chati Pérez, CEO of Los Andes mentioned it, this might not be the best decision
for the future development of the institution, as they don’t have enough members in this
zone, however it is his responsibility to accept their decision as it represents the
member’s interest. It is also important to note, that it is these same delegates of each of
the 13 cooperatives that participate at the Ciderural’s General Assembly, creating their
Board of Director (Los Andes, 2012). Second of all, cooperatives are non-profit
oriented institutions, their only aim is to satisfy the member’s requirements by
providing affordable and quality services (Los Andes, 2014). Following this, all the
surplus income made by the cooperative is always returned to the member’s themselves.
From the profits, 20% is dedicated to the cooperative reserve (safety cushion), 30% is
dedicated to the education of the members, 10% is compromised to the poorest
communities, and the final 40% is redistributed to the cooperative members. This is
allocated regarding their use or patronage in the cooperative and not their investment
(Los Andes, 2014; Sanchez, 2016; Barton, 1989). Finally, all the members have a
responsibility toward the cooperative. In this sense they have to contribute, and
participate in the decisions made.
All of these are reflected in the well-known international values and principles that the
cooperatives respect (ICA, 2015).
Vision
By the year 2018, be recognised at the national and international level, for the
authenticity and financial strengh of the cooperative (Los Andes, 2016c).
Mission
Be an organisation based upon solidarity and self-management, that guarantees quality
financial services, cooperative education and complementary services that responds to
the member’s needs (Los Andes, 2016c).
14
Los Andes has been a great success, and in the past 15 years, they managed to expand
themselves in the most remote areas of 4 different regions: Apurimac, Cusco, Ayacuco,
and Lima. They have approximately 57,162 members, with 183 employees working in
14 different branches. In addition to these they have 42 information offices, and 81
costumer attention points (Los Andes, 2014). The information offices are situated in
very remote areas, reducing the transportation costs for the members, and the attention
points are here to only give informations on the cooperatives to any person that asks for
it. In total, Los Andes manages a portofolio of around 124.5 millions soles, which
represents 20,975 members with credits (Los Andes, 2016b).
Products and Activities
Los Andes’ objective is to serve its members, with quality financial and non-financial
services. In terms of financial services, they offer saving possibility as well as credit
ones to their members.
Any natural person or legal entity, that has a valid ID, and accepts the values and
principles of the cooperative can become a member. Additionally, they have to
contribute to the cooperative, by depositing a monthly fee of s/.10 , and a yearly one of
s/.20. The accumulation of the monthly deposits can only be withdrawn once you are
not a member anymore, and the yearly fee is destined to a life insurance. Once you are a
member you can benefit from the saving services, with deposit, withdrawal, remittances
and transfer possibilities. On the savings, you receive an annual interest of 12,13%.
However you can also apply for a loan. Various credits are supplied : to micro-
enterprises, small and medium enterprises, or for consumption and housing purposes.
The members are charged a certain interest rate depending on their type of credits,
however on average it’s 2% montly, and this can be reduced to 1.8% for the good
members after a year in the cooperative (Los Andes, May 2016a).
15
Figure 2: Distribution by Type of Credits, January 2016 [LOS ANDES. (2016). Informe de
Gestión de Riesgos - Enero 2016. Peru: LOS ANDES.]
The highest concentration of the credits is in the microenterprises with 45.07%,
followed by the consumer loans of 29.81%.
Los Andes has a total PAR of 7.1% in 2016, well over the industry average of 3%,
being a real concern (Appendix 3). The branches that experience the highest default
ratios are Antabamba and Andawaylas (Appendix 4). This high par is mainly caused by
the small and micro-enterprises (Appendix 5).
II. Operational Risk Management a. Risk Management
In general, risk is “the possibility that something unpleasant or unwelcome will happen”
(Oxford Dictionaries, 2016). In an organisation it is all the events that may damage the
institution’s capital, earnings or prevent the acheivement of its objectives (Office of
Internal Audit and Institutional Risk Management, 2016).
In the risk training session that I participated on the 2nd of Jun, Teresita Bareto Perez
well explained the necessity of risk management by saying: “ You might be lucky, and
until this luck accompanies you, you can well function, however after a certain point in
time and growth, controling risks becomes essential” (Perez, 2016).
Los Andes is currently experiencing a very high growth, having a member base that
increased by 4630 in 2015 alone (Los Andes, 2015a). It can thus very easily become a
victim of its new success if it doesn’t adapt itself to this new market and properly
manage the new risks that it is facing (Mersland & Strøm, 2012).
16
When risks are not well managed, it is very likely they will fail in meeting their
financial and social objectives. This can result in financial losses from donors, investors,
and members such as borrowers and savers that will loose confidence in the institution,
and in the long term, the funds will begin to dry up. In a cooperative, the ones that will
suffer the most are the members themselves, as they are at the same time the persons
responsible and the beneficiaries of the organisation, and poor quality financial services
will be offered to them.
To be able to take effective business decisions, and stay sustainable over the long term,
the cooperative first needs to make sure that it has a complete control over the risks it is
facing (Steinwand, 2000). Risk management will consist in creating a comprehensive
framework to manage the various inherent financial and non-financial risks an
institution can face. It includes developing policies and procedures to identify, measure,
monitor and control them (Mbeba, 2007). A great risk management department will
need to be able to anticipate and control the risks before they occur, rather than reacting
to them once they actually happenened and damaged the organisation (Hutter, 2011).
During my time in Peru, I learnt that anticipation is not common and that its importance
is not recognised. A great example is the way they drive. In a junction, the cars will
always go into the yellow box, even if the lights are going to turn red, without
anticipating the fact that now the cars on the other side that have the green light can’t
pass. Human beings can be very self-centered, and will always try to find solutions that
are the easiest for them (Zipf, 2012). With the same idea, the managers in my
cooperation have difficulties in understanding why they have to increase their workload,
by anticipating risks that may not even occur, and would just prefer to react to them
once they occur (Voyeux, 2015).
Installing and implementing a risk management culture in an organisation is thus not an
easy task, especially in a cooperative, where most of the members do not have the right
financial education and are the ones that have the final say. However, with their recent
growth, and the different workshops given by Ciderural on risks, they are starting to
understand its importance.
Having the right risk management framework is also very complicated. The
cooperatives main challenge, compare to any traditional organisation, is that they have
to evaluate their performance on both financial and social objectives (Schicks, 2010).
They therefore have to include a broader pool of stakeholders (Steinwand, 2000).
17
Los Andes is currently implementing the 2004 Coso Integrated Framework proposed by
Ciderural. This framework is here to help the senor manager’s focus on the most
important risks and learn on how to manage them (Ballou & Heitger, 2005). Of course,
in an organisation, no risks with a 0 occurrence exists. Managers therefore need to
examine which risks are worth taking care of, when comparing the costs and the
benefits they can bring. To determine these risks, the risk management system will
consist of a method of systematically identifying, assessing, managing and monitoring
the various risks (Steinwand, 2000).
Coso Integrated Framework
Enterprise risk management is here to help the cooperatives get where they want, by
avoiding the pitfalls and surprises that can appear along the way. The framework is thus
designed to identify the potential events that may affect them, manage the risks within
their risk appetite, and finally provide a reasonable assurance regarding the achievement
of their goals (Ballou & Heitger, 2005).
In the coso framework, each objective of the organisation is organised into one of the
following four categories: Strategic, Operations, Reporting and Compliance. This
placement will help the organisation in better understanding its targets, by determining
what is expected from each one of them, and then focus on these.
Now to manage each of the objectives, the coso framework will link them to 8 different
components that need to be respected. In this way, the organisation can decide to focus
on one specific component, or on one specific objective depending on their needs
(Steinberg, Everson, Nottingham, & Martens, 2004). These are also linked to the
various entity levels, which represent the various units of the company.
18
Figure 3: Coso’s three dimensional relationship cube [Steinberg, R. M., Everson, M. E.,
Nottingham, L. E., & Martens, F. J. (2004). Enterprise Risk Management—Integrated Framework Executive Summary. PricewaterhouseCoopers LLP. Committee of Sponsoring
Organizations of the Treadway Commission] The 8 components are (Steinberg, Everson, Nottingham, & Martens, 2004):
- Internal Environment: How is the risk viewed and addressed by the people in the
organization, and studying the entity’s risk appetite.
- Objective setting: Before being able to identify the potential risk events, the
institution needs to have objectives. These need to be in line with the
organization’s mission and risk appetite.
- Event identification: Internal and external events that could affect the
achievement of the objectives need to be determined.
- Risk assessment: Risks are analyzed and their likelihood and impact too. This
can help them later on understand how they can manage them, and if they should
be managed.
- Risk Response: Management selects its risk response: avoiding, accepting,
reducing or sharing the risk. Of course this will depend on the institution’s risk
tolerance and appetite.
- Control Activities: Policies and procedures are established and implemented to
help ensure the risk responses are effectively carried out.
- Information and Communication: Relevant information is communicated to help
the employees understand their responsibilities.
- Monitoring: the entirety of enterprise risk management is monitored and
modifications are made as necessary.
19
The elements are not separate, independent units that act in sequential steps. They
interact in an integrated management process.
COSO argues that its ERM framework is applicable for small companies as well as
mid-sized and large firms, as long as each component is present and functioning
properly (Ballou & Heitger, 2005).
Being the biggest cooperative, Los Andes has its proper risk committee, composed of: a
president; a secretary; the branch admistrator, the manager of the finance department;
and Ciderural’s risk manager (Los Andes, 2015c).
The committee is in charge of writing the monthly risk reports, and will meet on a
monthly basis to analyse them with the help of Ciderural, to find solutions on how to
better manage the risks. It is also their responsibility to communicate the decisions
made to the rest of the organisation (Los Andes, 2015c ; Los Andes, 2016b).
b. The importance of Operational Risk Management
Every cooporative faces various risks, such as credit, liquidity, market, reputational and
operational risks (Schmit, 2016). Looking at the latest 2014 Banana skins report, the
microfinance institutions believed that the biggest risk they face is credit risk and over-
indebtedness. Staffing, or management will only be placed as the 8th and 9th most
important risks they face (Lascelles, Mendelson, & Rozas, 2014).
Most of the institutions are not conscient of the importance of operational risks.
Operations are an essential part of any organisation, and without it they can’t even
function. In addition to this, most of the risks in an institution are linked to the
operations. For instance, to determine the causes of the events that can occur when
analysing the credit risks, the institutions will have to study its internal operations and
ameliorate them. I thus believe that operational risk is the most important risk, and
should be the one the organisations give the most attention to. If this risk is not well
managed, it can trigger other risks, such as the credit, liquidity, or reputational risk. The
lack of understanding and control of operational risk is a driver for other risk types.
