Op risk framework design practice benchmark

  • 26 April 2019

ORX has worked with 43 financial institutions to see how they manage their operational risk frameworks, which GRC tools they use to manage them, and what changes they are making to their frameworks.

From this study, we have created the ORX operational risk reference framework.  

This reference framework allows you to compare your financial institution and the way you manage risk to your peers in the industry.

Our ORX operational risk framework will also inform our future practice benchmark programme.


ORX reference framework and practice benchmarks summary

ORX reference framework

Operational risk framework

We created the reference framework using input from our 43 participants and the Basel Committee's Principles for the Sound Management of Operational Risk (PSMOR).

Governance, appetite and culture

Governance, appetite and culture form the structure surrounding and supporting the risk management environment. In many submitted frameworks, we saw governance and appetite sitting above the risk management environment, setting overarching expectations, accountabilities and strategic decisions for the entire risk management process.

Roles and responsibilities and the three lines of defence model are the most frequently represented elements in participants' frameworks.

Risk management environment

The risk management environment is where many of the risk management activities are represented (identification, assessment, mitigation/management, monitoring, and reporting).

RCSAs, loss data and issue and action management are the most frequently represented elements.


In the reference framework, enablers sit as key inputs into the risk management 'building', which reflects the position of these components in many of the submitted frameworks.

Framework change, management and systems

In addition to collecting participants' frameworks, we asked them a series of questions about whether they are planning to change their frameworks, how they manage their frameworks, and what governance, risk and compliance (GRC) tools or systems they use.

ORX members can read more about these results in the full report.

Have your say on our future practice benchmarks

The ORX reference framework will form the basis of our future practice benchmark work. We're running a short survey to find out which area of practice we should benchmark next. Have your say by taking the survey.

Find out more

Interested in understanding more about the reference framework or benefitting from practice benchmarking? Contact us for more information. 

Contact us