Operations Risk Management and Mitigation: From Assessment to Implementation DAY 2
8.00am until 5.00pm
Castille, Casa Leone, Floriana
In the past two decades Operations Risk Management has been increasingly pushed into the foreground by the work and the requirements of international standard setting bodies. Through various recommendations as well as specific covenants, operational risk management has become merely a compliance issue facing most corporations.
Implementing an effective Operational Risk Management regimen is a complex process. At its core is an understanding of what Operations Risk is and how it can be best managed. All too often firms have seen the need to effectively manage their operational risks as simply an issue of complying with what the regulators require, rather than a disciplined process that serves to not only ensure a business’s survival but which can, in the long run, contribute to that business’s financial fortune.
In this two day intensive course, we survey the full ambit of Operations Risk Management & Mitigation – from assessment to implementation. During this course we set out a number of key actions which need to be taken by management in the short and medium term to be ready for implementation of a proper risk management program. It is intended to move the participants beyond the local and international compliance requirements for operations risk, and into an understanding of operations risk management and mitigation as a value added proposition, increasing the organization’s profitability and structural strength.
This course has been designed as a primer for executives and senior staff, specifically but not exclusively Board of Management, Risk Management Staff, Senior Managers, Heads of Units, Section Managers and Operations Managers to provide them with a comprehensive introduction to operations risk management, its purpose and structure, standards and implementation issues.
By the end of the training, participants will:
- Have a clear understanding of operations risk management & mitigation, and how to use this knowledge to manage their own functions more effectively.
- Have a clear understanding of the all the critical risk issues and how these are identified and managed.
- Have a comprehensive understanding of the implementation process.
- Be able to use a structured approach to Risk Management.
This training course uses a combination of theory, examples, and case studies. Most importantly it will offer participants, opportunities to plan such work within small working groups, providing practice in the application of the techniques and tools generating active participation. Case study materials as well as lecture presentations set out the key issues in developing good operational risk management in a host of different types of business operations.
The course define operational risk general theory and. As the operations of a corporation are far from homogeneous, the methodology and measurements of the various (and sometimes competing) departments and divisions must be tailored accordingly.
Specific topics are also examined in the form of five specific case studies drawn from a diverse range of business and operational scenarios. These case studies provide practical examples in a diversity of operations areas. The critical issues in operational risk revolve around security concerns, controls, secure operations and the key risk areas (reputation, strategic, credit, liquidity, legal & operations).
While different areas have different business functions and requirements, they do share some common operational risks that need addressing. The solution may not be the same across all corporations and businesses, but their initial examination and mapping usually is.
Introducing Operational Risk
- The big picture
Dimensions & Drivers of Risk Management
- What is risk?
- Dimension & drivers of risk management
- Business drivers
- Regulatory drivers
- Rating Agencies & risk
- Cross-border implications
- How we categorize risks
- What risks are covered
- Risk categories
Operational Risk Management Standards
- Enterprise Risk Management
- COSO Internal Control
- Comparing COSO IC to COSO ERM
- ISO 31000
- Evolution of Risk Management in the U.S.
- ISO 31000 Principles, Framework & Processes
- Comparing COSO to ISO 31000
Managing Operational Risk: A Practical Guide
- Implementation issues
- Governance process
- Risk objective setting
- Building a Risk Culture.
- Why are Risk Cultures Important?
- Attributes of a risk management culture
Operational Risks – Practical Examples
- Operational risk – some case studies
Key Elements in Managing Operational Risk
- Managing Operational Risk
- Risk analysis
- Risk appetite
- Identify risk responses
- Impact and Probability
- Risk frequency and Frequency
Methods and Models
- Loss modelling methods
- Monte Carlo Simulations
- Quantitative Vs. Qualitative
- Key Risk Indicators (KRIs)
- The Business Cycle and Operational Risk
- Problems in Identifying Operational Risks
The Black Swan
- What is a Black Swan?
- Rare Events
- Some Recent High Impact Events
- Understanding your Risks, Goals and Priorities
- Prioritizing Risk Based on Probability & Impact
- Establish Responsibilities for Risk Management
- Responsibilities for Executing Risk Management & Governance
- Mapping Risk Strategies to Categories of Control
- Designing & Documenting Specific Controls
- Implementing controls
What are the Operational Risks?
- We explore a list of seven separate categories of operational risks.
Managing Operational Risk - Tools & Techniques
- The math of operational risk
- Causes & Consequences
- Bow Tie Diagrams
Methods for Assessing Operational Risks
- Loss Data Collection
- Scenario Analysis
- Tabletop / Desktop Exercises
A Risk Assessment Model
- Environmental Survey
- Technology Inventory
- Identifying & Assessing the Operational Risk
- Illustrative Operational Risk Management Plan
- Minimum Control Requirements
- Risk Identification Tools
Operational Risk - Case Studies in Assessing & Managing Operational Risk in Specific Industries:
This section of the course provides a detailed picture of what today’s operational risk is all about within the context of the real world. To do this we take a closer look at the world of operations and operations management across a wide range of human activity and industries. Scenario planning is a key tool in the assessment and mitigation of operational risks and we develop a theme touched on in day two that uses this mechanism to determine the severity of a specific operational risk on specific operational activities. We complete this final day of this course with an extensive range of actual case studies, showing how a wide range of firms/organizations in many diverse areas actually see and mitigate their own operational risks, employing the principals that we have covered in the course. Each example illustrates a different industry/ organization and differentoperational activities – yet all are managed through the same basic risk identification, assessment and mitigation structure.
Five case studies are presented:
- Banking - Kweku Adoboli - From 'rising star' to rogue trader. Banks are complex processing factories that in addition to the normal Operational Risks face their own unique set of Operational Issues. We also look briefly at some other cases and explore the psychology of the rogue trader.
- Financial services – The Case of Bernard Madoff, The financial meltdown in 2007/8 brought other problems in its wake. As investors tried to liquidate investments to access their cash the largest Ponzi finances scam in history was revealed. Apart from a long running fraud and a total failure for internal control at Madoff Securities there was this also prima facie evidence of a regulatory failure on a grand scale.
- Airline Industry – Comair Flight 5191. The average airline is a highly complex organization that forms a blend of sophisticated business operations on a global scale together with huge technical and logistics issues. This case study looks at a specific operational risk failure and its consequences.
- Siemens – Corruption on a Grand Scale. Siemens AG is a German conglomerate company headquartered in Berlin and Munich and the largest industrial manufacturing company in Europe with dozens of branch offices abroad. In 2005 German authorities opened investigations into Siemens business practices worldwide, prompted by requests from prosecutors in Italy, Liechtenstein and Switzerland; US investigators joined in 2006. The investigators found that bribing officials to win contracts was standard operating procedure. The company paid around $1.3 billion in bribes in many countries and kept separate books to hide them.
- Managing Operational Risk at the extreme – The US Navy. Operating under extreme conditions the US Navy has actively striven to reduce operational risk with a high rate of success. The results emanating from the measurement of this success rate are a powerful demonstration of the effective pursuit of Operational Risk Management.
Investing in Skills Scheme
Candidates may be eligible to claim part of the cost incurred under the Investing in Skills Scheme. Click here for further information. Applications forms must be received by the Investing in Skills Unit at least 21 calendar days before the start date of training.
A discounted price is available for students. Booking is subject to availability and on presentation of a valid student card.