Basel II Committee will define operational risk as: “the risk of loss resulting from
inadequate or failed internal processes, people and systems or from external events”
(BCBS, 2006).
When the operations are not properly managed, the efficiency and the quality of the
processes are deteriorated. The organisation will suffer in terms of financial, social and
reputational losses, but the most affected ones are the members themselves as they will
20
receive bad quality services. Hence, the aim of well managing the operations and the
risks it faces is to use the ressources the cooperative has in the most efficient way and
offer the best quality services (Ciderural, 2015b).
Operational risk cannot be fully eliminated as long as the systems and processes are not
perfect. Being perfect is also not possible. Los Andes therefore has to try to manage the
losses within some level of risk tolerance. Risk management cannot guarantee complete
assurance, but only a reasonable one, that management objectives will be met (IPPF,
2012).
Operational risk is one of the most difficult risks to understand as it embodies all the
operations of an organisation. Being able to structure this risk and explain it, is very
challenging and most of the organisations are confused when trying to define it to their
own employees. Historically, they have accepted operational risk as an unavoidable cost
of doing business, as they didn’t see how it could be managed. However now part of the
Superintendency de Bancas, it is a requirement for all the regulated institutions to
control it (SBS, 2009).
The four main actors that can create operational risks are (National Bank of Ethiopia,
2010 ; Barrientos, 2015):
- The Technology
- The Personel
- The Internal Processes
- External Events.
The IT system can be a factor, in the sense that the security could be breached, errors
can be made, the system might not be suitable for the current level of operations, the
quality of the information is not good enough, or just there is not enough investment in
the technology of the cooperation (Barrientos, 2015).
The staff can be a great source of risk as they can be poorly trained, be negligent,
commit errors, fraud, theft, or embezzle sensitive informations, among other things.
External factors such as micro/macro level economical crisis, environmental
catastrophes, terrorist attacks, or legal changes can damage the internal operations of
any institution (Barrientos, 2015).
Finally, losses can also occur because the internal policies and processes are either
inappropriately designed or inexistent. Processes are improperly drawn, when the
responsibilities are given to the wrong person, some steps are missing, or when the
21
activity stream is not logical, creating poor operations and services that could in the
long term create the suspension of the procedures (Barrientos, 2015).
In all of these situations, the operations cannot function efficiently and deliver a final
quality product. These factors therefore need to be managed before they create any
risks.
Operational risk management can be very large. In this report we will mainly focus on
the internal processes. This area is itself divided in: a training process, an administrative
process, a credit process, a deposit process, a withdrawal process, a process for
becoming a member, and many others (Insaco, 2016). A months and a half is not
enough to analyse all of them. Los Andes believes that they need the most help in
effectively managing their credit process. This area will thus be analysed in more detail.
In the various phases of the credit process, what are the risk events that can occur, what
are their causes, and how can we manage them in the long term? Analysing you own
procedures and personnel can be very complicated, as you might not be able to detect
your own errors, and an external eye can be of great help for them.
c. The Credit Procedure
Each cooperative will have its own credit procedure. Los Andes developed a specific
one, described in it’s Reglamento de Prestamo, with the idea that it will always be
performed optimally, in all of its different phases, and provide the best financial service
to its members, and stay sustainable. Adequate technology is essential for the processes
to properly function (Los Andes, 2016d).
Figure 4: CAC Los Andes’ Loan Process
22
Before giving a credit to a member, numerous steps need to be respected. Any member
has to go through the information/admission, evaluation, approval, formalization,
disbursement, monitoring and recuperation stage. Each step is assigned its own
responsible in the cooperative (Vásquez, 2016).
Information
All of the staff of the cooperative must be in an attitud of promoting the credits,
however it is more specifically the person in the customer information stand or the
credit officers themselves that are in charge of this task.
In this step, cooperativism, its values and principles, the benefits it can bring, and the
responsibilities it entails has to be well explained. It is important that the applicants well
understand what they are signing for. This stage is here to help the cooperative in
attracting new members, but also informing the current partners on any new services
offered.
The costumer information stand and the credit officers need to have some specific
characteristics to attract new members such as: be polite, explain well, demonstrate the
benefits, be able to well sell. They also have to ask verbally and make sure that the
person is eligible to become a member, before sending him to the next phase of the
process (Los Andes, 2016d).
Evaluation
All the staff and the credit officers in particular must be well aware of the rules in
assessing a credit, as it is the most important aspect of granting a credit.
The evaluation has to be done in three phases:
- Quantitative assessment: determine a loan amount, on the members ability to
pay, financial needs, debt capacity, and cash flows.
- Qualitative assessment: determine the members creditworthiness, and its
willingness to pay.
- Collateral assessment, if needed
The evaluation of the credit starts right after the member has gone through the first pre-
qualification stage at the costumer service stand. The credit analyst has to analyse
various factors, summarised in a list called the 4 C’s: Character, Capital, Capacity and
Collateral, to which additional C’s such as Condition, Competition and Control can be
added. All of these variable need to be analysed, and the various informations are
entered in the members proposal folder. The credit analyst has the responsibility to
23
verify that these informations given by the member are correct. This is called the “on
site” analysis. There he will take pictures of the assets, and ask questions to the
neighbours, making sure that he is the real owner.
After this phase, the credit officer has to gather all the qualitative and quantitative
informations he collected in a folder, to propose it in front of the credit committee, who
will take the decision on weither or not to grant the credit. The accuracy of the figures is
only the responsibility of the analyst, and he will be the one proposing a specific
amount based on the evaluation made (Los Andes, 2016d).
Credit Approval
The Approval step is performed during the credit committee held everyday at 6pm. The
committee is constituted of the credit officers, the administrator, and the risk analyst,
depending on the amount of credit demanded. For example for amounts superior to
20,000 soles, the administrator and the risk manager also have to give their advice after
analysing the risks this credit can incur.
At each committee, it will be verified that all the informations needed are well present
in the proposal folder, and the records are taken in the minutes (Los Andes, 2016d).
Formalization of the guarantee
The purpose of formalizing the credit transaction is to give legal value to the operations
via the guarantees. According to the loan and its requirements, it will include signing
the contract, the promissory notes and / or the registration of the guarantee. The
signatures have to be done by both the holder and the spouse, at the agency, with the
presence of the administrator. The applicants identity also needs to be verified. In the
case of mortgages, the relevant documents are also signed by the legal representatives of
the cooperative. The guarantee will be registered as public records, and the costs will be
borne by the partner (Los Andes, 2016d).
Disbursement of the credit
During this activity, we proceed to the physical delivery of the financial resources to the
partner. In order to minimize operating times in the disbursement of credit, it will be
scheduled on the same date as the formalization of the guarantee.
The credit chef, or the administrator of the branch has to verify the verifications made
by the analyst before the disbursement is made. It is the cashier, after a final verification
of the documents, that will disburse the money and archive the documents (Los Andes,
2016d).
24
Monitoring and Recuperation
The reason behind this step is to reduce credit risk by verifying the investment done by
the member with the money borrowed, but also to show the interest and concerns the
cooperative has for the success of the member’s business. This stage is divided into two
steps: The post-disbursement following up/monitoring phase, and the recuperation
phase (Vásquez, 2016).
The credit analyst is responsoble of the quality of the portofolio, and will therefore be
the one performing the post-disbursement following up phase. He will conduct follow
up procedures on:
- A new member: remind him in the first months of the repayment dates.
- Arrears loans: the members will be visited at least twice during the arrear times.
- Refinanced loans: You should be aware that the credit risk of the refinanced
loans is higher than normal loans, consequently have a follow-up visit at least
once every three months, the aim is to measure the risk of the operation and
verify overcoming the economic difficulties of the partner.
The recuperation phase will include all the activities aimed at the recovery of the loans.
These include:
- Normal recovery of outstanding loans fees.
- Recovery of the Non-Performing Loans.
- Judicial recovery. Before any judicial recovery can be performed, the credit
officer needs to make sure that all the right notices were sent on time to the
member.
- Reprogramming, Extension and / or refinancing of debt.
III. Los Andes’ Operational Risk Analysis
a. Methodology
In this final part of the report, Los Andes’ operational risk in their credit process, and
the way they manage it will be studied.
The analysis will be correctly performed, by following the 8 different components of
the Coso Integrated Framework, used by Ciderural’s cooperatives to manage their risks,
and examine how Los Andes is completing each one of them, in respect of their level of
risk tolerance.
Operational risks is very different to any other risk, and it’s performance can’t be
judged only by looking at indicators and comparing them to the industry average, as
25
they are no specific ones that exist for operations. Operational risk is everything that is
linked to the staff’s production and behavior. How are they dealing with the credits, and
are they, in practice, following and respecting the guidelines established by the
cooperative? This is the main question we should ask ourselves when working out the
various risks that the cooperative can face in its credit process. The personel are the
ones that have the power to trigger most of the risk events, as they are the ones in
charge of each of the various phases. It is their efficiency that makes the whole
procedure efficace and of quality for the members. Obviously, the technology and the
bad design of the guidelines themselves can also cause inneficiency.
Studying the personnel is very demanding, and the more informations we gather on
them, the best it is. Hard informations are valuable (Cornee, 2015), such as the
cooperatives credit guidelines or the different productivity and efficiency indicators, and
can be collected at the very start of the analysis. These are useful to thoroughly
understand the organisation and determine who is responsible and in charge of what in
each of the credit disbursement phases. However these reports are not sufficient, as the
personnel are human beings, and could easily lie and go behind the rules. It is these
tendencies that create risk and thus need to be closely examined. Various methods exist
to acquire soft information, such as surveys or workshops (Curtis & Carey, 2012), but in
our case, I beleive that the correct technique is to conduct one to one interviews with the
right people involved in the process. Via these interogations, the gaps between the
theories and how the processes are really handled is detected. The interviews are the
main tool I will be using to check these breaches, and thus Los Andes’ Operational risk.
During my interviews, I will be asking general/open questions as well as close/specific
ones. Sometimes figuring out the ruses the staff can perform can be tricky. The open
questions are thus here to give the interlocutor the possibility to explain issues that I
might have never thought of, and give his opinion and general recomendations to
ameliorate his part of the process. Additonally, specific questions on their responsibility
and risks they face are asked, to make sure that the conversation is going in the right
direction, and that I am collecting the proper datas.
