O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Operational Risk Management

Book Description

The Authoritative Guide to the Best Practices in Operational Risk Management

Operational Risk Management offers a comprehensive guide that contains a review of the most up-to-date and effective operational risk management practices in the financial services industry. The book provides an essential overview of the current methods and best practices applied in financial companies and also contains advanced tools and techniques developed by the most mature firms in the field.

The author explores the range of operational risks such as information security, fraud or reputation damage and details how to put in place an effective program based on the four main risk management activities: risk identification, risk assessment, risk mitigation and risk monitoring. The book also examines some specific types of operational risks that rank high on many firms' risk registers.

Drawing on the author's extensive experience working with and advising financial companies, Operational Risk Management is written both for those new to the discipline and for experienced operational risk managers who want to strengthen and consolidate their knowledge. 

Table of Contents

  1. Cover
  2. About the Author
  3. Foreword
  4. Preface
  5. Introduction
    1. WHAT IS RISK?
    2. RISK MANAGEMENT FRAMEWORKS
    3. NOTES
  6. PART One: Risk Identification
    1. CHAPTER 1: Risk Identification Tools
      1. TOP‐DOWN AND BOTTOM‐UP RISK IDENTIFICATION
      2. EXPOSURE AND VULNERABILITIES
      3. THE RISK WHEEL
      4. THE ROOT CAUSES OF DAMAGES AND REVENUES
      5. PROCESS MAPPING
      6. INTERVIEWS OF KEY STAFF
      7. WHAT ALREADY HAPPENED: INTERNAL LOSSES, EXTERNAL LOSSES AND NEAR MISSES
    2. CHAPTER 2: Scenario Identification Process
      1. SCENARIO PREPARATION AND GOVERNANCE
      2. SCENARIO GENERATION AND SELECTION
    3. CHAPTER 3: Risk Definition and Taxonomy
      1. DEFINING RISKS
      2. RISK MANAGEMENT TAXONOMY
    4. CHAPTER 4: Risk Connectivity and Risk Networks
      1. MANAGING RISKS IN CLUSTERS
      2. RISK CONNECTIVITY TO PRIORITIZE RISK MANAGEMENT ATTENTION
      3. RISK CONNECTIVITY APPLIED TO TOP RISK SURVEY
  7. PART Two: Risk Assessment
    1. CHAPTER 5: Risk Appetite
      1. CONTEXT AND OBJECTIVES
      2. REWARD: THE MISSING PIECE OF RISK APPETITE
      3. RISK APPETITE STRUCTURE
      4. TOP‐DOWN AND BOTTOM‐UP APPROACHES TO RISK APPETITE
      5. TYING RISK APPETITE WITH THE REST OF THE FRAMEWORK
      6. HOW MUCH IS TOO MUCH?
      7. NOTES
    2. CHAPTER 6: Risk and Control Self‐Assessments
      1. STRUCTURE AND OBJECTIVES OF RCSAS
      2. IMPACT AND LIKELIHOOD RATINGS AND ASSESSMENTS
      3. COMBINING LIKELIHOOD AND IMPACT: THE HEATMAP
      4. LINKS WITH OTHER PARTS OF THE FRAMEWORK
    3. CHAPTER 7: Scenario Assessment
      1. SEVERITY ASSESSMENT
      2. FREQUENCY ASSESSMENT
      3. RANGE OF SCENARIO ASSESSMENT TECHNIQUES
      4. SCENARIO DOCUMENTATION AND VALIDATION
      5. MANAGEMENT LESSONS FROM SCENARIO ANALYSIS
      6. NOTES
    4. CHAPTER 8: Regulatory Capital and Modeling
      1. REGULATORY CAPITAL: RATIONALE AND HISTORY IN A NUTSHELL
      2. PILLAR 1 – REGULATORY CAPITAL FOR OPERATIONAL RISK
      3. PILLAR 2 – SUPERVISORY REVIEW PROCESS
      4. STRESS TESTING
      5. WIND‐DOWN PLANNING
      6. NOTES
  8. PART Three: Risk Mitigation
