Short report

Observations on controls in operational risk

An update on the current industry position and practice on the control frameworks for operational risk management

Service

ORX Membership

Community

Risk Management Community

Risk programme

Management, Practice & Framework

Sections

Report - November 2023

This short report summarises the outcomes of sessions held by ORX with our members to explore four key elements of the operational risk management control framework.

ORX members regularly share that improving their control framework is becoming increasingly important for enhancing their management of operational risk.

The significance of having an effective and efficient control framework, and the impacts of either poorly designed or insufficiently implemented controls, can be seen in recent stories from ORX News, where control-related failures have either been the direct cause of an operational risk loss event, or have significantly exacerbated the impacts.

In this context, ORX held a session for members to discuss four key elements relating to the operational risk management control framework: documentation, attributes and categorisation, recording and capture, and review and testing.

This short report provides an update on the current industry position and practice surrounding controls. Available to all ORX members, this update can also serve as a useful guide or benchmark for members.