Enterprise Risk Management (Financial Sector Focus)

Training Duration: 5 days- highly recommended for financial sector requiring BASEL II/III or Solvency II compliance

Training Delivery Method: On-site, instructor-led seminar


Experienced or inexperienced CROs, IT Risk Managers, ORMs, risk managers, compliance officers

What Problem Does This Training Help Solve?

Bank of International settlements (BIS) defines enterprise risk as something that arises from failure of people, processes, systems, and external events. Definition for Solvency II is very similar. While insurance companies organizations have robust credit risk, market risk, and liquidity risk processes in place, they are usually weak in enterprise risk management. Operational risk represents 15% to 25% of total risk an insurance company runs. This is comparable to actuarial risk. Operational risk losses can eat up 5% percent of premium received. While operational risk can not be eliminated, it can definitely be mitigated with sound and cost effective risk management practices. Recent news about loss of US$2.3 at UBS due to a rogue trader is an example of lack of operational risk management.

This seminar Provides training in enterprise risk assessment, management, risk mitigation, risk acceptance, risk management methodologies, modeling, stress testing, KRIs, KCIs, BASEL II, BASEL III, Solvency II and many other aspects of enterprise risk management. While most of the examples will be related to Basel II/III and Solvency II, basic principles can be applied to any industry (healthcare, utility, government).

There is not much literature about ERM. There are very few colleges offering ORM courses, one being St John;s University in New York City where Jay Ranade is professor of ERM/ORM.

Who Should Attend?

Professionals interested in learning about enterprise risk control objectives, controls, methodologies, and risk management from HR, IT, process management, business continuity, disaster recovery, and incident handling perspective. It is recommended for business unit managers, senior management, CRO’s office, ORM office, internal audit, IT management, and ERM consultants.

Course Material:

Content-rich manual/course handouts consisting of about 860 foils 


This course evaluates enterprise risk exposures relating to the organization’s governance, management, operations and information systems. More specifically, instructor will discuss in relation to: (a) Enterprise risk Governance (b) risk and control assessment (c) events and losses (d) key risk indicators.  Based on the results of the risk assessment, the student will be able to evaluate the adequacy and effectiveness of how risks are identified and managed and to assess other aspects such reporting, risk modeling, stress test, scenarios, business continuity, disaster recovery, insurance, internal audit, outsourcing risk, people risk, reputational risk, and strategic risk, communication of risk and control information within the organization in order to facilitate a good governance process.

Special emphasis will be paid to BASEL II/III and Solvency II capital requirements optimization for Enterprise Risk.

Instructor will try to keep the contents less mathematical so that they can be comprehended by the audience.


The objective of the course is to develop professionals with an in-depth understanding of the “Enterprise Risk Management” so that they will be able to provide necessary management skills regarding to provide assurance that :

  • ERM Internal controls are in place and are adequate to mitigate the risks,
  • Governance processes are effective and efficient, and
  • Organizational goals and objectives are met.


  • What is enterprise risk- old definition and new definition of BIS/BASEL II/III  and Solvency II
  •  Risk from people, failed processes, failed systems, and external events
  • Outside BASEL II- strategic risk, reputational risk, 95 other types of risks
  • Operations risk vs. operational risk
  • Business case- BASEL II capital requirements for OR
  • Reserves, capital, and insurance (risk transfer) based on L and I factors
  • ERM Framework– Governance, ERM policy, risk appetite, R&R for ERM
  • Setting up timeline for ERM – from project to a program
  • Risk and control assessment- risk owners and control owners
  • Events and losses- data collection, data reporting, external loss databases, near misses, classification
  • Indicators- KRIs, KCIs, thresholds, targets, dashboards, leading and lagging indicators, periodicity
  • Reporting- styles, know the audience, dashboard reporting
  • ERM modeling– distributions, correlations, internal and external data, confidence level, capital modeling, qualitative modeling
  • Eight business areas of BASEL II and seven types of ORM risks for each business type
  • Stress tests and scenarios analysis – practical scenarios, near death experience, Gaussian curve, Outside 3-standard deviations, Mandelbrot’s Chaos, black swan event, fat tail
  • Business continuity– process, applications, infrastructure, service delivery
  • Three lines of ORM defense– management, oversight, and audit
  • Auditing ERM – IIA’s CRMA certification
  • OR/VRM from outsourcing processes
  • People risk
  • Reputational risk
  • System failure risk- IT DR
  • BASEL II and BASEL III considerations
  • Solvency II considerations
  • OR and ERM (COSO FW)
  • ORM, Dodd Frank, and FSOC’s OFR
  • ORM and systemic risk