Connecting Linkedin...

Banner Default Image

Operations Risk Management and Mitigation: From Assessment to Implementation DAY 1 - Online Course (Live Session)

pencil CPE: 14.5 hours CORE (both sessions)

calendar 18 May

clock 7.00pm until 4.00am

location Castille, Casa Leone, Floriana

Full programme and registration form available here 

Please note that this course will take place online as a live session maximizing interaction between the trainer and participants. To participate you will need a laptop, webcam, earphones with microphone and a wifi connection. The week prior to the commencement of the training we will send you all the necessary joining instructions.

Course Scope


In the past two decades Operations Risk Management has been increasingly pushed into the foreground by the work and the requirements of international standard setting bodies. Through various recommendations as well as specific covenants, operational risk management has become merely a compliance issue facing most corporations. 

Implementing an effective Operational Risk Management regimen is a complex process. At its core is an understanding of what Operations Risk is and how it can be best managed. All too often firms have seen the need to effectively manage their operational risks as simply an issue of complying with what the regulators require, rather than a disciplined process that serves to not only ensure a business’s survival but which can, in the long run, contribute to that business’s financial fortune.   

In this two day intensive course, we survey the full ambit of Operations Risk Management & Mitigation – from assessment to implementation. During this course we set out a number of key actions which need to be taken by management in the short and medium term to be ready for implementation of a proper risk management program. It is intended to move the participants beyond the local and international compliance requirements for operations risk, and into an understanding of operations risk management and mitigation as a value added proposition, increasing the organization’s profitability and structural strength.


This course has been designed as a primer for executives and senior staff, specifically but not exclusively Board of Management, Risk Management Staff, Senior Managers, Heads of Units, Section Managers and Operations Managers to provide them with a comprehensive introduction to operations risk management, its purpose and structure, standards and implementation issues. 

By the end of the training, participants will:

  • Have a clear understanding of operations risk management & mitigation, and how to use this knowledge to manage their own functions more effectively.
  • Have a clear understanding of the all the critical risk issues and how these are identified and managed. 
  • Have a comprehensive understanding of the implementation process.
  • Be able to use a structured approach to Risk Management.


This training course uses a combination of theory, examples, and case studies. Most importantly it will offer participants, opportunities to plan such work within small working groups, providing practice in the application of the techniques and tools generating active participation. Case study materials as well as lecture presentations set out the key issues in developing good operational risk management in a host of different types of business operations.

Course Outline

The course define operational risk general theory and. As the operations of a corporation are far from homogeneous, the methodology and measurements of the various (and sometimes competing) departments and divisions must be tailored accordingly. 

Specific topics are also examined in the form of five specific case studies drawn from a diverse range of business and operational scenarios. These case studies provide practical examples in a diversity of operations areas. The critical issues in operational risk revolve around security concerns, controls, secure operations and the key risk areas (reputation, strategic, credit, liquidity, legal & operations).

While different areas have different business functions and requirements, they do share some common operational risks that need addressing. The solution may not be the same across all corporations and businesses, but their initial examination and mapping usually is.

Day 1

Introducing Operational Risk

  • The big picture

Dimensions & Drivers of Risk Management

  • What is risk?
  • Dimension & drivers of risk management
  • Business drivers
  • Regulatory drivers
  • Rating Agencies & risk
  • Cross-border implications

Risk Types

  • How we categorize risks
  • What risks are covered
  • Risk categories

Operational Risk Management Standards

  • Enterprise Risk Management
  • COSO
  • COSO Internal Control
  • Comparing COSO IC to COSO ERM
  • ISO 31000
  • Evolution of Risk Management in the U.S.
  • ISO 31000 Principles, Framework & Processes
  • Comparing COSO to ISO 31000

Managing Operational Risk: A Practical Guide

  • Implementation issues
  • Governance process
  • Risk objective setting
  • Building a Risk Culture.
  • Why are Risk Cultures Important?
  • Attributes of a risk management culture

Operational Risks – Practical Examples

  • ERM
  • Operational risk – some case studies

Key Elements in Managing Operational Risk

  • Managing Operational Risk
  • Risk analysis
  • Risk appetite
  • Identify risk responses
  • Impact and  Probability
  • Risk frequency and Frequency

Methods and Models

  • Loss modelling methods
  • Monte Carlo Simulations
  • Quantitative Vs. Qualitative
  • Key Risk Indicators (KRIs)
  • The Business Cycle and Operational Risk
  • Problems in Identifying Operational Risks

The Black Swan

  • What is a Black Swan?
  • Rare Events
  • Some Recent High Impact Events


  • Understanding your Risks, Goals and Priorities
  • Prioritizing Risk Based on Probability & Impact
  • Establish Responsibilities for Risk Management
  • Responsibilities for Executing Risk Management & Governance
  • Mapping Risk Strategies to Categories of Control
  • Designing & Documenting Specific Controls 
  • Implementing controls

What are the Operational Risks? 

