Best Practice in Operational Risk Management

  • Jan 16-17, 2018
  • New York City
    Club Quarters Wall Street, 52 William Street
  • Level: Basic to Intermediate
  • 14 CPE Credits
  • Group-Live
  • Prerequisite: none
  • US $1,995
  • Group discounts available


Ariane Chapelle, PhD    Read bio

course description

From regulation to risk culture, this interactive training workshop covers in breadth and depth all aspects of operational risk management and its challenges in the financial services industry. Hot topics such as, preventive KRIs, risk culture, demonstrating business value of risk management, and the formulation of a risk appetite statement will be explained and debated.

Taught by a leading expert in the field, the course is a must-have for all the operational risk practitioners wishing to upscale their practice and confront new ideas. It is a tremendous opportunity for beginnners as well to gain a comprehensive overview of what operational risk managers need to know.

Delegates will end the course equipped with a new network of practitioners, a wealth of content, additional references and readings, and an open line for further questions with the trainer, Ariane Chapelle.

Key Objectives and Learning Outcomes

After the course, participants will know about:

  • Best practices in operational risk management for financial companies
  • Highlights of key regulatory expectations
  • Effective tools to learn from past incidents
  • Sound methodologies for scenario analysis and risk assessment
  • Typology and steps to identify and design leading  KRIs
  • Root cause analysis and control design
  • Typology and essential controls for human error
  • Writing risk appetite and tolerance statement
  • Influencing risk culture

Why you should attend

Professionals of the sector will find here an opportunity to benchmark themselves to the best and most recent industry practices and debates, and learn about and apply the most effective tools and methods for risk management, some of them being inspired from top practices in other industries.

Numerous practice sessions and group work will give to all the chance to test the methods suggested, meet and work with colleagues from various financial organisations and benefit from networking and experience sharing.

 Who Should Attend

  • Heads of Operational Risk
  • Enterprise Risk Managers
  • Operational Risk Managers
  • Operations Managers
  • Internal Auditors
  • HR officers
  • Compliance officers
  • Consultants
  • Regulators

Course outline

Day One: 
Risk Governance, Regulation, Identification and Reporting

Session 1: Operational Risk Governance and Regulation

  • Operational Risk Definition and Characteristics
  • Some risk frameworks: ISO, COSO, large banks and insurance companies
  • Basel II and III for Operational Risk
  • Revised TSA and AMA revision expectations
  • Operational Risk at a crossroad: The regulator’s view
  • Three lines of defense and three levels of Operational Risk Management: Strategic, Tactical, Dynamic
  • The role of the CEO
  • Make the risk committees effective
  • The ORM pyramid: Which level are you at?
  • Group work: the ORM pyramid: Define and discuss the maturity level of your ORM

Session 2: Risk Identification

  • Tools and techniques for risk identification
    • Exposures and Vulnerabilities
    • The Risk Wheel
    • Value drivers and reverse stress testing
  • Risk register: a list
  • Risk connectivity: network of risks
  • Class Exercise: identify your top risks and class feedback

Session 3: Root causes analysis and Control Design

  • Slips and mistakes: Typology and causes of human errors
  • Understand and treat the causes of human error
  • Effective vs. Illusory controls
  • Root cause analysis: method and benefits
  • Tracking the common failures and systematic patterns
  • Bow-tie: a most effective tool to define
    •   Preventive and corrective controls
    •   Leading KRIs
    •   Risk likelihood and expected impact
    •   Prevention by Design
  • Exercise: apply the bow-tie to one of your incident; share the lessons learned

Session 4: Incident data collection and management reporting

  • Modern issues on loss data: the regulator’s view
  • Data features: core losses and tail risks
  • Analyzing operational loss data: seek for insight
  • Risk reporting: find the angle
  • Management information: the “reporting cake”
  • Highlights of best practice, Group discussion and sharing of experience

Day two: RCSA, Risk Appetite, KRI's and Risk Culture

Session 1: Risk and Control Self Assessments

  • Definition and rules for RCSAs
  • Tool: Impact / probability matrix: shapes and forms, definitions
  • Usage and choice when defining RCSAs: extreme cases or median cases, distribution or single points, inherent or residual risk, likelihood or frequencies
  • Risk rating: when and how.
  • Scenario analysis: RCSA on steroids
  • Exercise: Highlight and assess your top risks before and after controls

 Session 2: Risk Appetite Definition, Statement and Communication

  • Industry guidance on Risk Appetite
  • Definition and Governance: Communicating Risk Appetite
  • Risk Appetite Statements: Features, Templates and Examples
  • Formulating risk appetite: capital and other benchmarks
  • Cascading and Monitoring Risk Appetite: indicators and dashboards
  • Class Exercise: write risk appetite and tolerance statements for two of your top risks

Session 3: Designing and Selecting Preventive Key Risk Indicators

  • KRI, KPI, KCIs: Concepts,overlaps and examples
  • Essential features of preventive KRIs
  • KRI Typology: four categories of preventive KRIs
  • KRI Design: Frequency - Trigger levels - Escalation criteria – Ownership - Data accuracy
  • Six steps for preventive KRIs
  • Group work and class feedback: select and design KRIs for a segment of their own activity, using a step by step methodology and guided by the trainer.

Session 4: Implementing the Desired Risk Culture: a method

  • Defining Risk Culture
  • Acting on behaviors: The Influencer
  • Necessary conditions: willingness and ability
  • Risk Culture: DESIRE steps: Define – Inspire – Support – Enable – Reinforce - Evaluate
  • Assessing the risk culture
  • Group work: Plan your own culture change


  • What have you learned?
  • What will you remember?
  • What will you apply?

In-house instruction is available.  Contact us to inquire.

join mailing list

Name *