Finally there is the possibility that the results are biased, from the fact that the staff
could easily lie during the interiews. This could be reduced by interrogating numerous
persons from different branches, to have a truer and more general picture of the reality.
With this method, the probability to have a lier in the batch will be canceled out by the
probability of having a true answer. This bias could also be overcomed with
26
observations. Observing the personnel in their working environment is very helpful to
see the reality of the operations.
b. Los Andes’ Operational Risk Analysis
1. Internal Environment and objective setting
Los Andes is a fairly small cooperative, and completing all the coso steps could be
overwhelming for them. The first two stages will thus be assembled together.
When observing the cooperative, and doing the various interviews, it was very quickly
revealed that there is no risk culture. Non of the employees, exept the CEO itself and
the risk committee are conscient of what is a risk, and aware of the ones the cooperative
faces. They are even less familiar with operational risks. Following this, the employees
have no idea of their responsibilities in the risk management process, they are just
following guidelines, without understanding the reason behind them. However for the
process to well function, it is imperative that the staff knows what is risk management,
their responsibilities in the process, and the benefits it can bring to the institution.
Installing a risk management culture has to be done via comunication and training
sessions.
To ensure that the cooperative has a risk culture, they decided to create a risk
management committee with the help of Ciderural. They already started to managed
their risks from 2014, however the committee was installed only in mid 2015, and is
hence still very new.
Before identifying their risk events, and designing control activities to control them, the
cooperative has to make sure that it comprehend its objectives and risk apetite, to
determine which risks it wants to tackle first. Why are they trying to control their
operational risks, and what are they trying to achieve by that?
Los Andes’s general objective is to achieve its long term vision, by completing its
current mission of responding to the members needs by guaranteeing quality financial
services, cooperative education and complementary services, while basing themselves
on solidarity and self-management. Their vision can only be achieved, if the institution
is socially and financially sustainable. Operational risks is a great threat to its
completion, as it can create great social and financial damages to the cooperative. On
one hand, bad internal operations can lead to social losses such as costumer complaints,
non-efficiency, bad service quality and reputational losses. On the other hand, they can
also lead to financial losses coming from frauds or unproductivity.
27
Hence, operational risk is an obstacle to the realization of their broader objectives, and
to stay sustainable, they need to ensure that they are well controlling it, in respect to
their risk apetite level. How much operational risks are they prepare to accept and how
much control do they have to have over it? When determining the risk apetite of a
cooperative, the apetite of all the different stakeholders, such as the members, the
employees, the investors and the regulators need to be taken into account (Ballou &
Heitger, 2005).
In 2015, Los Andes can tolerate a maximum loss of s/. 599,119.10 ($178,734), in
respect to their operations. The calculation of this number is demonstrated in the
following table.
Capital available for Operational risk Management s/. 2,396,476.40 Risk Apetite Level 25%
Maximum Exposition of Operational Risk s/.599,119.10 Impact Level Aplicable percentage Amount per event
Minor 6.25% s/ 37,444.94 Low 12.50% s/ 74,889.89
Medium 25% s/ 149,779.78 Major 50% s/ 299,559.55
Critical 100% s/ 599,119.10
Table 1: Los Andes’ Risk Apetite Level for 2015
Their maximum exposition is worked out by applying their risk appetite level of 25% to
the maximum capital they have available for managing operational risks. From this
number, the tolerable level of losses that Los Andes can incur are also determined,
pointing out the importance of each of the risks. For instance, if a risk can incur a loss of
s/. 299,559 ($89,367), then respecting the risk apetite level of Los Andes, the
cooperative will consider it as a Major risk (Los Andes, 2016b).
2. Event Identification
During this step of the coso framework, we will be identifying the different events that
could affect the acheivement of the cooperatives objectives. In other words, we are
having a wide understanding of the various operational risks the cooperative faces in its
credit process.
Events can be a risk and need to be considered and carefully analysed and controlled. A
risk event is a discrete and specific occurrence that can negatively impact a decision or
an organisation (Business Dictionnary, 2016). Determining the factors that can
28
influence the objectives and the strategies of the cooperative is not easy, as they are not
obvious in the operations. At first glance, any cooperative that has been working for
more than 15 years seems to be doing fine. It is only after gathering some quantitative
as well as qualitative data on the cooperation that the events can be recognised.
Quantitative datas are analysed such as the guidelines of the framework, and the
efficiency and productivity indicators. When analysing the cooperatives efficiency and
productivity, four different ratios can be used : the operating expense ratio, the
productivity of staff ratio, the productivity of loan officer’s ratio, and the institutions
operational self sufficiency ratio (Moors, 2016). These can be found in Los Andes’
2015 Factsheet (Los Andes, 2015b).
Figure 5: Los Andes’ Employee productivity [LOS ANDES. (2015). MFI FACTHSEET.
Lima: LOS ANDES]
Productivity of staff has to be compared to the productivity of the loan officers. The
benchmark for a loan officer is 250 members, while the one for the staff is 150 (Moors,
2016). If there is a higher productivity from the loan officers, this means that there is a
lot more back office. It is always better to have less back office, as it shows that they are
more productive. This shows how the cooperative uses efficiently its human ressources.
In our case, we notice that over the years, the number of credits each officer is handling
is increasing, reducing back offices. This is a great sign for Los Andes’ productivity,
however this number should stay stable, as having too much credits per loan officer can
also deteriorate the quality of the services they offer.
Operating expense ratio allows to compare staff expenses and administrative costs with
the portofolio yield. Are the operations too expensive regarding the yield they charge?
Los Andes ratio has been decreasing over the years, being at 8.8% in 2012, and 7.7% in
2014. The industry benchmark is at 20%, signifying that Los Andes is doing very well
29
in handling their operational costs, however having a too low ratio can also be
worrying, as for example it could mean that the revenues given to the employees are too
little.
Figure 6: Los Andes’ Operational Self-Sufficiency [LOS ANDES. (2015). MFI FACTHSEET.
Lima: LOS ANDES]
Finally the operational self sufficiency is here to determine if the Cooperative is doing
well in the long term and manages to stay viable. Looking at our graph, we notice that
Los Andes is maintaining its operations self sufficient, thus staying sustainable. The
ratio is slightly decreasing, but not at a worrying rate.
Quantitative datas can be used as signals for the cooperatives to evaluate how their
operations are doing, but they are not sufficient. Qualitative datas are very important
when trying to determine the risk factors in the operations (Cornee, 2015). These datas
are only collected with interviews, and observations.
Each category of the credit procedure, such as the information, evaluation or approval,
can have different risk factors, and we therefore need to study each one of them
carefully. The completion of each of the steps can be the responsibility of one or more
persons. For example, there is only one person in charge of the information phase,
called the “promoter”, whereas in the approval part, the whole credit committee should
be responsible of the decision made. These are of course pointed out in the credit
process guidelines, explained in the previous part.
The staff are the ones in charge of the whole credit process, and without their action,
nothing can be accomplished. They can be a serious risk and should be closely
analysed. In each of the credit process, the personnel can create risk events, because
they sometimes don’t execute the requirements, are not aware of their responsibilities,
commit error, commit fraud, or just because there is an external event that makes it
impossible for them to properly perform.
30
During my stay in Los Andes, I was allocated to their main branch in Abancay. As it is
the biggest office, analysing its operations is very interesting, but it poorly represents
the whole cooperative. Los Andes is constituted of 14 different branches, with 42
information offices, and 81 costumer attention points (Los Andes, 2014). Of course, the
information offices and the attention points function differently than the main offices as
they are smaller with less employees. For instance, they can’t conduct a credit
committee as there is not enough personnel to participate. Examining these differences
is crucial when analysing their operational risks. I thus travelled to two different offices,
Cusco and Chalhuanca, two information office, Curahuasi and Cotabamba, and three
attention points, Pisquicocha, Yanaca and Quilquicasa. During each of my visits I
interviewed the whole personel in charge of the credit process, which was usually a
promoter, a credit officer and sometimes an administrator. These stays helped me to
have a more general picture of Los Andes’ operations, providing me a broader range of
risks they can face in their credit process.
All of the interviews started with me presenting myself as a current microfinance
student, that is here to analyse their operational risks and find recommendations to
ameliorate the credit process, and hence their cooperative. It was also essential for me
to point out that I am not here as a constraint and evaluate their performance, but to help
them and serve as an advisor. Then, in each interview, open as well as closed questions
were asked, for me to identify the operational risks the cooperative faces.
My first question is usually about cooperativism: “What is a cooperative and what are
its values?” Cooperatives are very different to any traditional business. The whole credit
processes are based on the cooperatives values and principles, and everyone should thus
be aware of them. In my interviews I noticed that only the promoters in the costumer
information desk were aware of them. For instance, Santos Alvarado, a credit officer in
Abancay knew the principles, without comprehending their meaning. He mentioned that
this is only the promoters job, when it should be his too.
Secondly, it is necessary to know if the personel are well informed of their guidelines.
My question thus was “what are your responsibilities in the credit process?”. Sometimes
the employees don’t exactly know what they are in charge of, which can cause some
serious inneficiencies, as they can commit crucial errors. Also, sometimes, as the rules
are not well communicated, the personnel will invent some for themselves, which could
again negatively harm the rest of the credit procedure. When conductinng an interview
31
in the Cusco office with the adminstrator Carlos Aguapito Marcelo Motucanchi, we
could very easily notice that he had no knowledge of his obligations. He just disclosed
that as he is the administrator he is in charge of everything, but didn’t know what in
specific. As a result, the only credit officer’s work was never verified, and the
administrator was most of the time out of the office conducting his own errands. Last
year, Los Andes’ internal auditor, Danielo Cordova Cantero, made him sit an exam, to
verify his knowledge on the subject, and he scored a 1/20, which is very worrying for
Los Andes.
Thirdly: “Where does the member go next? Can you explain the whole credit process?”.
For the procedure to well function, everyone should learn about each others work. This
is mainly to make sure that they are not working against each others interest, and thus
affecting the operations. Again, in the cooperative, there are only the « Promoters » that
are conscient of everyones role. Huillca Callapiña Willintong, a young credit officer
positioned at an information point, only knew about his own responsibilities. As he is
alone in the office, and don’t see any other persons, he has no idea of what happens in
the main branch of Abancay. He has no knowledge of the implications his actions can
have on the other departments of the institution or the rest of the credit process.
