Risk Workspace for the operational risk manager

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Risk Workspace for the operational risk manager

    The Risk Workspace for operational risk managers helps organizations effectively manage operational risks, which include losses due to errors, breaches, or damages. This workspace enables risk managers to define a robust operational risk framework, assess risks, and monitor key indicators to maintain a comprehensive risk posture.

    Show full answer Show less

    Key Features

    • Operational Risk Framework: Establish a framework that includes risk identification, measurement, mitigation, and reporting.
    • Libraries Setup: Create risk statements and control objectives for clear communication and monitoring of risks.
    • Risk Assessments: Conduct periodic risk assessments and maintain an updated risk register.
    • Risk Events Management: Record and monitor risk events to analyze losses and improve risk mitigation strategies.
    • Key Risk Indicators: Continuously monitor risk posture by defining key risk and control indicators that support audits and control testing.
    • Issue and Incident Management: Track and manage issues to prevent incidents, ensuring proper remediation and monitoring.
    • Reporting and Dashboards: Create dashboards and reports to share aggregated risk assessment results with stakeholders.

    Key Outcomes

    By utilizing the Risk Workspace, operational risk managers can effectively identify and mitigate risks, maintain an updated risk register, and ensure continuous monitoring of risk indicators. This leads to improved decision-making regarding operational risk management and enhances the organization's overall risk posture.

    Operational risk managers manage operational risks such as losses due to errors, breaches, or damages that are caused by people, internal processes, systems, or external events. Operational risks range from the small, such as the risk of loss due to minor human errors, to the large, such as the risk of bankruptcy due to serious fraud.

    Operational risk manager

    Operational risk managers are a part of the operational risk team that manages the risk posture of the organization. Risk posture is the current risk profile for a company. As an operational risk manager, you must perform the following tasks.
    Define the operational risk framework
    Effectively manage the operational risks of an organization by defining a robust risk management framework. This framework helps to identify risks and to define the control framework to mitigate those risks. A risk management framework consists of the following components:
    • Risk identification
    • Risk measurement or scoring
    • Risk mitigation
    • Risk reporting and monitoring
    Set up libraries
    Set up comprehensive libraries by doing the following:
    • Creating risk statements: A risk statement is used to record a risk in a way that everyone can reach a common agreement on its severity or relative priority.
    • Creating control objectives: A control objective defines the aim or purpose of risk-mitigating controls. These controls need continuous monitoring.
    • Defining entity classes, entity types, and entities: For more information on entities, see Understanding entities.
    • Defining the upstream and downstream entities.
    The first step is to set up risk statements so that your team has a specific idea of the risk. For example, simply calling a risk as a cybersecurity risk is not specific. Cybersecurity risks could mean different things to different people. Therefore, a common statement to define cybersecurity is created as a risk statement. To create risk statements and their hierarchy, clearly define the risk impact, the assets at risk, and the source of risk. By defining the risk statements and creating their hierarchy, you can ensure that the risk scores are aggregated thus giving the complete risk status.
    Conduct risk assessments on a periodic basis
    Perform the annual risk assessments according to your organization's policies. Also, ensure that the risk register is updated and accurate. Create risk assessment scopes and schedule assessments. To learn more about risk registers, see Risk register in the Risk Workspace.
    Record and monitor risk events
    Risk events are potential or actual financial and non-financial losses, near misses, and gains that occur within an organization. To effectively manage risks, it is essential to monitor risk events, perform a root-cause analysis, and track the remedial tasks. Organizations use risk events to understand their losses and analyze areas of improvement to reduce further losses. You must maintain the loss event register to capture complete event information and to suggest additional controls to mitigate risks in the future.
    Define key risk indicators
    Monitor the risk posture of your enterprise on a continuous basis. Continuous monitoring of risks and controls involves identifying and creating key risk and control indicators. Supporting information can be collected for those indicators through automatic data collection or manual tasks. Indicator results are then used to create issues for controls, signal a change in the risk posture, and to provide supporting information for audit activities and control testing. If the indicator thresholds are breached, you must escalate to the respective stakeholders.
    Manage issues and incidents
    An issue is created when there is a change in the environment, process, or system that poses a threat. An issue requires action to prevent an incident or loss. An incident is a successful outcome or event with a negative impact. As the operational risk manager, you can view, create, and manage issues and incidents. Ensure tracking, proper closure, remediation, and monitoring of issues and incidents.
    Communicate the operational risk posture
    Define dashboards to report data effectively and accurately. You must create the required reports which can be shared with the executives and the head of the operational risk team. The reports and dashboards ensure that the aggregated assessment results across the organization help to identify the top operational risks for the enterprise.
    The following table lists the key tasks that you perform in your role as an operational risk manager.
    Table 1. Tasks of an operational risk manager
    Activity Task
    Define the operational risk framework
    Communicate the operational risk posture
    Monitor the critical incidents and issues View, create, and manage issues
    Define the key risk indicators Risk indicators, control indicators, and indicator templates
    Conduct the annual risk assessment process
    Facilitate recording and learning from loss events
    Create aggregated risk reports Reports in the Risk Management application
    The following image shows the view for the operational risk manager.
    Figure 1. Home page for the operational risk manager
    Operational risk manager home page.