Operational risk framework design
- 18 January 2019
ORX has worked with 43 financial institutions to see how they manage their operational risk frameworks, which GRC tools they use to manage them, and what changes they are making to their frameworks.
From this study, we have created the ORX operational risk reference framework.
This reference framework allows you to compare your financial institution and the way you manage risk to your peers in the industry.
Our ORX operational risk framework will also inform our future practice benchmark programme.
ORX reference framework
We created the reference framework using input from our 43 participants and the Basel Committee's Principles for the Sound Management of Operational Risk (PSMOR).
Governance, appetite and culture
Governance, appetite and culture form the structure surrounding and supporting the risk management environment. In many submitted frameworks, we saw governance and appetite sitting above the risk management environment, setting overarching expectations, accountabilities and strategic decisions for the entire risk management process.
Roles and responsibilities and the three lines of defence model are the most frequently represented elements in participants' frameworks.
Risk management environment
The risk management environment is where many of the risk management activities are represented (identification, assessment, mitigation/management, monitoring, and reporting).
RCSAs, loss data and issue and action management are the most frequently represented elements.
In the reference framework, enablers sit as key inputs into the risk management 'building', which reflects the position of these components in many of the submitted frameworks.
Framework change, management and systems
In addition to collecting participants' frameworks, we asked them a series of questions about whether they are planning to change their frameworks, how they manage their frameworks, and what governance, risk and compliance (GRC) tools or systems they use.
Have your say on our future practice benchmarks
The ORX reference framework will form the basis of our future practice benchmark work. We're running a short survey to find out which area of practice we should benchmark next. Have your say by taking the survey.