COURSE AGENDA
Module 1: Understanding operational risk
- An overview of financial and non-financial risk
- What is operational risk?
- The boundaries with market and credit risk
- Key terms: the components and attributes of risk
- Defining the scope of operational risk
- Frequency vs. impact, expected vs. unexpected losses
Case study: differentiating and allocating risks (NAB FX trading)
Module 2: Operational risk event types and structures
- Risk, events and controls
- Operational risk categorisation, organisational modelling and frameworks
- Inherent and residual risks, causal and secondary risks
- Building a risk structure – risks, events and controls
- Creating risk statements
- Examples of risk, events and controls
- Exercise on building a risk model
Case study: operational risk types and events (Bank of Scotland record
keeping)
Module 3: Drivers for operational risk
- The regulatory and business drivers – making a business case
- The Basel II Accord
- The Basel II definition of Operational risk
- Basel III changes: Impact on operational risk management and future
directions
- Other regulations with operational risk implication
- Why do banks manage their operational risk?
- Discussion: the impact of cross-border regulation
Module 4: Internal and external loss data
- Types of losses – actual, near misses and predictive incidents
- Loss recording and internal loss data
- Gross loss vs. net loss
- The problems of loss data collection
- Use of external data
- The two types of external loss data
- Public
- and pooled data
- Making external data relevant to your organisation
Module 5: Risk-derived capital and operational risk measurement
- What is capital?
- Uses of capital and capital adequacy
- Regulatory and economic capital
- Operational risk measurement and OpVaR
- Basel II measurement approaches:
- the Basic Indicator,
- Standard
- Advanced Measurement Approaches
- The IMA, LDA and Scorecard methods
- Basic problems of the measurement approaches
Module 6: Mitigating operational risk
- What is operational risk mitigation?
- The objective of operational risk mitigation
- Mitigation techniques
- severity
- likelihood
- The mitigation process
- Inherent, residual and target risk levels
- The challenges of implementing effective controls
Case study: identifying appropriate mitigating techniques
Module 7: Operational risk management
- Risk governance
- Risk committees, the CRO and the risk advisory director
- The three lines of defence
- Operational risk management activities
- Identification, assessment, measurement, mitigation/control and monitoring
and reporting
- Building the operational risk framework
- Best ways to collect risk data
- Sound practices for the management and supervision of operational
risk
- Assess or measure?
- Defining your risk appetite
- Getting commitment from all parties
Case study – the HBOS risk management whistle blowing incident
Module 8: Monitoring, event management and reporting
- Monitoring operational risk
- Event management
- Event reporting and monitoring
- Progress monitoring and closing events
- Reporting process – how to build reports
Case study: assessing and reporting the root cause of an event
Module 9: Key risk indicators
- What are KRIs?
- Types of KRIs
- The role and structure of effective KRIs
- Developing and designing key risk indicators
- Implementing and evaluating KRIs
- Thresholds and reporting
- What are the true benefits of KRIs?
Case study: setting thresholds on KRI
Module 10: Risk and control self assessment
- What is a RCSA?
- What is the objective of risk and control self assessment?
- RCSA approaches
- Demonstration of the typical technique applied
- Review of the level of accuracy of data produced
- Consideration of the problems with risk and control self assessment
Case study: carrying out an RCSA
Module 11: Stress testing and scenario analysis
- What is stress testing?
- The topology and uses of stress testing
- What is scenario analysis
- Uses of scenario analysis
- Developing credible scenarios
- How does stress testing differ from scenario analysis
- What is a suitable stress test?
Case Study
Module 12: Risk frameworks
- COSO
- ISO 31000
- Comparing COSO and ISO 31000
- Other risk standards
- Governance codes
Module 13: Implementing an operational risk management facility
- Planning, business and programme considerations
- Project governance
- Strategic steps and scoping
- Analysis and design
- Choosing software products
- Implementation
- Cut-over and operational running
Module 14: Other key issues
- The role of insurance
- Supervision of operational risk
- Supervisory Review Process (SREP)
- Internal Capital Adequacy Assessment Process (ICAAP)
- Basel operational risk disclosure
- Outsourcing and operational risk
- Business continuity management and outsourcing
Module 15: Bringing it all together
- Regulation in practice
- The risk culture
- What are the problems of implementing operational risk?
- The regulators view
- The future – where next?
- Summary
END
|