Fourthly, a close question such as: “Have you ever commited fraud?” is aked. Their
reaction can be interpreted and valuable for the analysis. The employee can either be
shocked by the question, not understand it, or be indifferent to it. Usually, if the person
doesn’t understand it this means that they weren’t even conscient of the fact that fraud
could be carried out ; if they are shocked it implies that they are either scared or never
commited any ; and being indifferent suggests they either don’t care about the
institution or are not affraid of the implications of fraud. Various acts of fraud can be
done in the different phases. Most of the time, it is the experienced officers that master
in them. They know most of the tricks that can be played, because they have learned
them over the years. Jaime Rodrigues, credit officer and chief of the credit process, has
been working in Abancay for more than 4 years, with 450 members at his disposition.
He has a diverse knowledge on the question of fraud, and could explain in detail how a
ghost loan can be created without anyone noticing it.
Fifthly, sometimes the employee is not violating the institution, but just making a
mistake. The same question on fraud is therefore asked on errors. Usually making an
error means that the employee doesn’t know about it, either because they were not
32
concentrated enough or just not well trained, but with good verifications these can be
detected. Knowing if they have constant training sessions is thus important.
Sixthly, my main aim is to determine and control the risks. However to be able to
manage them in the cooperative, it is critical that the employees know about their
presence, and on how they can tackle them. A question on the operational risks is then
asked: “ Do you know the various operational risks your cooperative faces in the credit
process?”. Everyone in the cooperative, except of the risk department, couldn’t
understand the question. After explaining operational risks and its implication in the
credit process, the staff still had no answer. They believe that the institution faces no
risks. Only one credit officer, May Luz Apaza Nina from Cusco, mentioned that there is
the risk of having an accident while visiting the members. This is true, but not the only
one they could face.
Finally general questions are asked, on the time to attend a member, the technologies
used, and if they have any general recommendations on how to ameliorate the whole
credit process.
Interviews are of course not enough, as the employees can very easily lie and invent the
matters. These flaws can be detected with observation in their daily work environment.
Their attitude towards the members is also of crucial importance, as they represent the
main image of the cooperative, and thus the quality of the service offered.
To examine these, I accompanied the credit officers when collecting qualitative datas on
the field, and participated to various credit and recuperation committees. The credit
committee meets every night at 6pm, in the main branch offices. In the smaller points
there is no session, as there is not enough cedit officers to create a committee. In one of
the meetings that I joined in Abancay, I noticed that one of the credit officers hid some
of his folders under the table. From the member and cooperatives point of vue,
concealing a proposal implies that it won’t be examined, and that the member won’t be
attended for another day. However from the credit officers perspective, the meeting will
be finished earlier, and can go back home. One of the main issues with these meetings,
is that they are obligatory but held after the office hours, and no incentives is given to
the employee to stay.
Based on the quantitative and qualitative datas collected above, the various risk events
Los Andes faces in its credit process were determined. These are outlined in the
following table, and then allocated in each of the steps in the credit procedure.
33
Risk Number
Risk Event
1 Fraud
2 Human Error
3 Failure to Complete a Step
4 Catastrophes
5 Disruption or System Failure
6 Attending Time to the Member
7 Politics
8 Health and Security
9 New Services or Change in the Current Process
10 Techonological Innovations
11 No Compliance with Law and Regulatory Requirements
12 Financial Markets
13 Third Party Fraud or Error
14 Interuption of the Credit Process
15 Process Design
16 Human Ressources
17 Confidentiality
Table 2: Los Andes’ credit process risk events
34
Figure 7: Risk Event allocation in Los Andes’ Credit Process
Figure 7 provides a general simple visualisation of the several risks that can occur in
each of the steps of Los Andes’ credit process. Some risk events can occur in specific
phases, such as the risk of human error, and others happen in general, like the risk of
bad design of the process.
As the risk event titles are general, many of the phases have the same ones. However it
is essential to comprehend that this does not mean that the risks are identical and happen
the same way. The act of fraud can be carried out differently in the the promocion or the
disbursement phase. For this reason, each of the processes is attributed a specific letter.
For instance, the disbursement phase will be marked by the letter « D » in figure 7, and
the risk event of fraud by the number 1 in table 2, meaning that the possibility of
commiting fraud in the disbursement process, such as disbursing less than the aproved
amount will be denoted as the risk event D-1.
There are also some risks that can happen in all the phases, so in general. These will be
assigned with the letter « G ».
A complete, detailed description of each of the risk events in every steps of the credit
process can be found in the table of appendix 6.
35
3. Risk Assessment
While each risk captured may be important to management at the function and business
unit level, the list requires prioritization, to later on focus on key risks. This is
accomplished by performing the risk assessment (Ballou & Heitger, 2005).
This phase will help the enterprise to get a handle on how significant each risk is to the
acheivement of their overall goals, and find it’s “sweet spot”, or optimal risk taking
zone (Curtis & Carey, 2012). It is one of the most important component of the Coso
framework, but also the most complex one. To be effective and successful, the
institutions need to put a lot of thought in it, to make it simple, practical and easy to
understand. In this section, the steps taken to conduct the assessment will thus be
explained in an clear and logical way.
Assessing risks consists of appointing values to each risk using a defined criteria. The
first activity thus consists in defining and developing a common set of assessment rules
that will be used across the cooperative (Curtis & Carey, 2012). In our case, we will be
evaluating the risks in terms of impact and likelihood.
Impact refers to the consequences a risk event can have on the cooperative. To each
risk, an impact rating will be attributed, and it is always the rating for the highest
consequences that is assigned. The assessment criterias may include a wide range of
impacts, such as safety, reputational, employee, costumer and financial. Los Andes’
impact measures are a combination of them all, considering the fact that some risks
might influence the financials while others the reputation of the cooperative.
These are outlined in table 3, and were of course designed in respect to the cooperatives
risk apetite and objective.
36
Rating Descriptor Definition
1
Minor
• Financial losses between 0 and 6.25% of the capital destined to operational risks.
• 20% increase in the number of claims made by the costumers in the past three months.
• Interuption of the operations for less than an hour in the cooperative.
• No regulatory actions. • Insignificant loss in reputation. • No physical harm to the public or personel.
2
Low
• Financial losses between 6.25% and 12.50% of the capital destined to operational risks.
• An increase of 21-40% in the number of claims made by the costumers in the past three months.
• Interuption of the operations for 1 to 4 hours in the cooperative. • Regulatory observations. • Reputational loss at a local scope. • Slight physical injury to one person of the public or personel.
3
Medium
• Financial losses between 12.50% and 25% of the capital destined to operational risks.
• An increase of 41-60% in the number of claims made by the costumers in the past three months.
• Interuption of the operations for 4 to 12 hours in the cooperative. • Receive a warning from the regulator. • Reputational loss at a regional scope. • Slight physical injury to 2 to 10 persons of the public or personel.
4
Major
• Financial losses between 25% and 50% of the capital destined to operational risks.
• An increase of 61-80% in the number of claims made by the costumers in the past three months.
• Interuption of the operations for 12 to 24 hours in the cooperative. • Receive a sanction from the regulator. • Reputational loss at a national level. • Moderate physical injury to 1 to 10 persons of the public or
personel.
5
Critical
• Financial losses between 50% and 100% of the capital destined to operational risks.
• An increase of 81% and more in the number of claims made by the costumers in the past three months.
• Interuption of the operations for more than 24 hours in the cooperative.
• Legal intervention from the regulators for legal violation or contract vilation.
• Reputational loss at an international level. • Serious physical injury or death of a person.
Table 3: Los Andes’ impact criterias
37
From Los Andes’ risk apetite level, the maximum financial loss the cooperative can
sustain from its operations is of s/. 599,119.10 ($178,734). As we have seen before,
different apetite and tolerable levels were drawn from this number in table 1, presented
in the first phase of the coso framework. Using these estimations, and the impact criteria
table above, each risk will be given a certain impact level.
For instance, the risk event “human error: the credit officer doesn’t notice the falsiness
of the applicants information, or just gives the wrong informations”, with the code E-2,
in Appendix 6, is estimated to generate a financial loss of about 350,000 soles
(106,018$) in its worst-case scenario. This risk event is hence considered as to have a
« Major » impact with a rating of 4. Giving the wrong informations to the members, and
making errors when accepting their credit demand can greatly damage the cooperative.
It can lead to a degradation of the cooperatives portofolio quality, but also in costumer
claims that can create reputational damage at a national level. The same logic is used for
each of the risk events previously detected, and are outlined in detail in Appendix 6.
Next, when assessing the risks, the cooperative has to sort out its risk events in respect
to their frequency to occur. Again, this is a vital point in the analysis. If a risk has a very
low level of occurrence, then is it really worth it for the cooperative to use its ressources
in the aim of managing it ? Managing risks is not easy, and demands a lot of internal as
well as external ressources, that can be very costly for the cooperative. They therefore
need to determine if the risks are meaningful enough to manage them.
The criterias used by Los Andes to determine the probability level are layed out in table
4.
38
Rating Descriptor Definition
1
Very Low
• The event occurs less than 20% of the cases • It can happen once a year • There are clear policies and procedures • It is a simple activity
2
Low
• The event can occur in 20 to 40% of the cases • It can happen twice a year • Only documented policies exist • The activity requires a low level of specialisation (anyone in
the department can complete it)
3
Possible
• The event can occur in 40 to 60% of the cases • It can happen two to three times a year • The policies and procedures are not known • The activity requires a medium level of specialisation (two to
three people have to participate)
4
Likely
• The event can occur in 60 to 80% of the cases • It can occur three to twelve times a months • Policies and procedures are outdated. • The activity is complex and needs a specific amount of
specialisation.
5
Frequent
• The event can occur in more than 80% of the cases. • It can happen more than twelve times a year. • No policies and procedures exist. • The activity is complex and requires a very high level of
specialisation.
Table 4: Los Andes’ Frequency Criterias Looking at the same risk event E-2 example used previously, it has been recognised
with a probability of level 4. The frequency of the occurrence of the risks are estimated
using the qualitative information collected, and in our case during my observation and
interviews. The fact that a credit officer makes an error is pretty frequent in the
institution, as they are not well trained, and the policies are constantly outdated as they
regularly change. Additionally, the evaluation process can only be excecuted by the
credit officers in the cooperative, as a certain level of speciliasation is needed. With
these in mind, and the crieterias in table 5, the risk E-2 has a level 4.
Once again, this same technique is used to order all the risk events, and are outlined in
the table in Appendix 6.
