Any company looking pass a 'smell' test about its risk management standards should have a robust array of risk policies and procedures in place. In this the second of four blog posts about the CCRO's recently approved "Risk Management Standards" white paper, we dive into standards 7 through 22.

We're talking here about documented protocols that serve to guide individuals regarding the execution of relevant day-to-day activities. These protocols are critical to risk management. Their importance cannot be over-estimated. They pertain to all organizational levels and risk-related functions across the firm.

Policies and procedures generally address credit, market, and operations risks, as well as the reliability and
regularity of risk reporting. The standards detail these general themes:

• The firm’s documented risk policies which should be approved by the Governing Body (See the first post in this series about what constitutes a governing body. The policies assign responsibilities for risk oversight and define required controls related to such oversight.

• Risk policies should include the following risk controls: required risk analyses and reporting, specific limits to market and credit risk, authorization of counterparties and associated credit terms and limits, and monitoring of all transaction compliance issues.

• Risk procedures should require that the confirmation and timely capture of transaction information into a system for analyses, valuation, and risk reporting be defined and meet standards for independence and robustness.
  

• Policies and procedures should require that price information used must be validated and verified independently.
  

• A rich set of standards is provided to assure robust, insightful risk analyses and reporting.