Performing Risk Assessment - Operational Risk Management Framework

Risk Policy Committee

We believe that all Financial Institutions should engage non-related independent consultants to perform a review of their Operational Risk Management System. This review should be undertaken every two years. This review must be totally objective and not overly influenced by reviews from Internal Audit, External Accountants’, the Financial Conduct Authority and other Regulatory Bodies. It is a cost to the Business and it’ stakeholders but one where recommendations made by and implemented through specialist consultants can achieve significant asset value increase for the Business Model. 

Risk Policy Committee

The Risk Policy Committee  (i.e. all Executive Board members, group general managers for Risk Management,  and Audit) typically determines the mandate for the operational risk management function:

  • to support general management with raising operational risk awareness & insight, e.g. risk & control self-assessment, 
  • to increase operational risk & loss transparency, e.g. incident reporting & response, 
  • to improve early warning information e.g. Key Risk Indicators reporting & response,
  • to follow-up on found control weaknesses, e.g. (audit findings) action-tracking & follow-up, 
  • to allocate risk ownership and responsibilities (e.g. ORC-structure), and 
  • to prepare for Regulatory changes such as Basel III, and impacts to risk capital charge.


Operational Risk Management is a continuation of the function which was traditionally performed by departments with the names Internal Control, Business Control, Quality Control, etc. In essence the Operational Risk Management function became an alignment of a number of previous Control functions using existing resources which were already readily available. Over time the function has developed into a mainstream arm of Risk Management comprising Business Analysts, Risk Manager Mathematicians and staff with specialist business knowledge. The alignment creates more transparency in the organisation and helps to improve the communication, coordination and information process, and the efficiency & effectiveness of the operational risk management & internal control process in general.