Skip to content


ORX Membership


Strategy & Leadership Community

Risk programme

Leadership, Strategy & Advancing Op Risk

Thought Leadership - 2018

If you picture operational risk as an umbrella, what does it cover? Does it include compliance, IT security, conduct risk, cyber, fraud or change management? More than these, or none of them?

The development of operational risk into an 'umbrella function' was a key observation in The future of operational risk study. The term umbrella refers to how operational risk is:

  • Moving to provide an overarching framework, creating consistency across specialist areas of operational and other non-financial risk
  • Combining with compliance teams to provide an integrated approach to non-financial risk management

Exploring the umbrella function

At ORX, we've been exploring this concept with our membership. In 2018 we surveyed and interviewed 13 institutions who are on the journey towards the operational risk umbrella.

Our aim was to understand how this approach was being realised and what challenges operational risk functions have encountered while on the journey. We were also keen to see what benefits institutions might already have experienced from adopting the umbrella.

We summarised the results of this study into a report which is available to all the ORX membership to download. Additionally, we provided the participants with a number of case studies that offer insights from institutions who have already started to move towards an umbrella function.

No institution who took part in the study was at the end of their journey. Whether there are more functions and risks to bring under the umbrella, or more framework elements to align, it is an ongoing process.

What did we find out?

Four benefits of the umbrella approach to operational risk

The four benefits of the operational risk umbrella: Consistency & completeness, efficiency, effectiveness and agility

The aim of our survey was to map the progress and identify outcomes achieved by the participants who are working towards an umbrella approach to operational risk.

Participants are at various stages of the journey, which for most has started in the last two to four years. For some, the decision to adopt an umbrella function was driven by a need to reduce duplication. For others, it was driven by the adoption of new technology, or even challenge from the regulator.

What benefits does the umbrella bring?

There was consensus on the benefits achieved by moving towards a more coherent view of risk. Most participants noted that adopting the umbrella approach resulted in a degree of consistency, efficiency, effectiveness and agility. Several institutions mentioned the truer, clearer data which was generated, and which for some provided validation of the project at an early stage of implementation. Closing control gaps also proved to be a major benefit.

“We used to spend meetings discussing the data, we now spend them discussing what the data tells us…”
Umbrella study participant

While it may result in efficiencies, many found the primary aim of the umbrella was a qualitative improvement in risk management practices. Providing senior management with consistent and complete risk information was one of the strongest and most consistently reported benefits. This is essential for managing the enterprise-wide risks that are confronting firms today in a rapidly changing environment, and to provide solutions for identifying and tackling them.

Still some way to go

The transition to an umbrella is a logical response to the new issues facing operational risk, and a way of building a solid and permanent basis for operational risk challenges to come. However, many of the participants observed that their firm was at the beginning of its journey, and they expected the process to be long and complex.

Gated content start

This resource is only available to ORX members

Want to access this resource?

If your firm is a member of ORX, log in or register to read this resource.

Log into the ORX website

Not a member? Talk to us today to discuss how you could join the ORX community.

Speak to an expert

Gated content stop


Luke Carrivick

Luke Carrivick

Executive Director, ORX


Become a member of ORX

Book a call to find out how ORX can support operational risk management at your firm.

Talk to us today