Operational Risk Management and Resilience Course
Management and Leadership
Select Other "city & date"
Operational Risk Management and Resilience Course
Introduction:
This course aims to help participants learn how to enhance the operational risk management and resilience capabilities of their organizations. In particular, we focus on how the recent COVID-19 disaster made plain the strategic weaknesses of most organizations insofar as withstanding and responding to surprises.
While the Covid pandemic was, by most accounts, unpredictable, the responses to it varied—often becoming the determining factor in whether an organization survived.
Operational Risk Management & Resilience Course addresses these concerns by making operational risk management a strategic, forward-looking undertaking that aims to constantly position and reposition the organization in light of changing internal and external challenges. This approach breeds resilience.
Course Objectives:
At the end of the Operational Risk Management & Resilience Training Course, participants will know about:
- Identification of emerging risks
- Risk networks rather than risk registers
- Key elements of counter-terrorism measures and physical security
- Implementing ORM: the invisible framework
- Must-know about cyber security and threats
- How to differentiate and address human errors
- How to use root cause analysis most effectively
- Influencing behaviors for better control
- All best practices in operational risk management for financial companies
- Risk Reporting and Conduct reporting
- Building a framework for risk culture change
- Leading KRIs framework for identification and design
- Scenario analysis and assessment
Who Should Attend?
Operational Risk Management & Resilience Training course, is ideal for:
- Heads of Operational Risk
- Enterprise Risk Managers
- Operational Risk Managers
- Operations Managers
- Internal Auditors
- HR officers
- Compliance officers
- Consultants
- Regulators
Course Outlines:
Defining Modern Operational Risk
- “Classic” notions and definitions
- Modern understanding within COSO and ISO
- Post-COVID demands on Operational Risk Management (ORM)
- Surveys and feedback
- What we can learn from business continuity
- Defining resilience
- Roadmap for the course
Creating a post-COVID, ORM framework:
- Investigating COSO ERM
- Risk management must be practically related to performance and KPI management
- Risk management involves new definitions, concepts and psychological notions
- Risk management must be closely involved with strategy setting and execution
- Risk management is not back-office and reactionary, but board-lead, head-office and forward-looking
Technical Aspects: Data
- Creating an infrastructure for analyzing and managing operational threats:
- Defining operational events
- Managing data:
- Centralized management of data and loss events
- Decentralized Management of data and loss events
- Mixture systems
- Database development
- Distinguishing between Loss databases and Event databases
- Capturing Direct Losses
- Indirect losses
- Timing issues
- Key Risk Indicators (KRIs) and Business environment and internal control factors (BEICFs)
- Technical issues (if time permits)
- Loss data collection thresholds
- Potential fixes to reporting bias
Technical Aspects: Building in Business Continuity
- Borrowing techniques from Business Continuity Management
- Identifying impacts resulting from disruptions and disaster scenarios
- Specifying techniques to quantify impacts
- Establishing “criticality” and critical functions
- Assessing impacts over time
- Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
- Maximum tolerable outage (MTO)
- Identifying interdependencies
Technical Aspects: Creating Resilience
- Develop routines, simple rules and improvisations
- Analyze which tools you need to get different work done (or different critical functions up and running)
- Question assumptions behind routines
- Practice doing more with less
- Deepen knowledge of how work fits in with whole strategy
- Investing building expertise
- Identify priorities
- Learn to give up control
Qualitative and Structural Aspects: Governance
- Creating the board-led, governance structure
- Chief Risk Officer and ORM head
- Risk champions and risk analysts
- 3 Lines and 4 Lines of Defense models
- Defining roles for Board, Risk management, Management Team, Audit and Compliance
Qualitative and Structural Aspects: Risk Culture
- Current risk culture must be re-examined
- Defining “risk culture”
- Importance in ORM
- FSB Indicators of risk culture strength
- Typical psychological factors in risk culture weakness: biases
Putting everything together
Basel Checklist:
- Risk culture
- Operational Risk Management Framework
- Board of directors: implementation of operational risk management
- Board of directors: risk appetite
- Senior management
- Identification and assessment of operational risks
- Change management
- Monitoring and reporting
- Control and mitigation
- ICT
- Business continuity
- Disclosure