Operational Risk Management Masterclass

Agenda Program
divider graphic
Prague, NH Hotel Prague
divider graphic

Key Objectives and Learning Outcomes

New framework for risk management
Taxonomy of risks, causes and impacts
Risk networks rather than risk registers
RCSA guidance and comparability
Assessing rare events in simple yet robust ways
Leading KRIs framework for identification and design
Operational risk management for projects
Building a framework for risk culture change
From risk framework to risk culture, from project risk to cyber risk, this course covers in breadth and depth the most topical elements of operational risk management these days and its challenges for the financial services industry.

Designed and delivered by a world leading expert in the field, the course is a must-have for all the operational risk practitioners wishing to benchmark their practice and a fantastic opportunity for newcomers to gain a comprehensive overview what modern operational risk managers need to know.

Who Should Attend
  • Heads of Operational Risk
  • Enterprise Risk Managers
  • Operational Risk Managers
  • Internal Auditors
  • Compliance officers
  • Consultants
  • Regulators
Each participant at this training course will receive a free copy of the book Operational Risk Management: Best Practices in the Financial Services Industry written by the course leader Dr. Ariane Chapelle, which was published at Wiley in late 2018.

Program of the seminar: Operational Risk Management Masterclass

The seminar timetable follows Central European Time (CET).

09.00 - 09.10 Welcome and Introduction

09.10 - 10.30 Session 1: Risk Identification Tools and Emerging Risks

  • Tools and techniques for risk identification
    • Exposures and Vulnerabilities
    • The Risk Wheel
    • Value drivers and reverse stress testing
  • Risk register: a list
  • Risk connectivity: network of risks
  • World economic forum: risk map
  • Emerging risks
  • Class Exercise: Identify the network of your top risks and class feedback

10:30 - 10:45 Coffee break

10:45 - 12:30 Session 2: Root Causes Analysis - The Bow-tie

  • Root cause analysis: tools and methods
  • Benefits of root cause analysis: tracking the common failures and systematic patterns
  • Treating causes over symptoms
  • Bow-tie: A most effective tool to define: preventive, corrective controls and leading KRIs
  • Risk likelihood and expected impact
  • Class exercise: Apply the bow-tie to one of your incidents; share the lessons learnt

12:30 - 13:30 Lunch

13:30 - 14:45 Session 3: Implementing ORM: The Invisible Framework

  • Governance of operational risk
  • 1st line and 2nd line: The partnership model
  • Use and reuse: The invisible framework
    • Leverage on existing practices for better risk management
    • Use the language of the business
    • Make ORM practicable and valuable
  • Business value of ORM
    • Workshop: Build a business case for risk management

14:45 - 15:00 Coffee break

15:00 - 17:00 Session 4: Information Security Assessment and Essentials of Cyber Protection

Cyber risk is voted top risk for the financial industry for three years in row. This session explains how the same risk management framework can be applied to cyber risk and, more generally, to information security risk assessment. Based on real case studies, it presents a taxonomy for information security risk, essentials of assessment and the key elements of mitigation of cyber and information risk:

  • Information security risk management framework
  • Typology of information security risk
  • Information assets inventory
  • Risk assessments
  • Control layering and key controls for information security risks
  • Scenarios and quantification

09:00 - 10:30 Session 5: Internal Controls: Human Error and Control Design

  • Slips and mistakes: Typology and causes of human errors (J.Reason)
  • HRA: Human Reliability Analysis and other methods
  • Understand and treat the causes of human error
  • Effective or Illusory controls
  • Prevention by design
  • Group work: Best and worst controls in the business: Sharing of experience

10:30 - 10:45 Coffee break

10:45 - 12:30 Session 6: Risk Reporting

  • Modern issues on events and risk reporting: the regulator's view
  • Analysing operational risk data: Get insight, tell a story
  • Management information: The "reporting cake"
  • Aggregate and escalate risk information: Your options
  • Conduct reporting: Themes and details
  • Highlights of best practice, group discussion and sharing of experience

12:30 - 13:30 Lunch

13:30 - 15:00 Session 7: Operational Risk Management for Projects

Project and changes are common place in the financial industry. It is only recently that project risk is explicitly included in the operational risk management scope. Yet, the coordination between the risk function and the project management teams are not always straight-forward. Based on practical successful experiences, this session suggest framework and policy rules to assess and address operational risk on corporate projects.

  • ORM policy for project management
  • Project rating criteria
  • Causes of project failure
  • Essentials of project risk management
  • Collaborations and benefits

15:00 - 15:15 Coffee break

15:15 - 16:30 Session 8: Implementing the Desired Risk Culture: a method

  • Defining Risk Culture
  • Acting on behaviours: the Influencer
  • Necessary conditions: willingness and ability
  • Risk Culture: DESIRE steps: Define - Inspire - Support - Enable - Reinforce - Evaluate
  • Assessing the risk culture
  • Group work: Plan your own culture change

16:30 - 17:00 Wrap-up

  • What have you learnt?
  • What will you remember?
  • What will you apply?

Training catalogue in PDF
arrow-up icon