Course Agenda

Agenda

Key Risk Indicators

Day 1 - Risks on the Rise, Risk Appetite and KRI Framework

Wednesday 22nd August 2018

09:00

Registration and refreshments

09:30

Operational Risk Management trends and top risks: what's on the horizon?

  • Operational risk frameworks in the financial services
  • Framework complete and maturity: The ORM pyramid
  • Exposure and vunerabilities
  • Rising operational risks and market trends
  • Top risks survery

Class discussion and experience sharing: rising risk in organisations

11:00

Morning break

11:30

Actionable risk appetite

  • Industry guidance on risk appetite
  • Risk appetite, tolerance and limits
  • Structure of actionable risk appetite
  • Cascading risk appetite: RCSA & Indicators
  • Top-down and bottom-up approaches to risk appetite

Class discussion and exercises: Define a risk appetite statement for one or two of your top risks

13:00

Lunch

14:00

Preventive KRIs: A method

  • Selecting and desiging KRI steps by step
  • Metrics of risk drivers
  • A typology of KRIs: Exposure, stress, casual and failure
  • KRI design and reporting

Group work: Delegates will have the opportunity to apply this method and share their findings with others in a guided exercise

15:30

Afternoon break

16:00

Root cause analysis for KRI identification

  • Root cause analysis and lessons learn from large incidents
  • Cause of the cause: the benefits
  • Bow tie tool: tracking common failures and systematic patterns
  • Root cause and risk prevention

Group work: apply a bow-tie analysis to one of your incidents and share the lessons learnt

17:30

End of day one

Day 2 - KRI Reporting for Special Risks: Information Security, Project Management, Conduct and Culture

Thursday 23rd August 2018

09:00

Refreshments

09:30

Process mapping and control design

  • Process mapping: Highlights risk and controls at every step
  • KCIs: Assessing controls: Their existence, their effectiveness 
  • Typology of controls
  • Typology of human error: the work of James Reason
  • Active and latent errors
  • Prevention by design

Group work: Delegates will work on process mapping of relevant activities and share results with the class

11:00

Morning break

11:30

KRI for information security risks

  • Information security risk assessment method: case study
  • Key controls in information and cyber security 
  • KRIs for information security: exposure, failures and stress indicators
  • Reporting & Governance on KRI 
  • Reassess your current indicators and select appropriately 

13:00

Lunch

14:00

KRIs for project risk management & validation

  • Project management and risk management involvement
  • KRI for projects
  • Reporting on projects and changes
  • Testing KRIs: assess the validity of your indicators
  • Governance around risk indicators

Class discussion and benchmarking: KRI definition and governance in different institutions 

15:30

Afternoon break

16:00

Indicators for conduct and risk culture

  • Conduct and Culture: metrics and behaviours
  • Case study of a conduct and culture change programme (2018)
  • Reporting on culture
  • Other influences than KPIs

Class discussion and benchmarking: People risk, risk culture and indicators

17:30

End of course