    1. CHAPTER 9: Operational Risk Governance
      1. RISK GOVERNANCE AND THE ROLE OF THE BOARD
      2. THREE LINES OF DEFENSE MODEL
      3. SECOND LINE: BETWEEN GUIDANCE AND CHALLENGE
      4. RISK COMMITTEES AND ORGANIZATION
      5. POLICIES AND PROCEDURES
      6. NOTES
    2. CHAPTER 10: Risk Mitigation
      1. DEFINITIONS
      2. TYPES OF CONTROLS
      3. CONTROL TESTING
      4. PREVENTION THROUGH DESIGN
      5. NOTES
    3. CHAPTER 11: Root Cause Analysis and Action Plans
      1. GENERALITIES AND GOOD PRACTICE
      2. BOW‐TIE TOOL AND SYSTEMIC PATTERNS OF FAILURE
      3. ACTION PLAN DESIGN AND GOVERNANCE
    4. CHAPTER 12: Conduct and Culture
      1. DEFINITIONS
      2. HOW TO ACHIEVE CHANGE
      3. NOTES
  9. PART Four: Risk Monitoring
    1. CHAPTER 13: Incident Data Collection
      1. IMPORTANCE OF LOSS REPORTING AND REGULATORY REQUIREMENTS
      2. LOSSES VERSUS INCIDENTS AND THE FALLACY OF NON‐FINANCIAL IMPACTS
      3. INCIDENT DATA COLLECTION PROCESS
      4. BOUNDARY EVENT REPORTING
      5. REVIEW AND VALIDATION
      6. NOTES
    2. CHAPTER 14: Key Risk Indicators
      1. INTRODUCTION
      2. ROLES OF RISK INDICATORS
      3. KEY INDICATORS: PERFORMANCE, RISKS AND CONTROLS
      4. TEN FEATURES OF LEADING KRIS
      5. CATEGORIES OF KRIS
      6. KRI DESIGN: NUMBER, THRESHOLDS AND GOVERNANCE
      7. VALIDATION KRI FRAMEWORK
      8. SUMMARY: FRAMEWORK FOR PREVENTIVE KRIS
      9. NOTES
    3. CHAPTER 15: Risk Reporting
      1. GOLDEN RULES OF REPORTING
      2. TYPICAL CONTENT OF RISK REPORTING
      3. RISK REPORTING CHALLENGES
      4. REPORTING ON CONDUCT
      5. ADDRESSING ASYMMETRY OF OPERATIONAL LOSS DATA
      6. TURNING DATA INTO STORIES
      7. NOTES
    4. CHAPTER 16: Valuable ORM
      1. HOW DO YOU KNOW IT WORKS? CRITERIA FOR A MATURE FRAMEWORK
      2. A RISK‐BASED APPROACH TO ORM
      3. DEADLY SINS AND GOLDEN RULES
      4. DEMONSTRATING THE VALUE OF RISK MANAGEMENT
      5. NOTES
  10. PART Five: Rising Operational Risks
    1. CHAPTER 17: Project Risk Management
      1. CONTEXT
      2. STAGE OF INVOLVEMENT OF THE RISK FUNCTION IN PROJECT MANAGEMENT
      3. RISK RATING FOR PROJECTS
      4. PROJECT RISK IDENTIFICATION AND ASSESSMENT
      5. PROJECT MONITORING AND REPORTING
    2. CHAPTER 18: Information Security Risks
      1. CONTEXT
      2. DATA BREACHES AND HEADLINE NEWS
      3. INFORMATION SECURITY STANDARDS AND FURTHER REFERENCES
      4. IDENTIFICATION: RISK TAXONOMY FOR INFORMATION SECURITY
      5. ASSESSMENT: SURVEYS, RCSAS AND SCENARIOS
      6. MITIGATION: BEHAVIORAL AND TECHNICAL MEASURES
      7. MONITORING: KRIS
      8. NOTES
    3. CHAPTER 19: Operational Risks in Cryptocurrencies
      1. CONTEXT AND ACADEMIC RESEARCH
      2. SUMMARY
      3. BITCOIN
      4. BLOCKCHAIN
      5. RISK IDENTIFICATION: CRYPTOCURRENCY VULNERABILITIES AND EXPOSURES
      6. OPERATIONAL RISKS AND POTENTIAL EVENT TYPES FOR CRYPTOCURRENCIES
      7. MITIGATION ACTIONS FOR OPERATIONAL RISKS IN CRYPTOCURRENCIES
      8. DISCUSSIONS ON OPERATIONAL RISK DRIVERS OF CRYPTOCURRENCIES
      9. NOTES
    4. CHAPTER 20: Resilience and Reputation
      1. INTRODUCTION
      2. REPUTATION MANAGEMENT
      3. CRISIS MANAGEMENT AND RESILIENCE
      4. NOTES
  11. Conclusion
    1. RISING OPERATIONAL RISKS
    2. THE FUTURE OF OPERATIONAL RISK MANAGEMENT
    3. NOTES
  12. Index
  13. End User License Agreement