Operational Risk Management & Resilience

Course Info

Length: 1 Week

Type: Online

Available Dates


  • Mar-18-2024


  • Apr-15-2024


  • May-20-2024


  • June-17-2024


  • July-15-2024


  • Aug-19-2024


  • Sep-16-2024


  • Oct-21-2024


  • Nov-18-2024


  • Dec-16-2024


Course Details

Course Outline

5 days course

Defining Modern Operational Risk
  • “Classic” notions and definitions
  • Modern understanding within COSO and ISO
  • Post-COVID demands on Operational Risk Management (ORM)
    • Surveys and feedback
  • What we can learn from business continuity
  • Defining resilience
  • Roadmap for the course

Creating a post-COVID, ORM framework:
  • Investigating COSO ERM
    • Risk management must be practically related to performance and KPI management
    • Risk management involves new definitions, concepts and psychological notions
    • Risk management must be closely involved with strategy setting and execution
    • Risk management is not back-office and reactionary, but board-lead, head-office and forward-looking
Technical Aspects: Data


  • Creating an infrastructure for analyzing and managing operational threats:
    • Defining operational events
    • Managing data:
      • Centralized management of data and loss events
      • Decentralized Management of data and loss events
      • Mixture systems
    • Database development
      • Distinguishing between Loss databases and Event databases
      • Capturing Direct Losses
      • Indirect losses
      • Timing issues
      • Key Risk Indicators (KRIs) and Business environment and internal control factors (BEICFs)
      • Technical issues (if time permits)
        • Loss data collection thresholds
        • Potential fixes to reporting bias

Technical Aspects: Building in Business Continuity


  • Borrowing techniques from Business Continuity Management
    • Identifying impacts resulting from disruptions and disaster scenarios
    • Specifying techniques to quantify impacts
    • Establishing “criticality” and critical functions
    • Assessing impacts over time
    • Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
    • Maximum tolerable outage (MTO)
    • Identifying interdependencies
Technical Aspects: Creating Resilience


  • Develop routines, simple rules and improvisations
  • Analyze which tools you need to get different work done (or different critical functions up and running)
  • Question assumptions behind routines
  • Practice doing more with less
  • Deepen knowledge of how work fits in with whole strategy
  • Investing building expertise
  • Identify priorities
  • Learn to give up control
Qualitative and Structural Aspects: Governance


  • Creating the board-led, governance structure
    • Chief Risk Officer and ORM head
    • Risk champions and risk analysts
    • 3 Lines and 4 Lines of Defence models
    • Defining roles for Board, Risk management, Management Team, Audit and Compliance

Qualitative and Structural Aspects: Risk Culture
  • Current risk culture must be re-examined
    • Defining “risk culture”
    • Importance in ORM
    • FSB Indicators of risk culture strength
    • Typical psychological factors in risk culture weakness: biases
Putting everything together Basel Checklist:


  • Risk culture
  • Operational Risk Management Framework
  • Board of directors: implementation of operational risk management
  • Board of directors: risk appetite
  • Senior management
  • Identification and assessment of operational risks
  • Change management
  • Monitoring and reporting
  • Control and mitigation
  • ICT
  • Business continuity
  • Disclosure

Course Video