Course Agenda

Course Agenda

Course Agenda

08:3009:00

Registration and refreshments

08:30 - 09:00

09:0010:30

Governing, creating and implementing an op risk framework

09:00 - 10:30

  • Background – drivers of risk management, high levels of enforcement and fines
  • Designing effective op risk governance:
    • Common risk language
    • Risk management steering committees
    • Linkage to policy framework
    • Building blocks for information security risk
    • Roles and responsibilities across the board
  • Implementing a proper first, second and third LoD
  • Non-financial risk, enterprise risk & op risk – differences and similarities
  • Creating an integrated approach to op risk
  • Challenges and opportunities for op risk frameworks

10:3010:45

Break

10:30 - 10:45

10:4512:00

RCSA’s

10:45 - 12:00

  • What is a risk (including cause and effect) and what are controls?
  • Control environment
  • Characteristics of a good control
  • Objectives of a control
  • What is an RCSA, what is the purpose and added value?
  • What are important elements of the set-up and process flow regarding RCSAs?
  • How can the effective use of an RCSA within an integrated ORM framework look like?
  • How can an RCSA be maintained most effectively?
  • What are common pitfalls regarding RCSA’s?

12:0013:00

Lunch

12:00 - 13:00

13:0014:30

Risk Appetite

13:00 - 14:30

  • Definitions and governance
  • How do risk appetite frameworks differ across financial services (banks, asset managers, pension funds, insurers?)
  • Who should own the risk appetite? First or second LoD?
  • Statements on risk appetite
  • How can you utilise risk appetite to drive forward business strategy and decisions?
  • Key risks and controls in relation to key effectiveness testing

14:3014:45

Break

10:30 - 10:45

14:4516:15

Incident management perspective – loss events

14:45 - 16:15

  • Defining and implementing incident & loss management approaches and processes
  • Should we incorporate near misses?
  • Agile/scrum implementation of new incident systems
  • Regulatory loss event reporting to regulator
  • Internal vs. external loss events

08:3009:00

Refreshments

08:30 - 09:00

09:0010:30

Risk Culture

09:00 - 10:30

  • What does a good risk culture look like?
  • Risk culture framework
  • Understanding internal and external factors affecting risk cultures
  • Managing risk cultures: effective tools
  • Assessing risk culture
  • Risk culture change with an integrated approach

10:3010:45

Break

10:30 - 10:45

10:4512:00

KRI deep dive

10:45 - 12:00

  • The characteristics of a good KRI and preventative KRIs
  • Comparisons between KPIs and KRIs and reference to corporate strategy
  • KRI design
  • How can you leverage existing business processes?
  • Maximising op risk efficiency through revamped KRIs
  • KRI governance and reporting

12:0013:00

Lunch

12:00 - 13:00

13:0014:30

Cyber Risk Management

13:00 - 14:30

  • The relevance of cyber risk for operational risk management
  • Integrating IT security and op risk
  • Aligning operational risk management and cyber security processes
  • Utilising ‘penetration testing’ to assess cyber security
  • Data management and data security
  • What we can learn from cyber risk failures

14:3014:45

Break

10:30 - 10:45

14:4516:15

Operational Resilience

14:45 - 16:15

  • Operational resilience assessments
    • IT
    • 3rd party
    • Business continuity
  • Understanding the regulatory requirements and standards implemented
  • Determining impact tolerance
  • Response and recovery- testing analysis on operational resilience scenarios
  • Establishing appropriate communication and contingency plans
  • The importance a holistic approach to operational resilience

16:1523:59

End of course

16:15 - 23:59