Benchmark - April 2019
The operational risk discipline is shifting its focus to risk management. Understanding the operational risk frameworks that support this shift is now more important than ever before.
ORX worked with 43 financial institutions to see how they manage their operational risk frameworks, which GRC tools they use to manage them, and what changes they are making to their frameworks.
ORX has worked with 43 financial institutions to see how they manage their operational risk frameworks, which GRC tools they use to manage them, and what changes they are making to their frameworks.
This reference framework allows you to compare your financial institution and the way you manage risk to your peers in the industry.
The ORX Operational Risk Reference Framework
We created the reference framework using input from our 43 participants and the Basel Committee's Principles for the Sound Management of Operational Risk (PSMOR).
We identified three main areas in a typical framework.
1. Governance, appetite and culture
Governance, appetite and culture form the structure surrounding and supporting the risk management environment. In many submitted frameworks, we saw governance and appetite sitting above the risk management environment, setting overarching expectations, accountabilities and strategic decisions for the entire risk management process.
Roles and responsibilities and the three lines of defence model are the most frequently represented elements in participants' frameworks.
2. Risk management environment
The risk management environment is where many of the risk management activities are represented (identification, assessment, mitigation/management, monitoring, and reporting).
RCSAs, loss data and issue and action management are the most frequently represented elements.
In the reference framework, enablers sit as key inputs into the risk management 'building', which reflects the position of these components in many of the submitted frameworks.
Framework change, management and systems
In addition to collecting participants' frameworks, we asked them a series of questions about whether they are planning to change their frameworks, how they manage their frameworks, and what governance, risk and compliance (GRC) tools or systems they use.
ORX members can read more about these results in the full report.
Gated content stop
Executive Director, ORX
People and Operations Director, ORX