Best Practice in Operational Risk Management

Monday, December 2nd

Operational Risk Framework, Risk Assessment and KRIs

09.00 - 12.15

Session 1: Operational Risk Framework and Governance

  • Operational Risk trends and emerging risks
  • Governance of Operational Risk: roles and responsibilities
  • 1st line and 2d line: The Partnership Model
  • Business value of Operational Risk Management
  • Workshop and discussion: the business case for operational risk management

Session 2: Risk Identification & RCSA

  • Tools and techniques for risk identification
  • Risk register: a list
  • Risk connectivity: network of risks
  • Definition and rules for RCSAs
  • Tool: Impact / probability matrix: format and meaning
  • Usage and choice when defining RCSAs
  • Class Exercise: Apply an RCSA to your top risks

12.15 - 13.15 Lunch

13.15 - 17.00

Session 3: Root causes analysis and Control Design

  • Slips and mistakes: Typology and causes of human errors
  • Effective vs. Illusory controls
  • Root cause analysis: identifying patterns of failures
  • Bow-tie: a most effective tool to define
    • Preventive and corrective controls
    • Leading KRIs
    • Risk likelihood and expected impact
  • Prevention by Design
  • Exercise: apply the bow-tie to one of your incident; share the lessons learned

Session 4: Designing and Selecting Preventive Key Risk Indicators

  • KRI, KPI, KCIs: concepts, overlaps and examples
  • Essential features of preventive KRIs
  • Classifying KRIs: Environmental, Stress, Causal and Failure
  • KRI Design: Frequency - Trigger levels - Escalation criteria - Ownership - Data accuracy
  • Six steps to define and design preventive KRIs
  • Class Interaction: review your KRI list

Tuesday, December 3rd

Risk Appetite, Scenarios and Risk Culture

09.00 - 12.15

Session 5: Risk Appetite Definition, Statement and Communication

  • Industry guidance on Risk Appetite
  • Definition and Governance: Communicating Risk Appetite
  • Risk Appetite Statements: Features, Templates and Examples
  • Cascading and Monitoring Risk Appetite: RCSA and indicators
  • Class Exercise: express risk appetite, tolerance and limits for two of your top risks

Session 6: Scenario Analysis: Application to Cyber risk

  • Brainstorming and workshop techniques to identify scenario
  • Scenario assessment: structure and method to mitigate behavioural biases
  • Assessing rare events
  • Examples: scenarios assessment IT disruption, cyber-attacks and information security incidents
  • Class Exercise: Applied scenario structuring

12.15 - 13.15 Lunch

13.15 - 17.00

Session 7: Reporting and Escalation

  • The role of incident data collection
  • Data features: core losses and tail risks
  • Three golden rules of reporting
  • Management information: the "reporting cake"
  • Class interaction: best practice and sharing of experience

Session 8: Risk Culture and Conduct

  • Defining Risk Culture
  • Key objectives, key behaviours
  • Case study: conduct metrics & culture change programme
  • Influencing behaviours: a framework

Evaluation and Termination of the Seminar

  Site Map    Privacy Policy and Cookies    Mobile Version    Follow us on LinkedIn