Flèche rougeAfter the course, participants will know about:
     - Best practices in operational risk management for financial companies
     - Highlight of key regulatory expectations
     - Effective tools to learn from past indicents
     - Sound methodologies for scenario analysis and risk assessement
     - Typology and steps to identify and design leading KRIs
     - Root cause analysis and control design
     - Typology and essential controls for human error
     - Writing risk appetite and tolerance statement
     - Influencing risk culture


Flèche rougeHeads of Operational Risk
Flèche rougeEntreprise Risk Managers
Flèche rougeOperational Risk Managers
Flèche rougeOperations Managers
Flèche rougeInternal Auditors
Flèche rougeHR officers
Flèche rougeCompliance officers
Flèche rougeConsultants
Flèche rougeRegulators


Flèche rougeDr. Ariane Chapelle is active in operational risk since 2000, with business experience acquired in managerial functions in Internal Audit and Risk Management in ING Group and Lloyds Banking Group. She is a also professional trainer with over 20 years experience in teaching academic and executive audiences. She has designed, managed and run operational risk training programmes for international banks and insurance companies and facilitated hundreds of training sessions on operational risk on every continent.

Dr. Chapelle is Honorary Reader at University College London, teaching the course: “Operational Risk Measurement in Financial Services”. She is a Fellow of the Institute of Operational Risk of which she chairs the Sound Practive Guidance Committee.

FORMATION - Programme

Day One: Setting the Framework and Appetite

Session 1: Operational Risk Framework

Operational Risk Definition and Characteristics
Some risk frameworks: ISO, COSO, large banks and insurance companies
Three lines of defence and three levels of Operational Risk Management: Strategic, Tactical, Dynamic
SMA and regulatroy changes in Operational Risks
The ORM pyramid: which level are you at?

Group work: the ORM pyramid: define and discuss the maturity level of your ORM

Session 2: Risk Identification

Tools and techniques for risk identification
Exposures and Vulnerabilities
The Risk Wheel
Value drivers and reverse stress testing
Risk register: a list
Risk connectivity: network of risks

Class Exercise: identify your top risks and class feedback

Session 3: Actionable Risk Appetite
Industry guidance on Risk Appetite
Template for actionable Risk Appetite
Risk Appetite Statements: Features and Examples
Cascading Risk Appetite: RCSA & Indicators

Class discussion and exercises: Formulate  risk appetite & tolerance statements for two of your top risks

Session 4: Risk and Control Self Assessments

Definition and rules for RCSAs
Tool: Impact / probability matrix: shapes and forms, definitions
Usage and choice when defining RCSAs: extreme cases or median cases, distribution or single points, inherent or residual risk, likelihood or frequencies
Risk rating: when and how.
Scenario analysis: RCSA on steroids

Exercise: Highlight and assess your top risks before and after controls

Day Two: Key Risks Indicators & Reporting

Session 1: Features and types of leading KRIs

Features of leading KRIs
KRI, KPI, KCI: definitions and uses.
A typology of Key Risks indicators
KRIs: metrics of risks drivers
Root cause analysis & identification of risk drivers

Case study: examples of KRIs and risk drivers per activity

Class Exercise: root cause analysis for KRI identification: the bow tie

Session 2: Root causes analysis and Control Design

Slips and mistakes: Typology and causes of human errors
Understand and treat the causes of human error
Effective vs. Illusory controls
Root cause analysis: method and benefits
Tracking the common failures and systematic patterns
Prevention by Design

Exercise: apply the bow-tie to one of your incident; share the lesssons learnt

Session 3:  Design & Governance KRIs

KRI design: frequency,  thresholds,  reporting and discipline
Selective Preventive KRIs step by step
Building on previous results
Revisiting existing metrics
Upgrade your KRIs
Reporting on KRIs: aggregating colors?
KRI Governance

Group work: identify and design your own KRIs

Session 4: Incident data collection and risk reporting

Modern issues on loss data: the regulator’s view
Data features: core losses and tail risks
Golden rules of reporting
Management information: the “reporting cake”

Highlights of best practice, Group discussion and sharing of experience

Day three: Emerging Risks, Scenario Analysis and Risk Culture

Session 1: Operational Risk Drivers and Emerging Risks

Characteristics of Operational Risk
Drivers of Operational Risks
Emerging Risks
that we all know
that we don’t know
that we should know

Session 2: Scenario Analysis and Planning

Steps and governance of scenario analysis
Tackling behavioral biases in scenario assessment
Industry practices and lists of scenarios
Assessing probabilities of rare events
Acting on Scenario Analysis

Industry examples and sharing of experience

Session 3: Implementing the Desired Risk Culture: a method

Defining Risk Culture
Acting on behaviours: the Influencer
Necessary conditions: willingness and ability

Risk Culture: DESIRE steps: Define – Inspire – Support – Enable – Reinforce - Evaluate
Assessing the risk culture

Group work: Plan your own culture change

Session 4: Conclusion & Wrap-up

What have you learnt?
What will you remember?
What will you apply?


Flèche rouge3390 euros HT

(prix indicatif variant selon la mise en oeuvre de la formation)


Flèche rouge3 jours


Flèche rougeAucun


Flèche rougeIl n'y a pas encore de taux de satisfaction sur cette formation

prochaines dates

Pour connaitre les prochaines dates, nous contacter : contact@eri-institute.eu