Operational Risk Management Aligning your organisation to harness risk David Walter General Manager, GRC & IAM EMEA 1
Session Abstract In this session you will learn: Challenges to effective Operational Risk Management today The basic elements of an effective ORM programme Keys to successfully creating and implementing an ORM programme 2
Defining Operational Risk The risk of direct or indirect loss resulting from: Human factors Inadequate or failed internal processes Inadequate or failed systems External events 3
Three Lines of Defence Senior Management Board/Audit Committee 1 st Line of Defence 2 nd Line of Defence 3 rd Line of Defence Business Owns and Manages Risk Mgmt Compliance Security Assesses and Aggregates Internal Audit Independent Review External Audit Regulators 4
Today s ORM Challenge Global, Technology and Organisational factors have created significant incremental risk management challenges for organisations. Velocity of Risk Multiple Views of Risk Incomplete Picture 5
Managing the Operational Risk Process RSA Archer Assessing Identifying Monitoring Managing inherent where risk the Making consistent the risk and treatment risk residual via arises KRIs risk to and via decisions Intelligence about incidents, reduce KCIs via RCSA to risk remain losses, and to risk treatment scenario within Driven within audits, tolerable analysis risk ORM and with accountability assessments allowances capabilities appetite 6
Intelligence Driven Operational Risk Your approach should change the organisation s focus from reacting to surprises to proactive management based on risk intelligence Visibility Risk Visibility + Analysis = Priority Analysis Action Metrics Priority + Action = Results Results + Metrics = Progress 7
Extending ORM Board External Audit Enterprise Risk Management CXO LOB Executives Operational Risk Management Audit CISO Protect business assets Security Protect against disruptions Resiliency Manage regulatory obligations Regulatory Compliance Manage inherited risks Third Party Management Third Line of Defence Business Operations RSA Archer 8
The Keys to a Successful Programme Minimise implementation risk Foster culture of adoption Reduce time to incremental value 9
Minimise Implementation Risk Expertise in technology, business process and organisation Quick Wins Hosting 10
Foster Culture of Adoption Across the 1 st line of Defence Provide Value Usability Training 11
Reduce Time to Incremental Value Strategy Roadmap Focussed Solutions RSA Archer GRC Community 12
Gartner Magic Quadrant for ORM Source: Gartner Magic Quadrant for Operational Risk Management John A. Wheeler, Paul E. Proctor 15 December 2014 Source: Gartner (December 2014) This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from EMC. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 13
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.