Finally to well visualise the assessment and the importance of each of the risks, a
severity risk matrix is used. The risk events are plotted in respect to their impact and
39
probability computed earlier. The graph is composed of four different areas, that
represents the tolerable levels of the cooperative : low (bleue), moderate (green), high
(yellow) and extreme (red). Details on each risk can again be found in Appendix 6.
5. Frequent
4. Likely
G-17 I-2; G-16; G-6; D-3
E-3; F-1; M-11; M-3 E-1
3. Possible
I-10 E-10
F-3; E-6 A-11; G-10 M-4; D-11
E-9; E-13; F-2; M-2;
F-13 D-1
2. Low
G-8; E-8; M-7
I-3; E-5; A-5; G-15; M-
8 G-14; A-13;
D-2 A-2; M-1
1. Very Low
I-1; F-4; A-4; F-12;
E-12 D-14 A-1
sds
1. Minor 2. Low 3. Medium 4. Major 5. Critical
Figure 8: Los Andes’ Severity Risk Matrix
Each insitution will have a different severity risk matrix. This is of course, because they
all have different risks, but also because they have a different level of risk apetite,
objectives, and therefore tolerance level. For instance, some institution might consider
that having a risk with a medium impact and a possible probability is of high
importance, while in Los Andes this is viewed as a moderate risk.
In our case, as Los Andes recently established their risk management comittee in mid
2015, no severity risk matrix has been drawned for 2015, only 2014. However this step
is crucial for analysing their operational risks in the coso framework. This specific one
was thus produced with the aid of the qualitative and quantitative datas collected, and
the impact and frequency analysis conducted, and the aid of Los Andes’ risk
department.
40
4. Risk response
Other than risk assesment, determining a risk response is one of the most trivial
decisions that organizations make when developing their ERM framework.
Management can select between accepting, avoiding, reducing or sharing the risk. As
the risk events are uncertain, it is important to decide on the right reply, as they can
have significant consequences on the cooperative (Ballou & Heitger, 2005).
By ploting the events in the risk severity matrix, they have been given a certain level of
importance to the cooperative. Depending on this, and the Los Andes’ risk apetite, an
event will be either tolerated by the institution or not.
Risk Level Tolerance level Low Tolerable Moderate Tolerable High Intolerable Extreme Intolerable
Table 5: Los Andes’ Tolerance Levels
The risks situated in the tolerable area will usually not be controled and therefore most
of the time accepted. The institution will choose to ignore them, but agree to react when
they occur. This is mainly because they have a low probability of happening, and,
respecting the cooperatives risk apetite level, don’t affect too much the acheivement of
their objectives.
On the other hand, the risks in the non-tolerable area definitely have to be responded to.
Avoiding or removing a risk is the best answer there could exist. This approach is not
always possible, as sometimes the risks can’t be eliminated, or the strategy is just too
expensive and time-consuming for the organisation. However if this strategy is chosen,
the risk has to be handled at the very start of the process, to make sure that it won’t
reapear later on. This can be dealt by clarifying the guidelines and requirements.
Mitigating a risk will consist in reducing its probability of occurrence and impact on the
institution, to an acceptable level. By choosing to reduce a risk, an organization is
committing to implement control activities, which will of course also consume
resources (stakeholdermap.com, 2015-17).
Finally, sharing a risk means transfering it to a third party. This other party should be
willing to take the responsibility for its management, and will bear the liabilities the risk
brings if it happens. This is usually done, because it is felt that the institution is not the
best party to deal with the risk, and is thus ensuring itself by finding a suitable one. This
41
approach will normally involve the payment of a premium (stakeholdermap.com, 2015-
17).
When deciding on which response strategy should be undertaken for the risk events, the
cooperative has to well analyse the implication this could have on them, and the other
risks. The latter is referred as risk correlation, a challenging aspect of the Coso
Enterprise Risk Management. For instance, if the cooperative adds additional steps in
the credit process to increase verification, then this can on one hand help to mitigate the
risk of fraud, but on the other hand also increase the time of attending a member.
Taking this into account, and again the tolerance level of Los Andes, a strategic
response has been attributed to every non-tolerable event, in table 6.
Risk Code
Event Description Risk Level Risk Response
I-2 Promoting the wrong informations/attracting the wrong targeted members
High AVOID
I-13 Create a ghost member with a credit analyst High MITIGATE
E-1 Creation of a Ghost Applicant, by presenting false documents Help the member to falcify its documents to receive a credit Accept bribery and charge additional commissions
Extreme
MITIGATE
E-2
He doesn’t notice the falsiness of the member’s informations Gives wrong informations to the applicants because of not knowing
Extreme
MITIGATE
E-3
Doesn’t include all the documents Skips some of the evaluation steps Doesn’t verify the applicants data
Extreme
MITIGATE
E-4 The applicant’s revenues can later on be affected by a catastrophe
Moderate ACCEPT
E-5 The system fails preventing the evaluation Moderate ACCEPT E-6 Taking its time to attend the members demand Moderate AVOID E-9 Unaware of the new services that can be offered to the applicant High AVOID
E-11 Accept guarantees that are not conform to the law Moderate MITIGATE E-13 Act of fraud of a third party when evaluation the value of
guarantee High MITIGATE
A-1 Create a ghost applicant High MITIGATE A-2 Accepting a ghost applicant
Accept a credit to prevent a non-repaying credit Extreme MITIGATE
A-3 Dot not verify the credit officer’s proposal Do not complete the credit act book
Extreme MITIGATE
A-11 Accept guarantees not conformed with the law Moderate MITIGATE A-13 Act of fraud of a third party to approve the credit High MITIGATE F-1 The datas on the guarantee are falsely entered into the system Extreme MITIGATE F-2 Do not notice the presence of other mortgages the member has High MITIGATE F-3 Do not formalise the guarantee with le law requirements
Do not ask the right signatures needed to be legally binding Moderate MITIGATE
F-13 Act of fraud from a third party (notarial) when valuing the guarantee
High
MITIGATE
42
Risk Code
Event Description Risk Level Risk Response
D-1
Accept false documents Disburse less than the approved amount Do not verify the datas Modify the softwares data, such as interests charged Disburse to another person
Extreme
MITIGATE
D-2
Disburse a credit more than once Forget to cancel the previous credit before giving a new one Disburse in another currency or the wrong amount Disburse when the documents are false
High
MITIGATE
D-3 Do not verify the datas High MITIGATE D-14 Not enough liquidity causing the interuption of the process Moderate ACCEPT
M-1
Refinance a credit to reduce its portofolio’s PAR30 Charge additional commisions on late repayment Register a different amount than the one paid by the member
Extreme
MITIGATE
M-2 Not aware of the recuperation guidelines High AVOID
M-3 Do not follow up the member Do not send the repayment notifications Do not file the transactions
Extreme
MITIGATE
M-11
Delays and expansion of legal proceedings because of non-compliance
Extreme MITIGATE
G-6 The disbursement process takes a lot more, and the members are not attended on time
High MITIGATE
G-14 Credit process is interupted, losing a lot of time High MITIGATE G-15 No clear objectives and responsibilities in the processes
The processes are not adapted to the cooperatives size Moderate AVOID
G-16
Not enough staff There is no replacements for abscent key staff High personal rotation
High
MITIGATE
Table 6: Los Andes’ Risk Events and Risk Response Strategies.
For each risk response chosen, control activities will be designed. However we can
notive that sometimes some of the events are the same. For instance, both during the
evaluation step and the aproval one, a guarantee that is non conform to the law can be
passed on. Risk response and control activities will therefore be the same for these
events.
Also, we can observe that no risks have been shared. This is mainly because Los Andes
is still a small cooperative and doesn’t have the possibility to do so.
Finally, the risk response choice will result in alterations in the severity risk matrix.
Risk management’s aim is to efficiently respond to these risks so that they are reduced
to a tolerable level. Avoiding a risk results in the removal of that risk from the plot
because the underlying activity is no longer being performed. When accepting a risk,
the initial risk plot remains because no action is taken to reduce it. For any risks that are
shared or reduced, their probability and impact will be reduced, and therefore move to
the bottom left (Curtis & Carey, 2012).
43
5. Control activities
Once the cooperative agreed on which response should be undertaken for each risk
event, to ensure that these are effectively carried out, they need to define control
activities as policies and procedures to be implemented.
The Coso ERM framework will describe control activities as an activity or innitiative
that will reduce the probability or impact of a risk event. This definition is broader than
the traditional notion of internal control. Internal control will be a control activity, one
that specifically manages financial reporting risks (Ballou & Heitger, 2005).
To find a cur to an illness, the doctor has to comprehend its causes. Similarly, to
mitigate any risk, the cooperative needs to first identify the sources and therefore the
drivers of the risk. To well understand the causes of an event, it is fit to use the 5
“Why?” technique. In this method, the question will be asked five consecutive times,
making sure that the real origin of the risk is determined.
Firstly operational risk in general is caused by the various factors such as personel,
external events, process design and the technology used. Secondly each of them are
themselves explained by the various risk events that exist in their process. Thirdly, the
roots of these events has to be analyzed, and this will be again, done via the interviews
and observations.
Determining the causes of a risk is not an easy task, as most of the risks are interlinked,
and many of them have the same causes. The latter is an opportunity for the
cooperative, as they can handle two or more risks at once.
To make it simple and organise ourselves, a diagram will be drawn. Visualising is the
best method when trying to undertand and handle risk. The diagram is here to help us
observe all the possible sources around the operational risks of the credit process. This
figure will later on make it easier to identify the control measures for the risk drivers.
44
Figure 9: Los Andes’ Operational Risk Drivers
The figure might seem complicated to understand, but this is only because most of the
events have the same causes. The easiest way to read it is to look at the colour of the
lines going from each event, which represents one specific source.
For example, what causes the personel to comit fraud? This risk mainly comes from the
credit officers, and after interviewing many of them, it has been understood that there
are many factors that contribute to the accomplishement of this risk.
Firstly, there is no supervision or verification system installed in the whole cooperative.
Most of the employees can act freely without any restrictions. Credit officers are thus
under no threat when they commit an act of fraud. In the Cusco Office, when I
interviewed Mary Luz Apaza Nina, it has been revealed that she as a credit officer is
alone in charge of the whole credit process, from the promotion phase to the
disbursement and recuperation one. In addition she is her own credit chief officer,
which means that she is the person supervising herself, and therefore has complete
power over her acts. In this case, the design of the credit process is just not appropriate,
and verification steps, conducted by other persons than the credit officers themselves
should be implemented.
Secondly, in Los Andes, most of the time the employees are not chosen in respect to
their skills, but because of their acquaintances. Of course, this gives them an advantage,
45
as it is harder to fire them, if any act of fraud were to be suspected or proven.
