We created the reference framework using input from our 43 participants and the Basel Committee's Principles for the Sound Management of Operational Risk (PSMOR).
We identified three main areas in a typical framework.
1. Governance, appetite and culture
Governance, appetite and culture form the structure surrounding and supporting the risk management environment. In many submitted frameworks, we saw governance and appetite sitting above the risk management environment, setting overarching expectations, accountabilities and strategic decisions for the entire risk management process.
Roles and responsibilities and the three lines of defence model are the most frequently represented elements in participants' frameworks.
2. Risk management environment
The risk management environment is where many of the risk management activities are represented (identification, assessment, mitigation/management, monitoring, and reporting).
RCSAs, loss data and issue and action management are the most frequently represented elements.
3. Enablers
In the reference framework, enablers sit as key inputs into the risk management 'building', which reflects the position of these components in many of the submitted frameworks.
Framework change, management and systems
In addition to collecting participants' frameworks, we asked them a series of questions about whether they are planning to change their frameworks, how they manage their frameworks, and what governance, risk and compliance (GRC) tools or systems they use.
ORX members can read more about these results in the full report.
This resource is only available to ORX members
Want to access this resource?
If your firm is a member of ORX, log in or register to read this resource.
Not a member? Talk to us today to discuss how you could join the ORX community.
Luke Carrivick
Executive Director, ORX
Esther Renfrew
People and Operations Director, ORX
