Course Agenda

Agenda

Course Agenda

Day one                                                                                                                                                                                                                                                                                                                                 

            

8:30

            

Registration and refreshments

            

9:00

            
            

Risk Identification Tools and Emerging Risks        

  • Tools and techniques for risk identification
    • Exposures and Vulnerabilities
    • The Risk Wheel
    • Value drivers and reverse stress testing             
  • Risk register: a list             
  • Risk connectivity: network of risks
  • World economic forum: risk map
  • Emerging risks

Class Exercise: Identify the network of your top risks and class feedback            

            

10:30

            
            

Morning break

            
            

11:00

            
            

Root causes analysis - the bow-tie

  • Root cause analysis: tools and methods
  • Benefits of root cause analysis: tracking the common failures and systematic patterns
  • Treating causes over symptoms
  • Bow-tie: A most effective tool to define: preventive, corrective controls and leading KRIs
  • Risk likelihood and expected impact
  • Class exercise: Apply the bow-tie to one of your incidents; share the lessons learnt

    

            

12:30

            

Lunch

            

1:30

            
            

Implementing ORM: The invisible framework

  • Governance of operational risk
  • 1st line and 2nd line: The partnership model
  • Use and reuse: The invisible framework
  • Business value of ORM
  • Workshop: Build a business case for risk management
            

3:00

            
            

Afternoon break

            
            

3:30

            
            

Information security assessment and essentials of cyber protection

  • Cyber risk is voted top risk for the financial industry for three years in row. This session explains how the same risk management framework can be applied to cyber risk and, more generally, to information security risk assessement. Based on real case studies, it presents a taxonomy for information security risk, essentials of assessement and the key elements of mitigation of cyber and information risk.
  • Information security risk management framework
  • Typology of information security risk
  • Information assests inventory
  • Risk assessments
  • Control layering and key controls for information security risks
  • Scenarios and quantification
            

5:00

            
            

End of day one

            

Day two                                                                                                                                                                                                                                                                                                                                                                                            

            

8:30

            
            

Refreshments

            
            

9:00

            
            

Internal Controls: Human Error and Control Design

  • Slips and mistakes: Typology and causes of human errors (J.Reason)
  • HRA: Human Reliability Analysis and other methods
  • Understand and treat the causes of human error
  • Effective or Illusory controls
  • Prevention by design

Group work: Best and worst controls in the business: Sharing of experience            

            

10:30

            
            

Morning break

            
            

11:00

            
            

Risk Reporting and Conduct Reporting

  • Modern issues on events and risk reporting: the regulator's view
  • Analysing operational risk data: Get insight, tell a story
  • Management information: The "reporting cake"
  • Aggregate and escalate risk information: Your options
  • Conduct reporting: Themes and details

Highlights of best practice, group discussion and sharing of experience   

12.00

Benchmarking your practices

  • Interactive maturity criteria for your ORM framework and use test, plus a priority list for starter firms
            

12:30

            
            

Lunch

            
1.30 

Resilience and reputation

  • On the regulatory highlights on operational resilience, and the connections with an effective reputation risk management framework.
            

2:00

            
            

Operational risk management for projects  

  • Project and changes are common place in the financial industry. It is only recently that project risk is explictly included in the operational risk management scope. Yet, the coordination between the risk function and the project management teams are not always straight-forward. Based on practical succesful experiences, this session suggest framework and policy rules to assess and address operational risk on corporate projects.
  • ORM policy for project management
  • Project rating criteria
  • Causes of project failure
  • Essentials of project risk management
  • Collaborations and benefits
            

3:00

            
            

Afternoon break

            

3:30

            
            

Implementing the Desired Risk Culture: a method

  • Defining Risk Culture
  • Acting on behaviours: the Influencer
  • Necessary conditions: willingness and ability
  • Risk Culture: DESIRE steps: Define - Inspire - Support - Enable - Reinforce - Evaluate
  • Assessing the risk culture

Group work: Plan your own culture change

            4:30                         

Wrap-up

  • What have you learnt?
  • What will you remember?
  • What will you apply?
            
            

5:00

            
            

End of course