Operational Risk Management & Resilience

Course Info

Length: 1 Week

Type: In Classroom

Available Dates

Venue

  • Oct-14-2024

    Istanbul

  • Oct-14-2024

    Kuala Lumpur

  • Oct-21-2024

    Singapore

  • Oct-21-2024

    Paris

  • Oct-28-2024

    Barcelona

  • Oct-28-2024

    Dubai

  • Nov-04-2024

    London

  • Nov-04-2024

    Amsterdam

  • Nov-11-2024

    Istanbul

  • Nov-11-2024

    Kuala Lumpur

  • Nov-18-2024

    Paris

  • Nov-18-2024

    Singapore

  • Nov-25-2024

    Dubai

  • Nov-25-2024

    Barcelona

  • Dec-02-2024

    London

  • Dec-02-2024

    Amsterdam

  • Dec-09-2024

    Istanbul

  • Dec-09-2024

    Kuala Lumpur

  • Dec-16-2024

    Singapore

  • Dec-16-2024

    Paris

  • Dec-23-2024

    Barcelona

  • Dec-23-2024

    Amsterdam

  • Dec-30-2024

    Dubai

  • Dec-30-2024

    London

  • Jan-27-2025

    Dubai

Course Details

Course Outline

5 days course

Defining Modern Operational Risk
 
  • “Classic” notions and definitions
  • Modern understanding within COSO and ISO
  • Post-COVID demands on Operational Risk Management (ORM)
    • Surveys and feedback
  • What we can learn from business continuity
  • Defining resilience
  • Roadmap for the course



Creating a post-COVID, ORM framework:
 
  • Investigating COSO ERM
    • Risk management must be practically related to performance and KPI management
    • Risk management involves new definitions, concepts and psychological notions
    • Risk management must be closely involved with strategy setting and execution
    • Risk management is not back-office and reactionary, but board-lead, head-office and forward-looking

 

 
Technical Aspects: Data

 

  • Creating an infrastructure for analyzing and managing operational threats:
    • Defining operational events
    • Managing data:
      • Centralized management of data and loss events
      • Decentralized Management of data and loss events
      • Mixture systems
    • Database development
      • Distinguishing between Loss databases and Event databases
      • Capturing Direct Losses
      • Indirect losses
      • Timing issues
      • Key Risk Indicators (KRIs) and Business environment and internal control factors (BEICFs)
      • Technical issues (if time permits)
        • Loss data collection thresholds
        • Potential fixes to reporting bias
 

Technical Aspects: Building in Business Continuity

 

  • Borrowing techniques from Business Continuity Management
    • Identifying impacts resulting from disruptions and disaster scenarios
    • Specifying techniques to quantify impacts
    • Establishing “criticality” and critical functions
    • Assessing impacts over time
    • Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
    • Maximum tolerable outage (MTO)
    • Identifying interdependencies
 
Technical Aspects: Creating Resilience

 

  • Develop routines, simple rules and improvisations
  • Analyze which tools you need to get different work done (or different critical functions up and running)
  • Question assumptions behind routines
  • Practice doing more with less
  • Deepen knowledge of how work fits in with whole strategy
  • Investing building expertise
  • Identify priorities
  • Learn to give up control

 

Qualitative and Structural Aspects: Governance

 

  • Creating the board-led, governance structure
    • Chief Risk Officer and ORM head
    • Risk champions and risk analysts
    • 3 Lines and 4 Lines of Defence models
    • Defining roles for Board, Risk management, Management Team, Audit and Compliance


Qualitative and Structural Aspects: Risk Culture
 
  • Current risk culture must be re-examined
    • Defining “risk culture”
    • Importance in ORM
    • FSB Indicators of risk culture strength
    • Typical psychological factors in risk culture weakness: biases

 

Putting everything together
Basel Checklist:

 

  • Risk culture
  • Operational Risk Management Framework
  • Board of directors: implementation of operational risk management
  • Board of directors: risk appetite
  • Senior management
  • Identification and assessment of operational risks
  • Change management
  • Monitoring and reporting
  • Control and mitigation
  • ICT
  • Business continuity
  • Disclosure

Course Video