Day One: Setting the Framework and Appetite
Session 1: Operational Risk Framework
Operational Risk Definition and Characteristics
Some risk frameworks: ISO, COSO, large banks and insurance companies
Three lines of defence and three levels of Operational Risk Management: Strategic, Tactical, Dynamic
SMA and regulatroy changes in Operational Risks
The ORM pyramid: which level are you at?
Group work: the ORM pyramid: define and discuss the maturity level of your ORM
Session 2: Risk Identification
Tools and techniques for risk identification
Exposures and Vulnerabilities
The Risk Wheel
Value drivers and reverse stress testing
Risk register: a list
Risk connectivity: network of risks
Class Exercise: identify your top risks and class feedback
Session 3: Actionable Risk Appetite
Industry guidance on Risk Appetite
Template for actionable Risk Appetite
Risk Appetite Statements: Features and Examples
Cascading Risk Appetite: RCSA & Indicators
Class discussion and exercises: Formulate risk appetite & tolerance statements for two of your top risks
Session 4: Risk and Control Self Assessments
Definition and rules for RCSAs
Tool: Impact / probability matrix: shapes and forms, definitions
Usage and choice when defining RCSAs: extreme cases or median cases, distribution or single points, inherent or residual risk, likelihood or frequencies
Risk rating: when and how.
Scenario analysis: RCSA on steroids
Exercise: Highlight and assess your top risks before and after controls
Day Two: Key Risks Indicators & Reporting
Session 1: Features and types of leading KRIs
Features of leading KRIs
KRI, KPI, KCI: definitions and uses.
A typology of Key Risks indicators
KRIs: metrics of risks drivers
Root cause analysis & identification of risk drivers
Case study: examples of KRIs and risk drivers per activity
Class Exercise: root cause analysis for KRI identification: the bow tie
Session 2: Root causes analysis and Control Design
Slips and mistakes: Typology and causes of human errors
Understand and treat the causes of human error
Effective vs. Illusory controls
Root cause analysis: method and benefits
Tracking the common failures and systematic patterns
Prevention by Design
Exercise: apply the bow-tie to one of your incident; share the lesssons learnt
Session 3: Design & Governance KRIs
KRI design: frequency, thresholds, reporting and discipline
Selective Preventive KRIs step by step
Building on previous results
Revisiting existing metrics
Upgrade your KRIs
Reporting on KRIs: aggregating colors?
KRI Governance
Group work: identify and design your own KRIs
Session 4: Incident data collection and risk reporting
Modern issues on loss data: the regulator’s view
Data features: core losses and tail risks
Golden rules of reporting
Management information: the “reporting cake”
Highlights of best practice, Group discussion and sharing of experience
Day three: Emerging Risks, Scenario Analysis and Risk Culture
Session 1: Operational Risk Drivers and Emerging Risks
Characteristics of Operational Risk
Drivers of Operational Risks
Emerging Risks
that we all know
that we don’t know
that we should know
Session 2: Scenario Analysis and Planning
Steps and governance of scenario analysis
Tackling behavioral biases in scenario assessment
Industry practices and lists of scenarios
Assessing probabilities of rare events
Acting on Scenario Analysis
Industry examples and sharing of experience
Session 3: Implementing the Desired Risk Culture: a method
Defining Risk Culture
Acting on behaviours: the Influencer
Necessary conditions: willingness and ability
Risk Culture: DESIRE steps: Define – Inspire – Support – Enable – Reinforce - Evaluate
Assessing the risk culture
Group work: Plan your own culture change
Session 4: Conclusion & Wrap-up
What have you learnt?
What will you remember?
What will you apply?
After the course, participants will know about:
Il n'y a pas encore de taux de satisfaction sur cette formation