ORX Reference Control Library

Working with McKinsey & Company as knowledge partners, and with the support of our members, we've developed the ORX Reference Control Library. The library provides an industry-first framework of the typical control types used by financial firms to mitigate key operational and non-financial risks. It's based on data collected from nearly 50 banks and insurers.

You can use the library to:

• Develop a new control library for your organisation
• Enhance your existing control library 
• Benchmark your firm's controls
• Identify gaps or areas of divergence

How to access the ORX Reference Control Library

ORX members can access the library for free as part of their annual membership subscription on the members-only website. If your organisation isn't a member of ORX, then you can purchase the complete library for a one-off fee. If you buy the library, you'll get access to:

• A downloadable excel version of the library
• An online interactive library explorer
• Guidance to help you use the library
• A report detailing our general observations on controls used across financial services

"The control library is a really important development for financial services. It not only helps each institution to enhance their control environment and practices, it will also help the industry to develop more standardised practice, leading to better benchmarking, data sharing and improved risk management insights. The product demonstrates the power of members working together as part of the ORX community.”
Efe Cummings, Global Head of Operational Risk at Nomura

About the library

Why did we develop the ORX Reference Control Library?

Most financial firms want to optimise their internal control environments – both to provide resilient services and to meet regulatory expectations. Control libraries are increasingly being used to support this optimisation.

A good control library helps to standardise and simplify controls by setting expected types for risks or processes. It also streamlines control identification and assessment processes across the business.

However, developing a comprehensive and dynamic control library can often be a complex, time-consuming and resource-intensive process for many firms. Furthermore, at an industry level, there is an overall lack of standardisation between organisations.

How does the ORX Reference Control Library help?

Aligned to the ORX Reference Risk Taxonomy, the ORX Reference Control Library provides a framework for the typical control types currently used by the industry today to mitigate each risk in the taxonomy. It can be used to:

• Review their internal control instances (or control library) against the typical control types
• Speed up the internal development of a control library by using all, or parts, of the ORX Reference Control Library
• Gain insight into the relative importance of their controls in mitigating operational and non-financial risk

“Many of our members were spending significant time and money on improving their controls and some had built their own Control Library. These in-house libraries, which are based on a financial organisations’ proprietary data and insight are extremely useful, but we saw an opportunity to take the collective data of 50 organisations to create an industry view.

“The library also creates the opportunity for industry control benchmarking, this is particularly important with operational and non-financial risk and control being an important topic on boardroom agendas.”
Steve Bishop, Research & Information Director, ORX

Take control of operational risk with ORX Reference Control Library

The ORX Reference Control Library helps you be sure you've got the best controls in place for managing operational and non-financial risk. It helps you understand your controls and how they compare to the wider industry and gives you a head start creating your own library. Based on data from almost 50 financial firms (including some of the largest banks and insurers around the world), the library is an essential tool for control optimisation and improve risk management.