should establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures in its processes and systems (and, as appropriate, the systems and processes of third party suppliers, agents and others). In doing so a firm
should have regard to:
(1) the importance and complexity of processes and systems used in the end-to-end operating cycle for products and activities (for example, the level of integration of systems);
(2) controls that will help it to prevent system and process failures or identify them to permit prompt rectification (including pre-approval or reconciliation processes);
(3) whether the design and use of its processes and systems allow it to comply adequately with regulatory and other requirements;
(4) its arrangements for the continuity of operations in the event that a significant process or system becomes unavailable or is destroyed; and
(5) the importance of monitoring indicators of process or system risk (including reconciliation exceptions, compensation payments for client losses and documentation errors) and experience of operational losses and exposures.