Library - July 2022
The ORX Reference Control Library provides an industry-first framework of the typical control types used by financial firms to mitigate key operational and non-financial risks.
We developed the library working with McKinsey & Company as knowledge partners and with the support of our members. It's based on data collected from nearly 50 of the world's leading banks and insurance firms.
You can use the library to:
- Develop a new control library for your organisation
- Enhance your existing control library
- Benchmark your firm's controls
- Identify gaps or areas of divergence
"The control library is a really important development for financial services. It not only helps each institution to enhance their control environment and practices, it will also help the industry to develop more standardised practice, leading to better benchmarking, data sharing and improved risk management insights. The product demonstrates the power of members working together as part of the ORX community.”
Efe Cummings, Global Head of Operational Risk at Nomura
The ORX Reference Control Library in numbers
Gated content stop
About the library
Why did we develop it?
Most financial firms want to optimise their internal control environments – both to provide resilient services and to meet regulatory expectations. Control libraries are increasingly being used to support this optimisation
A good control library helps to standardise and simplify controls by setting expected types for risks or processes. It also streamlines control identification and assessment processes across the business.
However, developing a comprehensive and dynamic control library can often be a complex, time-consuming and resource-intensive process for many firms. Furthermore, at an industry level, there is an overall lack of standardisation between organisations.
How does it help?
Aligned to the ORX Reference Risk Taxonomy, the ORX Reference Control Library provides a framework for the typical control types currently used by the industry today to mitigate each risk in the taxonomy. It can be used to:
- Review internal control instances (or control library) against the typical control types
- Speed up the internal development of a control library by using all, or parts, of the ORX Reference Control Library
- Gain insight into the relative importance of their controls in mitigating operational and non-financial risk
“Many of our members were spending significant time and money on improving their controls and some had built their own Control Library. These in-house libraries, which are based on a financial organisations’ proprietary data and insight are extremely useful, but we saw an opportunity to take the collective data of 50 organisations to create an industry view.
“The library also creates the opportunity for industry control benchmarking, this is particularly important with operational and non-financial risk and control being an important topic on boardroom agendas.”
Steve Bishop, Research & Information Director, ORX
Research and Information Director, ORX
Research and Information Consultant, ORX