Additionally, no financial or psychological incentives have been developed by the
human ressource department. Credit officers receive a fairly low revenue, and in times
of financial need, even if they are honest persons, might decide to act illegally to help
their family, or for other reasons. Instead of creating motivation in the cooperative, there
is a certain demotivation effect. Employees have no future working plan, low revenues
and long non-rewarded working hours, giving them more reasons to care less about the
cooperative and violate it without having a guilty conscience.
Thirdly, there is no training provided to the credit officers when they start the job. They
learn by observing the other officers for a month. Instead of being taught the guidelines
and processes, they will learn the tricks, short cuts and act of fraud carried out by the
other experienced officers.
Finally, the credit software is not well adapted, and gives the credit officers the
possibility to easily modify it. In the evaluation part, they can enter false informations,
as no verification process is installed.
As a result, the risk of fraud can come from various sources, and all of them need to be
carefully taken into account when developing control activities.
The same reasoning and questioning is conducted for every risk event, to find out the
main origins of these risks, and as we can notice on the figure, there are five main
sources: the lack of training; the human ressource department; the software/technology;
the process design and the lack of verification/supervision. The mitigation methods
should therefore be designed around them, ameliorating the operations of the credit
process.
For the cooperative to well manage its operational risks, it has to design on one hand
policies preventing the various threats that can affect their operations, and on the other
hand activities to mitigate the impact these threats can have on the cooperative on
general. Risk management has to be able to anticipate the risks, but also to mitigate and
respond to them once they occur. In other words, Los Andes has to plan control as well
as recovering measures (Curtis & Carey, 2012).
Then, each activity has to be assigned to a specific department or person. Each
procedures requires a responsible, and these need to be well communicated to the whole
personnel. They need to be aware of each other’s duty in the process, and what impacts
their action can have on its implementation. The whole cooperative must be part of the
risk management process for it to be fruitful, otherwise the ressources spend on the
46
management are just wasted.
One of the main problems in Los Andes, is that they only manage the risks once they
occur. They will therefore only try to mitigate the impacts the operational risks can
have, but won’t install any control activities to try to prevent the threats from happening
and creating operational losses. This is mainly because the real sources of their
operational risks haven’t been well identified, and also because sometimes the top of the
organisation doesn’t want to accept and manage them. For instance, in Los Andes, the
CEO, Victor Chati Perez, believes that as they are a cooperative, and obey by their
values and principles, no verification and supervision should be installed. He assumes
the employees are working in the cooperative because of its social side and difference
with a traditional organisations, and as they are more attached and honest than in other
normal institution, they deserve more trust. However I believe this is one the main
threat the cooperative faces, as many of the events are partly caused by this absence.
The Bow Tie is a comon diagram used in risk management to give a visual summary of
all plausible accidents and threats that could exist around a certain hazard. This figure
also demonstrates the various control measures taken by the cooperative to control the
risk factors or recover from the presumable impacts (CGE, 2016).
Figure 19: Los Andes’ Operational Risk Bow Tie Diagram
47
On the Bowtie Diagram, some of the events are tackled with the same control activities.
This is because as we have previously seen, they are caused by the same factors. This is
an opportunity for the cooperative, as it can now handle one or more events with one
control measure. The control measures should hence be well thought, making sure that
they prevent the biggest amoung of risks.
Each of the control measures are described in detail below, and one or various
responsibles are attributed to each one of them.
Prevention Measures:
Process Design:
The CEO, as well as the managers of each department should regularly meet and rethink
in detail the processes. Then of course, the employees are responsible to respect them.
P1: The processes in the cooperative need to be changed. The different steps of the
credit process must be completed by different persons, and not by the same one, as it is
the case in Los Andes where the credit officer is in charge of all of them. This will
reduce the probability of a credit officer or anyone in the credit process to make an
error, be dishonest, or commit fraud, as they will have to go through all the stages and
the numerous persons in charge of them. For instance, the datas gathered by the credit
officers during the evaluation process should not be entered by themselves in the
software but by another person such as the cashier.
P2: The credit process should also be adapted if any catastroph occurs. In other words,
consideration should be given in the evaluation process to the fact that an economical,
legal or environmental catastroph could happen. These speculations should for example
be included in the contracts during the formalisation of the guarantees.
P3: The process should be constantly rethought; making sure that it is always up to date
to the new regulations, and the size of the cooperation. Los Andes does regularly
change their guidelines and requirements, however these are never communicated to the
employees and are therefore not implemented.
Human Ressources:
The Human ressource department is the one in charge of anything that has to do with
hiring employees, and installing a good working culture.
H: Human resources are a great source of risk. They should implement psychological as
well as financial incentives to ensure that their employees are motivated and won’t be
tempted to commit any fraud, or be dishonest or commit an error, only because they are
48
demotivated and do not feel integrated in the cooperative. The employees have a very
poor salary, don’t have any future job plans, and work long hours, without having any
incentives. Threats were never good incentives to ensure that the staff works well, but
rewards are. Giving them the willing to be more productive, and work for the
cooperative can be very effective. However any incentive should always be
accompanied with a good supervision. This is mainly because, when financial
incentives are installed, the staff might try to commit more fraud to gain more rewards.
Additionally to this, the human ressource department should make sure that it is hiring
the personal with the right skills, and that respect the cooperativism.
Operational manager
Three months ago, Los Andes has created a new position called Operational Manager to
Claudio Silvera Palomino. He is responsible of all the operations and installing
verification measures.
V: Implementing supervision and verification steps in the activities is the most
important measure Los Andes should undertake. There is no verification policies
whatsoever. Without supervision, the employees can work as they feel like, which could
very quickly create serious problems in the operations. Every step of the credit process
should be verified by a different person than the one who was in charge of completing
it. In the offices, it is normally the chief of credits or the administrator who is in charge
of this task, however as they are themselves not supervised, they don’t perform it, as
they believe it to be too time consuming.
Finally verification phases should also be included in the software. For instance, the
credit officer can’t continue with its proposal folder, if the administrator doesn’t sign in
the software, prooving that the datas have been verified.
Educational Department:
The Educational Department are engaged in all the formations, workshops and training
session.
T: Training is also an important way to control the threats the operation faces. Firstly,
adequate training should be given to the aprentices, making sure that they from the start
well understand the processes and their guidelines, to not make any errors in the future.
Regular training should also be given to all the employees, updating them on the new
policies, and the new technologies available.
Specific training sessions should also be organised for the employees on cooperativism,
49
teaching them the values and principles to respect. The benefits they receive by working
in the cooperative also need to be mentioned.
Finally, all the employees must be conscient of the risks the cooperative faces. This can
again be communicated via trainings.
For this to work, all of the training sessions need to be supervised, making sure that the
employees are well following the classes. If the employees know that they would never
be examined on their knowledge, then they might never listen or remember nothing
from the formations. Nothing can be ensured without supervision.
Information System Department:
The IT department is answerable for the well functioning of the systems and softwares
in the cooperative.
S: The software need to be adapted to the size of the institution. This could cost a lot for
the institution. However Los Andes is currently thinking in changing it, as they have
noticed that there are many features missing from their software, such as including the
members signatures. In addition to this, not all the datas can be entered in it, creating a
bad communication between the 14 offices.
Communication:
Here again, it is Claudio Silvera Palomino, manager of the operations who is
responsible to install a good communication in the cooperative. However the
Educational Department should also teach the importance of good communication to the
employees.
C: Communication should be included in the processes. It is important that the
employees are aware of the tasks of the others in the credit process, and have a whole
picture of the opeations. In Los Andes, the employees will only know their own
responsibilities, as no informations has been given on the others, and there is no good
communication between them. For instance, I worked more than a months in the
institution, and every employee had a different idea of my task in the institution, as my
supervisor didn’t properly mention the reasons for my staying to the staff.
Mitigation Measures:
Human Ressources
E: The human ressources department is in charge of making sure that there is always
enough personel in the cooperative, and that the current employees are not overloaded,
which could make the credit process slower. Back-up personel should also be though of,
50
to step in when there is a key abscent. Key abscents can cause the interuption of the
process, and financial losses as well as social losses for the cooperative.
Educational Department
F: The educational department is in charge of well training the staffs. They need to
teach them how they can well promote the cooperatives services to the members, be
more productive, handle employee complaints and the current law requirements. These
are to make sure that the operations well function and that the final service offered is of
quality.
Information System Department
B: As mentioned before the technology should constantly be put up to date. However in
times of breakdown, it is crucial for the cooperative to preserve their datas in a virtual
account. A back up software could also be usefull, if not too expensive for Los Andes.
Operational Manager, and Office Administrators
D: Verification is an important activity, as well as in the prevention stages than in the
mitigation ones. It is always crucial to supervise your employees, making sure that the
job is well done. In terms of attending the members, it is important to monitor and
verify that the staff are well doing their job in each of the credit process, to be certain
that no time is lost. The cooperative also needs to make sure that the credit officers are
correctly respecting the monitoring guidelines and sending all the repayment notices on
time to the members, to be aligned with the law, and prevent legal problems. The
guarantees conformity to the law also needs to be constantly checked.
Process Design:
O: It is important to make sure that the cooperative is not making financial losses. To
prevent the company from making more financial losses, it is crucial for them to have
better monitoring and following up strategies on their members. Once the credit is
disbursed, the credit officer usually don’t follow up on the member, causing an increase
in the non repayments, and financial losses for the cooperative. The post-evaluation of
the credits is essential and the cooperative should ensure its completion.
U: To ensure that the attending time to members is not too long, the overal credit
process should be simpler. The member needs to go through too many steps, and too
many documents are demanded from him. The process should be secure making sure
that we are accepting the right applicants, however it shouldn’t also not be too long,
which could affect the quality of the service offered.
51
A : Members Complaints need to be accepted and followed up by the administrative
department. Measures should be taken in responding to them, to satisfy the members
and keep the cooperatives reputation.
As a result, for Los Andes to well manage its operational risks, installing these
measures could be very helpful. These measures are recommendations drawn on my
experience in microfinance, and the observations made during my stay in Los Andes.
They are the main activities that Los Andes is missing in managing their risks, and
which are in return potentially augmenting their operational risks.
Responding to the risks by implementing adapted policies and procedures, will allow
Los Andes to move their risk events on the severity risk matrix, to a level where the
residual risks are tolerable, according to their risk appetite.
