Friday, April 23, 2004

Operational Risk--The Problem Is of Poor Governance

Operational Risk--The Problem Is of Poor Governance:

RiskCenter
Gupta, Suresh

Recent media attention regarding the end of Capital One's relationship with Wipro after call center workers in India were found using unethical tactics to sign up customers for credit cards and obtaining confidential data about customers for fraudulent purposes has highlighted the potential risks of having an offshore, third party vendor manage a call center.

Offshore vendors typically do not have the years of experience managing call centers seen with onshore vendors. Common risk management techniques involve due diligence, SLAs, and strong governance, but tough internal controls at the offshore vendor site is often overlooked. Firms interested in using offshore vendors for call center should ensure that controls exist within the offshore firm to monitor the environment, risks, information, and communications processes used.

One of the first steps for risk managers is to ensure that human resources policies and procedures, as well as ethical codes and staff skills, meet the objectives of the firm, then risk managers should focus on how to identify potential risks and mitigate them. In order to determine if procedures and policies are working, warning systems should be developed including the development of performance goals and open communication between the client and the overseas vendor. Firms should also audit internal controls at offshore firms periodically to ensure that procedures and tasks are being completed on schedule and in the right manner."