Course Agenda

Agenda

Course Agenda - KRI

08:3009:00

Registration and refreshments

08:30 - 09:00

09:0010:30

Operational Risk Management trends and top risks: what's on the horizon?

09:00 - 10:30

  • Operational risk frameworks in the financial services
  • Framework complete and maturity: The ORM pyramid
  • Exposure and vulnerabilities
  • Rising operational risks and market trends
  • Top risks survey

Class discussion and experience sharing: rising risk in organisations

10:3011:00

Morning Break

10:30 - 11:00

11:0012:00

Actionable risk appetite

11:00 - 12:30

  • Industry guidance on risk appetite
  • Risk appetite, tolerance and limits
  • Structure of actionable risk appetite
  • Cascading risk appetite: RCSA & Indicators
  • Top-down and bottom-up approaches to risk appetite

Class discussion and exercises: Define a risk appetite statement for one or two of your top risks

12:0013:00

Lunch

12:00 - 13:00

13:0015:00

Preventive KRIs: A method

13:30 - 15:00

  • Selecting and designing KRI steps by step
  • Metrics of risk drivers
  • A typology of KRIs: Exposure, stress, casual and failure
  • KRI design and reporting

Group work: Delegates will have the opportunity to apply this method and share their findings with others in a guided exercise

15:0015:30

Afternoon Break

15:00 - 15:30

15:3017:00

Root cause analysis for KRI identification

15:30 - 17:00

  • Root cause analysis and lessons learn from large incidents
  • Cause of the cause: the benefits
  • Bow tie tool: tracking common failures and systematic patterns
  • Root cause and risk prevention

Group work: apply a bow-tie analysis to one of your incidents and share the lessons learnt

08:3009:00

Refreshments

08:30 - 09:00

09:0010:30

Process mapping and control design

09:00 - 10:30

  • Process mapping: Highlights risk and controls at every step
  • KCIs: Assessing controls: Their existence, their effectiveness 
  • Typology of controls
  • Typology of human error: the work of James Reason
  • Active and latent errors
  • Prevention by design

Group work: Delegates will work on process mapping of relevant activities and share results with the class

10:3011:00

Morning Break

10:30 - 11:00

11:0012:00

KRI for information security risks

11:00 - 12:30

  • Information security risk assessment method: case study
  • Key controls in information and cyber security 
  • KRIs for information security: exposure, failures and stress indicators
  • Reporting & Governance on KRI 
  • Reassess your current indicators and select appropriately 

12:0013:00

Lunch

12:00 - 13:00

13:0015:00

KRIs for project risk management & validation

13:30 - 15:00

  • Project management and risk management involvement
  • KRI for projects
  • Reporting on projects and changes
  • Testing KRIs: assess the validity of your indicators
  • Governance around risk indicators

Class discussion and benchmarking: KRI definition and governance in different institutions 

15:0015:30

Afternoon Break

15:00 - 15:30

15:3017:00

Indicators for conduct and risk culture

15:30 - 17:00

  • Conduct and Culture: metrics and behaviours
  • Case study of a conduct and culture change programme (2018)
  • Reporting on culture
  • Other influences than KPIs

Class discussion and benchmarking: People risk, risk culture and indicators