Operational Risk Management

Training Duration: 5 days- highly recommended for financial sector requiring BASEL II/III or Solvency II compliance

Training Delivery Method: On-site, instructor-led seminar

Prerequisites:

Experienced or inexperienced operational risk professionals and managers

What Problem Does This Training Help Solve?

Bank of International settlements (BIS) defines operational risk as something that arises from failure of people, processes, systems, and external events. Definition for Solvency II is very similar. While insurance companies organizations have robust credit risk, market risk, and liquidity risk processes in place, they are usually weak in operational risk management. Operational risk represents 15% to 25% of total risk an insurance company runs. This is comparable to actuarial risk. Operational risk losses can eat up 5% percent of premium received. While operational risk can not be eliminated, it can definitely be mitigated with sound and cost effective risk management practices. Recent news about loss of US$2.3 at UBS due to a rogue trader is an example of lack of operational risk management.

This seminar Provides training in operational risk assessment, management, risk mitigation, risk acceptance, risk management methodologies, modeling, stress testing, KRIs, KCIs, BASEL II, BASEL III, Solvency II and many other aspects of operational risk management. While most of the examples will be related to Basel II/III and Solvency II, basic principles can be applied to any industry (healthcare, utility, government).

There is not much literature about ORM. There are very few colleges offering ORM courses, one being St John;s University in New York City where Jay Ranade is professor of ORM.

Who Should Attend?

Professionals interested in learning about operational risk control objectives, controls, methodologies, and risk management from HR, IT, process management, business continuity, disaster recovery, and incident handling perspective. It is recommended for business unit managers, senior management, CRO’s office, ORM office, internal audit, IT management, and ORM consultants.

Course Material:

Content-rich manual/course handouts consisting of about 500 foils

 COURSE DESCRIPTION:

This course evaluates operational risk exposures relating to the organization’s governance, management, operations and information systems. More specifically, instructor will discuss in relation to: (a) Operational risk Governance (b) risk and control assessment (c) events and losses (d) key risk indicators.  Based on the results of the risk assessment, the student will be able to evaluate the adequacy and effectiveness of how risks are identified and managed and to assess other aspects such reporting, risk modeling, stress test, scenarios, business continuity, disaster recovery, insurance, internal audit, outsourcing risk, people risk, reputational risk, and strategic risk, communication of risk and control information within the organization in order to facilitate a good governance process.

Special emphasis will be paid to BASEL II/III and Solvency II capital requirements optimization for Operational Risk.

Instructor will try to keep the contents less mathematical so that they can be comprehended by the audience.

OBJECTIVES OF THE COURSE:

The objective of the course is to develop professionals with an in-depth understanding of the “Operational Risk Management” so that they will be able to provide necessary management skills regarding to provide assurance that :

  • ORM Internal controls are in place and are adequate to mitigate the risks,
  • Governance processes are effective and efficient, and
  • Organizational goals and objectives are met.

COURSE OUTLINE:

  • What is operational risk- old definition and new definition of BIS/BASEL II/III  and Solvency II
  •  Risk from people, failed processes, failed systems, and external events
  • Outside BASEL II- strategic risk, reputational risk, 95 other types of risks
  • Operations risk vs. operational risk
  • Business case- BASEL II capital requirements for OR
  • Reserves, capital, and insurance (risk transfer) based on L and I factors
  • ORM Framework– Governance, ORM policy, risk appetite, R&R for ORM
  • Setting up timeline for ORM – from project to a program
  • Risk and control assessment- risk owners and control owners
  • Events and losses- data collection, data reporting, external loss databases, near misses, classification
  • Indicators- KRIs, KCIs, thresholds, targets, dashboards, leading and lagging indicators, periodicity
  • Reporting- styles, know the audience, dashboard reporting
  • ORM modeling– distributions, correlations, internal and external data, confidence level, capital modeling, qualitative modeling
  • Eight business areas of BASEL II and seven types of ORM risks for each business type
  • Stress tests and scenarios analysis – practical scenarios, near death experience, Gaussian curve, Outside 3-standard deviations, Mandelbrot’s Chaos, black swan event, fat tail
  • Business continuity– process, applications, infrastructure, service delivery
  • Three lines of ORM defense– management, oversight, and audit
  • Auditing ORM
  • ORM from outsourcing processes
  • People risk
  • Reputational risk
  • System failure risk- IT DR
  • BASEL II and BASEL III considerations
  • Solvency II considerations
  • OR and ERM (COSO FW)
  • ORM, Dodd Frank, and FSOC’s OFR
  • ORM and systemic risk