OM-8.1.4
In the context of this Chapter, 'independent' and 'independent review' have the following meanings. The review functions must be independent of the risk generating business lines or the process or system under review. An independent review would include the following components:
(a) Verification of the Framework is done on a periodic basis and would be typically performed by the bank's internal and/or external audit, but may involve other suitably qualified independent parties from external sources. Verification activities test the effectiveness of the overall Framework , consistent with policies approved by the board of directors, and also test validation processes to ensure that they are independent and implemented in a manner consistent with established bank policies; and
(b) Validation ensures that the quantification systems used by the bank are sufficiently robust and provide assurance of the integrity of inputs, assumptions, processes and outputs. Specifically the independent validation process should provide enhanced assurance that the risk management methodology results in an operational risk capital charge that credibly reflects the operational risk profile of the bank. In addition to the quantitative aspects of internal validation, the validation of data inputs, methodology and outputs of operational risk models is important to the overall process.
Added: October 2012