  • We explore a list of seven separate categories of operational risks.

Managing Operational Risk - Tools & Techniques

  • The math of operational risk
  • Causes & Consequences
  • Bow Tie Diagrams

Day 2

Methods for Assessing Operational Risks 

  • Loss Data Collection
  • Scenario Analysis
  • Tabletop / Desktop Exercises 

A Risk Assessment Model 

  • Environmental Survey
  • Technology Inventory
  • Identifying & Assessing the Operational Risk
  • Illustrative Operational Risk Management Plan
  • Minimum Control Requirements
  • Risk Identification Tools 

Operational Risk - Case Studies in Assessing & Managing Operational Risk in Specific Industries:     

This section of the course provides a detailed picture of what today’s operational risk is all about within the context of the real world. To do this we take a closer look at the world of operations and operations management across a wide range of human activity and industries. Scenario planning is a key tool in the assessment and mitigation of operational risks and we develop a theme touched on in day two that uses this mechanism to determine the severity of a specific operational risk on specific operational activities. We complete this final day of this course with an extensive range of actual case studies, showing how a wide range of firms/organizations in many diverse areas actually see and mitigate their own operational risks, employing the principals that we have covered in the course. Each example illustrates a different industry/ organization and differentoperational activities – yet all are managed through the same basic risk identification, assessment and mitigation structure.

Five case studies are presented:

  • Banking - Kweku Adoboli - From 'rising star' to rogue trader. Banks are complex processing factories that in addition to the normal Operational Risks face their own unique set of Operational Issues. We also look briefly at some other cases and explore the psychology of the rogue trader.
  • Financial services – The Case of Bernard Madoff, The financial meltdown in 2007/8 brought other problems in its wake. As investors tried to liquidate investments to access their cash the largest Ponzi finances scam in history was revealed. Apart from a long running fraud and a total failure for internal control at Madoff Securities there was this also prima facie evidence of a regulatory failure on a grand scale.
  • Airline Industry – Comair Flight 5191. The average airline is a highly complex organization that forms a blend of sophisticated business operations on a global scale together with huge technical and logistics issues. This case study looks at a specific operational risk failure and its consequences. 
  • Siemens – Corruption on a Grand Scale. Siemens AG is a German conglomerate company headquartered in Berlin and Munich and the largest industrial manufacturing company in Europe with dozens of branch offices abroad. In 2005 German authorities opened investigations into Siemens business practices worldwide, prompted by requests from prosecutors in Italy, Liechtenstein and Switzerland; US investigators joined in 2006. The investigators found that bribing officials to win contracts was standard operating procedure. The company paid around $1.3 billion in bribes in many countries and kept separate books to hide them.
  • Managing Operational Risk at the extreme – The US Navy. Operating under extreme conditions the US Navy has actively striven to reduce operational risk with a high rate of success. The results emanating from the measurement of this success rate are a powerful demonstration of the effective pursuit of Operational Risk Management.   

About the trainer - Richard Barr 

Richard Barr holds a B.S. in International Business Administration from San Jose State University in California. His professional experience spans over 30 years. The first 5 years were spent with Wells Fargo Bank. Another 5 were spent honing his global banking skills, when Richard was intimately involved with International Trade Finance, Real Time Gross Settlement and International Payments, Cross Border Banking. 

Richard then repositioned into the private and high-tech sectors providing high- level consulting services, business analysis, project management and training to a wide range of banking clientele across the globe. He has spent extensive time servicing a diversity of corporates and “financial institutional” clients, in China, Singapore, Hong Kong, Philippines, Korea, Malawi, Ghana, Nigeria, Kenya, South Africa, Poland, Sweden, Ireland, Netherlands, Greece, United Kingdom, Norway, Bermuda and across North America. Clients that Richard has trained & consulted to include with such notable firms as ANZ Bank, AIB Bank, Eurobank, ABSA Bank, CitiBank, Swedbank, IBM, Montran and Fundtech, as well as many others. 

Richard has also filled the role of advisor to ministries of finance, central banks on risk management, corporate governance, cash management, payment systems and technical payment and risk issues. Furthermore, key staff members from the Bank of England, South African Reserve Bank, Central Bank of Ireland, Bank Indonesia, European Central Bank, Norgesbank, Central Bank of Kenya, Central Bank of Tanzania, Bank of Portugal and others have attended training sessions presented by Richard.

Investing in Skills Scheme

Candidates may be eligible to claim part of the cost incurred under the Investing in Skills Scheme.  Click here for further information.  Applications forms must be received by the Investing in Skills Unit at least 21 calendar days before the start date of training.

A discounted price is available for students.  Booking is subject to availability and on presentation of a valid student card.

Tags: Risk Managment, Learning, Castille Institute, Risk