6. Information and communication
Operational Risk can only be effectively managed if the whole cooperative is involved
in it. Relevant information has to be communicated to the employees to help them
understand their responsibilities in this whole process (Churchill & Coster, 2001). The
previous Bow-Tie Diagram is the best figure to use, as it visually summarises all the
threats and impacts the cooperative faces, and demonstrates the measures taken to tackle
them. The responsibles for each activity are also shown. This figure is a great
communication tool, but is effective if and only if it is well informed to the personnel.
The Educational Department, accompanied by the risk manager and the operations
manager, should make sure that its importance, the benefits it could bring to the
cooperative are known by the saff. Employees have to be conscient that their constant
participation is key to its realisation. If they don’t see this, then they will become
cyclical and withdraw from the process in future years.
As mentioned in the first phase of the coso framework, Los Andes urgently has to
install a risk culture in the cooperative. Its relevance has been recently understood by
Los Andes, and the importance of risks and its management are now being revealed to
the employees.
It is good to have informations coming from the top to the bottom of the institution on
how the risks should be controlled, however it is also important that this information
also flows from the bottom to the top. Information systems are here to track the actual
information and inform the cooperative about the occurences of actual events, including
52
those avoided (Curtis & Carey, 2012). The framework, and the policies should be
designed with the participation of the responsible parties. To ensure that, on a monthly
basis, these parties should report on how the risks are managed and their actual costs for
the top to analyse them. The employees that are even more involved in the process such
as the credit officers should also give their opinion. Their observations can be writen in
the minutes, a book used during each of the credit meetings. In Los Andes the space in
the minutes destined for the officers observations is very small, and does not allow them
to write anything pertinent.
You’ll know you’re doing risk assessment right when leaders at every level use the
information to make decisions regarding value.
7. Monitoring
Managing risks is an ongoing process that musn’t be stopped. Monitoring and periodic
review should be planned and be part of the process (Firth, 2014).
The responsibilities for monitoring have to be clearly defined. The auditor’s job is to
check the real costs of managing the risks, and reconsider the impacts they can have on
the cooperative. The results have to be the basis for the reviews and the continuous
improvement of the framework.
In Los Andes, there is an internal auditor in charge of reviewing their activities, and
detect any risks that might not have been identified previously. Here in addition of
analysing the cooperatives quantitative data, the auditor is also going to the field to
observe the processes, and determine how the operations are in reality. However the
issue with the cooperatives in Peru is that the auditors are not properly supervised, as
they are verified by a non-regulatory body called Fenacrep (Fenacrep, 2016). They
therefore have no clear guidelines and obligations.
In conclusion, the firms monitoring and review procedure needs to envelop all of the
aspects of the risk management process. It needs to ensure that the control activities are
effective and efficient, by collecting hard as well as soft informations. If the procedures
have been determined as unsucessful, then the managers need to act quickly by revising
the risk treatment and priorities, to minimise their losses (Steinwand, 2000).
53
IV. Conclusion
Ciderural is a second-tier organisation composed of 13 cooperatives, here to provide
financial as well as non-financial services to its members, in the aim of helping them
manage the new risks they are facing, due to the rapid increase of competition in the
microfinance industry. During my internship, I first worked in Ciderural where I learnt
about the Coso risk management framework they use, and then in Los Andes, one of
their main cooperative, where I analysed their operational risks and management,
specifically in the credit process.
During the analysis, it was clearly observed that Los Andes does not have any
transparent risk management strategy, as they only respond to the risks once they
happened and impacted them. They are not even conscient of the presence of
Operational Risks as they beleive Credit Risk to be the most important one they face.
This analysis could therefore be of a great use in helping them developing a process of
managing operational risks.
Operational risks can cause significant financial as well as social losses. Good
operations are when the processes are efficient and deliver a final product of quality to
the members.
The recommendations given on how to effectively control the risks arising from the
credit operations, are principally based on qualitative datas gathered in interviews, and
observations made during the internship. The suggestions are control activities that Los
Andes could undertake in the aim of preventing the specific threats they face in their
operations such as fraud, or human error, but also to mitigate the impacts and
consequences that bad operations could have on the cooperative.
From the study, it is concluded that Los Andes has to imperatively install supervision
and verification steps in its credit process design, and incentives for its employees. The
staff in charge of the credit process are not supervised, and their work is at no time
verified, giving them the possibility to easily commit fraud, or just shirk. Additionally,
the employees have no financial or psychological incentives to aspire them in being
honest and productive. These are the main factors causing operational risks in Los
Andes and should thus urgently be managed. I believe that implemeting verification
steps is a major control activity for Los Andes, as it is a great tool to anticipate the
threats, but also mitigate the impacts.
54
Obviously verifications and incentives are not the only control activities that Los Andes
could undertake to control its operational risks. Having an up to date process design, an
adapted software, satisfying training sessions to increase their risk and risk management
knowledge is also essential. Before Los Andes chooses which measures it desires to
introduce, it is compulsory for them to conduct a cost-benefit analysis, helping them in
deciding if the advantages brought by its implementation will surmount the costs
associated with it. Again, supervision and verification merits consideration, as the
operations can gain a lot more from it than the financial cost it will impose.
In the report, operational risks only arising from the credit process were examined.
However it is necessary for Los Andes to carry the same study for their other processes
such as the administrative, or saving one.
Unfortunaltely, when interviewing Ciredural’s CEO, Macario Veramendi Zuñiga , it
was revealed that, no reports was never done on Los Andes’ operational risk
management, however others were done on credit risk management where similar
advises were given.
The top management of Los Andes believes that as they are a cooperative, they need to
focus more on their social objectives, neglecting their financial one. They assume that
people become a member because they strongly accept the cooperatives principles and
values, making them more honest and more willing to work hard than any traditional
employee in any institution. As they deeply trust in their employees and members,
supervision and incentives are not even a consideration. However, regrettably, this is
not the case in reality, as all members are humans and can simply violate their trust.
Not accepting these propositions is a shame for the cooperative, as they could be very
useful in maintaining their sustainability. Additionally Los Andes is the biggest
cooperative in the Apurimac region, and has been functioning for more than 15 years.
They therefore have the right infrastructure and reputation in place to allow them to
expand themselves and serve more peruvian poor families, and fulfil the primary
purpose of microfinance, which is to alleviate poverty.
Living three months in Peru, and working in a cooperative has taught me a great
amount. First of all, living in a developing country, with extremely different cultures
can be very difficult. It is sometimes very hard to understand the peruvians as their
actions might not seem logical, when they are in fact completely reasonable for them. I
therefore had to learn to surpass these and accept it. Secondly my experience in the
55
cooperative was very interesting. I myself never worked in a cooperative before, and
definitely expanded my knowledge on how cooperatives work. Studying their
operational risks also made me realise that it is an enormous and confusing risk that
most of the institutions don’t know about or just try to deny it. In reality, managing this
risk is very complicated, as the size of the cooperative, its objectives and the context of
the country are fundamentals that affect the way the microfinance theories are practiced
on the field.
56
References
Ballou, B., & Heitger, D. L. (2005). A Building-Block Approach for Implementing COSO’s Enterprise Risk Management— Integrated Framework. Management Accounting Quarterly , 6 (2). Barrientos, R. N. (2015). Riesgo Operacional y el Rol del Gestor de Riesgo Operacional - Powerpoint Slides. Insaco. Lima: GIR (Gestion Integral de Riesgos en las CAC). Barton DG (1989). What is a cooperative? In Cooperatives in agriculture, ed. D. Cobia, 1-20. New Jersey, USA: Prentice-Hall, Inc. Basel Committee on Banking Supervision’s (BCBS) (Jun 2006) Basel II framework, International Convergence of Capital Measurement and Capital Standards. Bernard, S. (2015, August). Successful Poverty Reduction in Peru. Retrieved from The Borgen project: http://borgenproject.org/poverty-reduction-in-peru/ Carrillo, A. (2012, Decembre 20). Full Participation is Tradition in Peru. Retrieved 2016, from HEIFER INTERNATIONAL: http://www.heifer.org CGE. (2016). The Bowtie Method. Retrieved July 2016, from CGE – Risk Management Solutions : http://www.cgerisk.com/knowledge-base/risk-assessment/thebowtiemethod Churchill, C., & Coster, D. (2001). Microfinance Risk Management Handbook. CARE.
CIDERURAL. (2014a). Plan Estrategico Ciderural 2014-18. CIDERURAL. CIDERURAL. (2014b). BROCHURE CIDERURAL 2014. CIDERURAL, Lima. CIDERURAL. (2015a). BROCHURE CIDERURAL 2015. CIDERURAL, Lima. CIDERURAL. (2015b). Reglamento de Riesgo Operacional . Lima: CIDERURAL. CIDERURAL. (2016). Vision-Mission. Retrieved 2016, from http://www.ciderural.com/es/ Cornée, S. (2015), “The Relevance of Soft Information for Predicting Small Business Credit Default: Evidence from a Social Bank” The Journal of Small Business Management. WP-CREM No 201226.
Cropp R & Ingalsbe G (1989). Structure and scope of agricultural cooperatives. In Cooperatives in Agriculture, ed. D. Cobia, 35-67. New Jersey, USA: Prentice-Hall, Inc. Curtis, D. P., & Carey, M. (2012). Coso Risk Assessment in Practice. Tough Leadership in ERM. Deloitte & Touche LLP . Dabla-Norris, E., Deng, Y., Ivanova, A., Karpowicz, I., Unsal, F., VanLeemput, E., et al. (2015). IMF Working Paper: Financial Inclusion: Zooming in on Latin America. International Monetary Fund. IMF .
57
Etzensperger, C. (2012). Research Insight Peru - Model Market for Microfinance . ResponsAbility. Fenacrep. (2016). Federacion Nacional de Cooperativas de Ahorro y Credito del Peru. Retrieved July 2016, from http://fenacrep.org/web/index.php ICA. (2015). Co-operative Identity, Values & Principles. Retrieved July 2016, from International Cooperative Alliance: https://ica.coop/en/whats-co-op/co-operative-identity-values-principles IFC. (2013). Making Microcredit Accessible for the Poor in Rural Peru . Peru: International Finance Corporation. Insaco. (2016). Riesgo Operacional - Power Point Slides. Innovacion Financiera para un Mejor Desarrollo Empresarial . Lima: Insaco. IPPF. (2012). Coordinating Risk Management and Assurance - Practice Guide. The Institute of Internal Auditors. Kappes, A. (2014). Raiffeisen – Development and promotion of cooperative structures worldwide. IRU – International Raiffeisen Union. Kruijff, D., & Hartenstein, S. (2014). Microfinance and the Global Financial Crisis: A Call for BASEL. IFC International Finance Corporation.
