Library - July 2022
The award-winning ORX Reference Control Library provides an industry-first framework of the typical control types used by financial firms to mitigate key operational and non-financial risks.
We developed the library working with McKinsey & Company as knowledge partners and with the support of our members. It's based on data collected from nearly 50 of the world's leading banks and insurance firms.
You can use the library to:
- Develop a new control library for your organisation
- Enhance your existing control library
- Benchmark your firm's controls
- Identify gaps or areas of divergence
The library won the Gold Award for ‘Risk Management Solution Innovation’ in the 2023 Golden Bridge Awards.
The library is available for free to ORX members or for non-members to purchase.
Want to access this resource?
If your firm is a member of ORX, log in or register to read this resource.
Not a member? Find out more about purchasing the ORX Reference Control Library.
Why did we develop it?
Most financial firms want to optimise their internal control environments – both to provide resilient services and to meet regulatory expectations. Control libraries are increasingly being used to support this optimisation
A good control library helps to standardise and simplify controls by setting expected types for risks or processes. It also streamlines control identification and assessment processes across the business.
However, developing a comprehensive and dynamic control library can often be a complex, time-consuming and resource-intensive process for many firms. Furthermore, at an industry level, there is an overall lack of standardisation between organisations.
How does it help?
Aligned to the ORX Reference Risk Taxonomy, the ORX Reference Control Library provides a framework for the typical control types currently used by the industry today to mitigate each risk in the taxonomy. It can be used to:
- Review internal control instances (or control library) against the typical control types
- Speed up the internal development of a control library by using all, or parts, of the ORX Reference Control Library
- Gain insight into the relative importance of their controls in mitigating operational and non-financial risk
“Many of our members were spending significant time and money on improving their controls and some had built their own Control Library. These in-house libraries, which are based on a financial organisations’ proprietary data and insight are extremely useful, but we saw an opportunity to take the collective data of 50 organisations to create an industry view.
“The library also creates the opportunity for industry control benchmarking, this is particularly important with operational and non-financial risk and control being an important topic on boardroom agendas.”
Steve Bishop, Research & Information Director, ORX
Steve Bishop
Research and Information Director, ORX
Mike Constantinou
Research and Information Consultant, ORX
