Advanced Operational Risk Management

  • Level: Advanced
  • 14 CPE Credits
  • Group-Live
  • Prerequisite: none
  • US $1,995
  • Group discounts available


Ariane Chapelle, PhD    Read bio

course description

From risk environment to risk culture, the course covers in breadth and depth the most topical elements of operational risk management and its challenges for the financial services industry.

Taught by a world leading expert in the field, this course is a must-have for all operational risk practitioners eager to advance their practice in operational risk management, using the best tools and the most recent reflection and practice in the sector. Leading tools in root cause analysis techniques for identifying emerging risks, key controls in cyber security and methods for defining and influencing good risk culture will be shared and practiced during this advanced workshop.

Delegates will leave the course equipped with a new network of practitioners, a wealth of content, additional references and readings, and an open line for further questions with the trainer, Ariane Chapelle.

Key Objectives and Learning Outcomes

After the course, participants will know about:

  • Identification of emerging risks
  • Risk networks rather than risk registers
  • Key elements of counter-terrorism measures and physical security
  • Implementing ORM: the invisible framework
  • Must-know about cyber security and threats
  • How to differentiate and address human errors
  • How to use root cause analysis most effectively
  • Influencing behaviours for better control
  • All best practices in operational risk management for financial companies
  • Risk Reporting and Conduct reporting
  • Builing a framework for risk culture change

Who Should Attend

  • Heads of Operational Risk
  • Entreprise Risk Managers
  • Operational Risk Managers
  • Operations Managers
  • Internal Auditors
  • HR officers
  • Compliance officers
  • Consultants
  • Regulators

 Course outline

Day One: Emerging risks and the invisible framework

Session 1: Risk identification tools and emerging risks

  • Tools and techniques for risk identification
    • Exposures and Vulnerabilities
    • The Risk Wheel
    • Value drivers and reverse stress testing
  • Risk register: a list
  • Risk connectivity: network of risks
  • World economic forum: risk map
  • Emerging risks 
  • Class Exercise: identify the network of your top risks and class feedback

Session 2: Implementing ORM: the invisible framework

  • Governance of Operational Risk
  • 1st line and 2nd line: The partnership model
  • Use and reuse: The Invisible Framework
  • Business value of ORM
  • Workshop: build a business case for risk management

Session 3: Root causes analysis – the bow-tie

  • Root cause analysis: tool and method
  • Benefits of root cause analysis: tracking the common failures and systematic patterns
  • Treating causes over symptoms
  • Bow-tie: a most effective tool to define
    • Preventive and corrective controls
    • Leading KRIs
    • Risk likelihood and expected impact
  • Exercise: apply the bow-tie to one of your incident; share the lessons learnt

Session 4: Reorganisation risk and project management

  • Risk due to changes and reorganisations
  • The trap of cost-cutting
  • Invisible opportunity costs
  • Essentials of project risk management
  • Class debate and sharing of best practice

Day two: Behaviours and Controls

Session 1: Internal Controls: Human Error and Control Design

  • Slips and mistakes: Typology and causes of human errors (J. Reason)
  • HRA: Human Reliability Analysis and other methods
  • Understand and treat the causes of human error
  • Effective or Illusory controls
  • Prevention by Design
  • Group work: best and worst controls in the business: sharing of experience

Session 2: Cyber threats and information security

  • Cyber threat landscape
  • An old emerging risks
  • Key controls in cyber security
  • Physical and behavioural measures
  • Priorities in prevention
  • Lessons learnt from some incidents
  • Q&A, benchmarking and exchange

Session 3: Risk reporting and Conduct reporting

  • Modern issues on events and risk reporting: the regulator’s view
  • Analysing operational risk data: get insight, tell a story
  • Management information: the “reporting cake”
  • Aggregate and escalate risk information: your options
  • Conduct reporting: themes and details
  • Highlights of best practice, Group discussion and sharing of experience

Session 4: Implementing the Desired Risk Culture: a method

  • Defining Risk Culture
  • Acting on behaviours: the Influencer
  • Necessary conditions: willingness and ability
  • Risk Culture: DESIRE steps: Define – Inspire – Support – Enable – Reinforce - Evaluate
  • Assessing the risk culture
  • Group work: Plan your own culture change  


  • What have you learnt?
  • What will you remember?
  • What will you apply?

In-house instruction is available.  Contact us to inquire.

join mailing list

Name *