Lascelles, D., Mendelson, S., & Rozas, D. (2014). Microfinance Banana Skins 2014: Facing Reality. CSFI Centre for the Study of Financial Innovation (CSFI). LOS ANDES. (2012). Manual de Oganizacion y Funciones . Peru: LOS ANDES. LOS ANDES. (2014). Plan Estrategico Institucional de la Cooperativa de Ahorro y Credito Los Andes 2015 - 2018 . Peru: LOS ANDES. LOS ANDES. (2015a). Seguimiento cumpl de metas mensuales 2015. Abancay: LOS ANDES. LOS ANDES. (2015b). MFI FACTHSEET. Lima: LOS ANDES. LOS ANDES. (2015c). Reglamento del Comite de Riesgos. Abancay : LOS ANDES LOS ANDES. (May 2016a). Tasas Activas Vigentes - Interes de Prestamos de Productos - Aprobado en Session Ordinaria de Consejo de Administracion el 13-14/01/2016. LOS ANDES. LOS ANDES. (2016b). Informe de Gestión de Riesgos - Enero 2016. Peru: LOS ANDES. LOS ANDES. (2016c). LOS ANDES Cotarusi Aymares - Cooperativa de Ahorro y Credito, Patrimonio de Apurimac. Retrieved July 2016, from http://www.cooperativalosandes.com.pe
58
LOS ANDES. (2016d). Reglamento de Prestamo de la CAC Los Andes. Abancay: LOS ANDES. Mbeba, R. D. (2007). MFI Internal Audit and Controls Trainer’s Manual . Mennonite Economic Development Associates . Ministerio De La Producion. (2014). Plan Nacional De Diversificacion Productiva: nuevos motores para el desarrollo del pais. Lima: RCD IMEX PERU E.I.R.L. Moors, K. (2016). Performance Analysis of Microfinance Institutions - Efficiency and Productivity Ratios - Power Point Presentation. Solvay Business School - ULB. Brussels: BRS. National Bank of Ethiopia . (2010). Risk Management Guidelines for Microfinance Institutions (FINAL) . Microfinance Institutions Supervision Directorate. Office of Internal Audit and Institutional Risk Management. (2016). Institutional Risk Management. Retrieved July 2016, from Office of Internal Audit and Institutional Risk Management: https://www4.vanderbilt.edu/ Oxford Dictionaries. (2016). (O. U. Press, Producer) Retrieved July 2016, from Oxford Dictionaries - Language matters: http://www.oxforddictionaries.com/definition Perez, T. B. (2016, Jun 5). Risk Management. (Ciderural, Director, & T. B. Perez, Performer) COPEME, Lima, Peru. Peru Support Group. (2013). PERU HISTORICAL OVERVIEW: INTERNAL ARMED CONFLICT. Retrieved 2016, from http://www.perusupportgroup.org.uk PricewaterhouseCoopers LLP . Committee of Sponsoring Organizations of the Treadway Commission . Sanchez, V. (2016, July). Cooperativism in Peru. (A. Voyeux, Interviewer) Abancay: Education Department. SBS. (2009). Resolución S.B.S. N° 2116 -2009 . Lima: El Superintendente de Banca, Seguros y Administradoras Privadas de Fondos de Pensiones . Schmit, M. (2016). Introduction to Risk Management (Part 1) - powerpoint slides. Case Studies in Microfinance (p. 5). Brussels: EMP Course. Steinwand, D. D. (2000). A Risk Management Framework for Microfinance Institutions. Division 41: Financial Systems Development and Banking Services. Deutsche Gesellschaft für Technische Zusammenarbeit (GTZ). SOS FAIM. (2011). The cooperative ethos Activity Report 2011: SOS Faim Belgique and SOS Faim Luxembourg . Luxembourg: SOS FAIM.
59
SOS FAIM. (2016). SOS FAIM BELGIQUE. Retrieved July 2016, from https://www.sosfaim.be Soto, H. D. (1986). El Otro Sendero: La Revolucion Informal. Lima: Editorial El Barranco. Stakeholdermap.com. (2015-17). Risk Management, Risk Analysis, Templates and Advice. Retrieved July 2016, from http://www.stakeholdermap.com/risk/risk-responses.html Steinberg, R. M., Everson, M. E., Nottingham, L. E., & Martens, F. J. (2004). Enterprise Risk Management — Integrated Framework Executive Summary . Vásquez, G. M. (2016). Manual Práctico de Créditos Rurales . Lima: CIDERURAL. Voyeux, A. (2016). Risk Management: How To Mitigate Over-Indebtdness? European Microfinance Program, Microfinance from Management to Conception. Brussels: Solvay Business School. WORLD BANK. (2016, April). Peru-Overview-Context. Retrieved July 2016, from World Bank: http://www.worldbank.org/en/country/peru/overview#1 Zuñiga, M. V. (2016, Jun). CIDERURAL's composition. (A. Voyeux, Interviewer) Lima, Peru.
60
Appendix Appendix 1: Ciderural’s organisational structure [CIDERURAL. (2014). Plan
Estrategico Ciderural 2014-18. CIDERURAL.]
61
Appendix 2: Risk Management Formation Certificate
62
Appendix 3: Par 30, Los Andes 2014-16 [LOS ANDES. (2016). Informe de Gestión de Riesgos - Enero 2016. Peru: LOS ANDES]
Appendix 4: Los Andes’ Par30 depending on the credit types [LOS ANDES. (2016). Informe de Gestión de Riesgos - Enero 2016. Peru: LOS ANDES]
63
Appendix 5: Los Andes Par30 in respect to the branches [LOS ANDES. (2016). Informe de Gestión de Riesgos - Enero 2016. Peru: LOS ANDES]
64
Appendix 6 : Los Andes’ detail risk events allocation in the Credit Process
Risk Code
Event Description Impact level
Probability level
Risk Level
I-1 Creating a ghost member, report non-existing members Charges non-existing commissions
Medium Very Low Low
I-2 Promoting the wrong informations/attracting the wrong targeted members
Medium Likely High
I-3 Do not archive the reports or operations Medium Low Moderate I-10 Do not use the right technologies in its disposition to evaluate
the new member Minor Possible Low
I-13 Create a ghost member with a credit analyst Major Low High E-1 Creation of a Ghost applicant, by presenting false documents
Help the member to falcify its documents to receive a credit Accept bribery and charge additional commissions
Critical
Likely
Extreme
E-2 He doesn’t notice the falsiness of the member’s informations Gives wrong informations to the applicants because of not knowing
Major
Likely
Extreme
E-3 Doesn’t include all the documents Skips some of the evaluation steps Doesn’t verify the applicants data
Major
Likely
Extreme
E-4 The applicant’s revenues can later on be affected by a catastrophe
Major Very Low Moderate
E-5 The system fails preventing the evaluation Medium Low Moderate E-6 Taking its time to attend the members demand Medium Possible Moderate E-8 Physical damage to the credit officer during evaluations Low Low Low E-9 Unaware of the new services that can be offered to the applicant Major Possible High
E-10 Not using the right technology in disposition Low Possible Moderate E-11 Accept guarantees that are not conform to the law Medium Possible Moderate E-12 Members guarantee or revenues affected by the financial
markets such as exchange rates Medium Very Low Low
E-13 Act of fraud of a third party when evaluation the value of guarantee
Major Possible High
A-1 Create a ghost applicant Critical Very Low High A-2 Accepting a ghost applicant
Accept a credit to prevent a non-repaying credit Critical Low Extreme
A-3 Dot not verify the credit officer’s proposal Do not complete the credit act book
Major Frequent Extreme
A-4 The applicants revenue or guarantee can be affected by a catastrophe
Medium Very Low Low
A-5 The system fails preventing verifying the members repayment history with credit burreau (EQUIFAX)
Medium Low Moderate
A-11 Accept guarantees not conformed with the law Medium Possible Moderate A-13 Act of fraud of a third party to approve the credit Major Low High F-1 The datas on the guarantee are falsely entered into the system Major Likely Extreme F-2 Do not notice the presence of other mortgages the applicant has Major Possible High F-3 Do not formalise the guarantee with le law requirements
Do not ask the right signatures needed to be legally binding Medium Possible Moderate
F-4 The guarantee documents are lost after a catastrophe Not considering the impact a catastrophe can have on the guarantee
Medium
Very Low
Low
F-12 The guarantees value is affected by the financial markets Medium Very Low Low
65
Risk Code
Event Description Impact Level
Probability Level
Risk Level
F-13 Act of fraud from a third party (notarial) when valuing the guarantee
Major Possible High
D-1 Accept false documents Disburse less than the approved amount Do not verify the datas Modify the softwares data, such as interests charged Disburse to another person
Critical
Possible
Extreme
D-2 Disburse a credit more than once Forget to cancel the previous credit before giving a new one Disburse in another currency or the wrong amount Disburse when the documents are false
Major
Low
High
D-3 Do not verify the datas Medium Likely High D-11 Do not report transactions in accordance with the requirements
of the regulations on money laundering Medium Possible Moderate
D-14 Not enough liquidity causing the interuption of the process Major Very Low Moderate M-1 Refinance a credit to reduce its portofolio’s PAR30
Charge additional commisions on late repayment Register a different amount than the one paid by the member
Critical Low Extreme
M-2 Not aware of the recuperation guidelines Major Possible High M-3 Do not follow up the members
Do not send the repayment notifications Do not file the transactions
Major Likely Extreme
M-4 Do not consider the catastrophes that could impact the repayments of the member
Medium Likely Moderate
M-7 Do not consider the political risks of the countries with which the member has business
Low Low Low
M-8 Physical harm when conducting the recuperation process on the field
Medium Low Moderate
M-11 Delays and expansion of legal proceedings because of non-compliance
Major Likely Extreme
G-6 The disbursement process takes a lot more, and the members are not attended on time
Medium Likely High
G-8 Credit officers risk of accident on the moto Members with epidemi that could affect the officer
Low Low Low
G-10 The right technologies are not used in general, such as portable technology
Medium Possible Moderate
G-14 Credit process is interupted, losing a lot of time Major Low High G-15 No clear objectives and responsibilities in the processes
The processes are not adapted to the cooperatives size Medium Low Moderate
G-16 Not enough staff There is no replacements for abscent key staff High personal rotation
Medium Likely High
G-17 The members information is not secured and the whole cooperative can have access to it
Minor Likely Low
