When I do presentations on operational risk management, there is an exercise that I use that not only gets people engaged, but it helps make a very important point about assessing risk. I tell the participants that they (as super-elite risk managers) are being asked to perform a very critical assessment exercise, one that could … Continue reading
One of the more significant areas of operational risk management is a sound Information Security (IS) program. Information security involves the risk to the business of an event that threatens the confidentiality, integrity or availability of sensitive information, whether in physical or electronic form, both internally and externally. Note that this is distinctly (and profoundly) … Continue reading
One of the elements of sound operational risk management is good a vendor management (VM) program. Vendors and service providers (collectively “third parties”) represent a range of risks, from the potential for business disruption to impact on the customer experience and even data exposure. The degree to which organizations proactively manage these risks will have … Continue reading
To echo the standard preamble of numerous similar articles on this subject, on June 28, 2011, the Federal Financial Institutions Examinations Council (FFIEC) released their anticipated Supplement to Authentication in an Internet Banking Environment, amending the original guidance released in 2005 and 2001. The supplement provides updated guidance based on both recent and emerging threats … Continue reading
Within any given organization there are an almost infinite number of ways to structure departments and divisions. Depending on the industry, company type, geography, management style and other factors, a company can legitimately and logically be organized in any number of ways. Some companies prefer flat management structures, some classic hierarchical. However, regardless of how … Continue reading
Thank you for visiting OpRisk Advantage. Hopefully the information you find here will help you in the advancement of your own Operational Risk Management program. Please feel free to comment on any of the content you find here, just remember to be civil, respectful and constructive. You can also send comments, questions and topical suggestions … Continue reading
