These guides are part of a series of updated Sound Practice Guidance (SPG’s) documents for risk managers, designed to complement existing standards and codes for risk management (e.g. ISO31000).
The aim is to provide guidance that is both focused on the management of operational risk and practical in its application.
Although there is no one-size-fits-all approach to the management of operational risk, organisations must benchmark and improve their practice regularly. This series of papers provides practical guidance on a range of important topics that span the discipline of operational risk management.
The objectives of these papers are to:
- Explain how to design and implement a ‘sound’ (robust and effective) operational risk management framework
- Demonstrate the value of operational risk management
- Reflect the experiences of risk professionals, including the challenges involved in developing operational risk management frameworks
The documents focus on:
- Risk Culture
- Embedding an Operational Risk Management Framework
- Operational Loss Events (Internal and External)
- Operational Risk Categorisation
- Operational Risk and Control Self-Assessment
- Operational Key Risk Indicators
- Operational Risk Scenario Analysis, Stress and Reverse Stress Testing
- Operational Risk Appetite and Tolerance
- Operational Risk Governance
Click the links above to view the reports.
Rainer Sprengel, Executive Director at IBM D Financial Markets Services, and Head of the IOR German Chapter said:
“The need for effective operational risk management is more acute than ever. Events such as the global financial crisis or the COVID-19 pandemic highlight the far-reaching impacts of operational risk and the consequences of management failure.
In the light of these and numerous other events organisations have to ensure that their policies, procedures, and processes for the management of operational risk meet the needs of their stakeholders.
We hope that making these guides available more widely in the *DACH region will help provide those working in risk with a set of practical reference guides on which to build their knowledge.
IBM was delighted to sponsor the translation of these guides and we’d also like to thank the German Association for Operational Risk Management (DGOR e.V.) for their partnership on this project.
Final thanks must go to Prof. Simon Ashby, FIOR, Professor of Financial Services, Vlerick Business School for his valuable work writing the original SPGs”.
Not all the guidance in these sound practice papers will be relevant for every organisation or sector. However, it has been written with the widest possible range of organisations and sectors in mind. Readers should decide for themselves what is relevant for their current situation. What matters is gradual, but continuous improvement.
Readers looking for a general understanding of the fundamentals of operational risk management should start with the IOR’s Certificate in Operational Risk.
Operational risk management is vital in preventing, managing, and assessing the risk of direct or indirect loss resulting from inadequate or failed internal processes, people, systems or external events. In recent years, the importance of operational risk management is exemplified by the greater variety and severity of business disruptions, frauds or other operational incidents.
English versions are also available from both the IOR and IRM websites.
*DACH countries: Germany (D), Austria (A), and Switzerland (CH).