Basel defines Operational Resilience as a bank`s ability to deliver critical operations even at times of disruption. This would mean that the bank should have the ability to identify and protect itself from threats and potential failure.
Failure Mode Effect Analysis is a step-by-step approach for identifying possible vulnerabilities or failures and prioritize the same based on analysis of impact and effects. Failure Mode, is a method to identify vulnerabilities or errors, be it actual incidents or potential failures for any critical operations with emphasis on those affecting the customer. An Effect Analysis is the study of consequences of identified failures.
FMEA prioritizes failures according to severity, frequency and detectability:
- Severity describes the seriousness of failure consequences
- Frequency describes how often failures can occur
- Detectability refers to degree of difficulty in detecting failures
Steps involved in FMEA:
- List all the Important Business Lines
- Resource Mapping
- Identify Potential Failure and Effect
- Failure Severity
- Failure Likelihood
- Failure Detection
- Compute the Risk Priority Number
1. Important Business Lines
Operational Resilience is about having a comprehensive understanding of the core, or critical services that an enterprise offers to its customers and that must continue to operate during a period of disruption. The more consumers who are impacted and the more vulnerable they are, the more probable it is that the related service will be deemed “important.”
2. Resource Mapping
The operationally resilient firm would be expected to have a comprehensive understanding and mapping of the resources and dependencies that support their business services. Firms should identify and document the resources that deliver and support their important business lines. Resources which are required to be mapped include Process, People, Technology, Data, Third Party and Location.
3. Potential Failure and Effect identification
For each of the mapped resources for the important business line, identify the potential failure and effect based on experience, past data, market dynamics etc. This is a subjective assessment based on the experience of the individual or group.
4. Failure Severity
Severity is the seriousness of failure effects. A best practice is to rate failure effect severity on a scale of One to Ten or Five, with one being the least severe.
5. Failure Likelihood
How often the failure occurs is an important step. For reference look at similar processes and their documented failure modes. Similar to severity this can also be measured using a scale method.
6. Failure Detection
Detection will indicate how likely the failures will be detected. The higher the value of detection on a scale, the more likely the failure will not be detected.
7. Risk Priority Number (RPN)
RPN should be calculated for each resource mapped for the important business line. RPN is computed by multiplying the failure severity, failure likelihood and failure detection. RPN shows the most risky area and should get highest priority for corrective measures to reduce impact. After remediation and corrective actions are implemented the RPN is recomputed to measure the difference.
Interested to learn more on FMEA? Talk to our expert here.