Agenda

Course Programme

Course Agenda

Agenda timing is in BST
----------------------------------------------------
Session one - 2pm BST/ 9am EDT
Session two - 3.15pm BST/ 10.15am EDT
End - 4.15pm BST/ 11.15am EDT
----------------------------------------------------

14:0015:00

Risk Identification Tools and Emerging Risks

14:00 - 15:57

  • Tools and techniques for risk identification
  • Exposures and vulnerabilities
  • The risk wheel
  • Value drivers and reverse stress testing
  • Risk register: a list
  • Risk connectivity: network of risks
  • World economic forum: risk map
  • Emerging risks
  • Class excerise: Identify the network of your top risks

15:0015:15

Break

15:00 - 15:30

15:1516:15

Root causes analysis - the bow-tie

15:15 - 16:15

  • Root cause analysis: tools and methods
  • Benefits of root cause analysis: tracking the common failures and systemic patterns
  • Treating causes over symptoms
  • Bow-tie: an effective tool to define preventive, corrective controls and leading KRIs
  • Risk likelihood and expected impact
  • Class exercise: apply the bow-tie to one of your incidents and share the lessons learnt

14:0015:00

Implementing ORM: The invisible framework

14:00 - 15:00

  • Governance of operational risk
  • 1st line and 2nd line : the partnership model
  • Use and reuse: the invisible framework
  • Business value of ORM
  • Workshop: build a business case for risk management

15:0015:15

Break

15:00 - 15:30

15:1516:15

Information security assessment and essentials of cyber protection

15:15 - 16:15

  • Information security risk management framework
  • Typology of information security risk
  • Information assets inventory
  • Risk assessments
  • Control layering and key controls for information security risks  
  • Scenarios and quantification

14:0015:00

Internal Controls: Human Error and Control Design

14:00 - 15:00

  • Slips and mistakes: typology and causes of human errors (J Reason)
  • HRA: human reliability analysis and other methods
  • Understand and treat the causes of human error
  • Effective or illusory controls
  • Prevention by design
  • Group work: Share your experience of the best and worst controls

15:0015:15

Break

15:00 - 15:30

15:1516:15

Risk reporting, conduct reporting and benchmarking your practices

15:15 - 16:15

  • Modern issues on events and risk reporting; the regulator’s view
  • Analysing operational risk data: get insight, tell a story
  • Management information: the reporting cake
  • Aggregate and escalate risk information: your options
  • Conduct reporting: themes and details
  • Highlights of best practice, group discussion and sharing of experiences
  • Interactive maturity criteria for your ORM framework and use test, plus a priority list for starter firms

14:0015:00

Resilience, reputation and operational risk management for projects

14:00 - 15:00

  • Regulatory highlights on operational resilience and the connections with an effective reputational risk management framework
  • ORM policy for project management
  • Project rating criteria
  • Causes of project failure
  • Essentials of project risk management
  • Collaborations and benefits

15:0015:15

Break

15:00 - 15:30

15:1516:15

Implementing the Desired Risk Culture: a method

15:15 - 16:15

  • Defining risk culture
  • Acting on behaviours: the influencer
  • Necessary conditions: willingness and ability
  • Risk culture: DESIRE steps – define, inspire, support, enable, reinforce, evaluate
  • Assessing the risk culture
  • Group work: plan your own culture change
  • Wrap up: what have you learnt and how will you apply it