Four benefits of adopting the ‘umbrella’ approach to op risk management

“We used to spend meetings discussing the data, we now spend them discussing what the data tells us…”

At ORX, we’ve been exploring how the ‘umbrella’ approach can improve operational risk management. The concept of the operational risk umbrella has been gaining traction over the last few years. Many chief risk officers interviewed as part of the 2017 ORX and McKinsey study on the future of operational risk felt that:

“Operational risk needs to step up and form an umbrella function for all operational risks, including those overseen by specialist teams outside the operational risk function (e.g. IT risks and compliance risks).”

What is the 'umbrella' approach?

The 'umbrella' function provides a consistent approach to managing operational and non-financial risks. In its most complete form, the umbrella’s scope includes frameworks, standards, systems, tools and reporting. It can extend across risks, control functions, and the lines of defence.

How does the umbrella approach benefit op risk management?

Last year we decided to dig deeper into this idea. We interviewed 13 institutions who are on their way towards implementing the operational risk umbrella. The full report, Operational Risk: The Umbrella Function, is available to all ORX members, who get free access to our research as part of their annual membership subscription.

The study builds a picture of how the umbrella is being realised and the challenges operational risk functions have met trying to implement it. We also wanted to find out what the benefits of the umbrella are. We identified four main benefits.

Four benefits of the op risk umbrella

Benefit 1: Consistency and completeness

The umbrella function helps to achieve consistent understanding and opinion from the first line of defence on risks. Primarily, it does this by avoiding multiple interactions on similar activities, which makes it easier to form a balanced, coherent view. As a result, senior management and supervisors are more likely to be given a single message. This helps to avoid potential confusion or contradiction.

A common framework across non-financial risks can also result in a more complete view of risk. Many of the study participants reported that confidence in the data had improved, allowing discussions to now focus on what the data was showing.

Benefit 2: Efficiency

The umbrella approach can save time and boost efficiency. This is because applying the same frameworks in a coordinated way across different risk types and control functions improves clarity and avoids repeated or overlapping activities.

Our study showed that this benefit can be gained even if the umbrella isn’t fully implemented. We found that lower levels of alignment still resulted in less time being spent on overlapping tasks.

Benefit 3: Effectiveness

Another benefit is the ability to close control gaps. The umbrella approach to operational risk management can bring clarity to functions and responsibilities, for example, by providing a clearer idea of where first line risk responsibilities start and end. Study participants said integration allowed second line specialists to focus on challenging the first line and oversight, rather than trying to obtain their own view of business risk in multiple, often specialist areas.

The umbrella framework can also make staff more open to working together. When the business works together as a team rather than in separate silos, it becomes simpler and easier to manage risk. This means the organisation improves both its effectiveness and its efficiency.

Benefit 4: Agility

Many study participants found that an umbrella approach simplifies analysis, making thematic reviews easier to perform. As levels of coordination, integration and consistency increase, it becomes easier to form cross-department and cross- function teams.

These teams are able to perform deep dive analysis that crosses specialist risk areas and assesses emerging risks. This is particularly useful for areas of risk such as cyberattacks and digital change projects. Participants in the study also said that integration meant they could react rapidly to events, for example, by quickly engaging the first line or pivoting information in a consistent way.

Advance your op risk management with ORX research

One of the many advantages of ORX Membership is being able to take part in and access our research studies. Our studies cover a broad range of operational risk measurement and management topics. We also explore key strategic themes – such as the umbrella approach – and work on industry innovations. All this is included in ORX Membership. But, even if you're not a member you can still get involved in our research and benefit from the results. Take a look at what we're working on now, or read our study highlights to find out more.