Skip to content


ORX Membership


Risk Management Community

Risk programme

Standards, Taxonomies & Libraries

Library - July 2022

Golden-Bridge-2023-Gold-PNGThe award-winning ORX Reference Control Library provides an industry-first framework of the typical control types used by financial firms to mitigate key operational and non-financial risks.


We are delighted to have won a Gold Award for ‘Risk Management Solution Innovation’ in the 2023 Golden Bridge Awards! We developed the library working with McKinsey & Company as knowledge partners and with the support of our members. It's based on data collected from nearly 50 of the world's leading banks and insurance firms.

You can use the library to:

  • Develop a new control library for your organisation
  • Enhance your existing control library
  • Benchmark your firm's controls
  • Identify gaps or areas of divergence

"The control library is a really important development for financial services. It not only helps each institution to enhance their control environment and practices, it will also help the industry to develop more standardised practice, leading to better benchmarking, data sharing and improved risk management insights. The product demonstrates the power of members working together as part of the ORX community.”

Efe Cummings, Global Head of Operational Risk at Nomura

The ORX Reference Control Library in numbers




level 1
risk categories


risk categories











Gated content start

The library is available for free to ORX members or for non-members to purchase.

Want to access this resource?

If your firm is a member of ORX, log in or register to read this resource.

Log into the ORX website

Not a member? Find out more about purchasing the ORX Reference Control Library.

Find out how to access the library

Gated content stop

About the library

Why did we develop it?

Most financial firms want to optimise their internal control environments – both to provide resilient services and to meet regulatory expectations. Control libraries are increasingly being used to support this optimisation

A good control library helps to standardise and simplify controls by setting expected types for risks or processes. It also streamlines control identification and assessment processes across the business.

However, developing a comprehensive and dynamic control library can often be a complex, time-consuming and resource-intensive process for many firms. Furthermore, at an industry level, there is an overall lack of standardisation between organisations.

How does it help?

Aligned to the ORX Reference Risk Taxonomy, the ORX Reference Control Library provides a framework for the typical control types currently used by the industry today to mitigate each risk in the taxonomy. It can be used to:

  • Review internal control instances (or control library) against the typical control types
  • Speed up the internal development of a control library by using all, or parts, of the ORX Reference Control Library
  • Gain insight into the relative importance of their controls in mitigating operational and non-financial risk

“Many of our members were spending significant time and money on improving their controls and some had built their own Control Library. These in-house libraries, which are based on a financial organisations’  proprietary data and insight are extremely useful, but we saw an opportunity to take the collective data of 50 organisations to create an industry view.

“The library also creates the opportunity for industry control benchmarking, this is particularly important with operational and non-financial risk and control being an important topic on boardroom agendas.

Steve Bishop, Research & Information Director, ORX



Steve Bishop

Steve Bishop

Research and Information Director, ORX

Mike Constantinou

Mike Constantinou

Research and Information Consultant, ORX


Interested in the library?

Get in touch today to see how you can get access to the ORX Reference Control Library.

ORX Reference Control Library