The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

Operational Risk Leader (ORL™)

  /    /  Operational Risk Leader (ORL™)
A man with an operational risk management certification is holding a flag pole on top of the cliff.

Operational Risk Leader (ORL™) Certification Program

New forces are creating new demands for operational risk management. Breakthrough technology, increased data availability, and new business models and value chains are transforming the ways organisations serve customers, interact with third parties, and operate internally. Any effective operational risk manager must keep up with this dynamic environment, including the evolving risk landscape.

Legacy processes and controls have to be updated to begin with, but organisations can also look upon the imperative to change as an improvement opportunity. The adoption of new technologies and the use of new data can not only improve operational risk management itself, but also provide new sources of operational risk. Within reach is more targeted risk management, undertaken with greater efficiency, and truly integrated with business decision making. This is why operational risk management certification is essential for every professional to improve your understanding in operational risk management.

When equipped with practical policies, processes, procedures, objective data and measurement, including an effective risk control self assessment (RCSA) process, the operational risk management function can well understand and evaluate the true level of risk. It is therefore in a unique position to see nonfinancial risks and vulnerabilities across the organization, and it can best prioritize areas for intervention. Together with the business lines, operational risk management can identify and shape needed investments and initiatives. This would include efforts to digitize operations to remove manual errors, changes in the technology infrastructure, and decisions on product design and business practices.

The relationship between operational risk management and the business can also integrate operational risk reporting and executive and board reporting—including straight-through processing rates, incidents detected, key risk indicators, and insights from complaints and customer calls.

Leverage your professional skills in operational risk management with the IERP®. Sign up to our operational risk management certification program today! Reach out to our team at the IERP® if you have any inquiries!

Summary Info

  • Delivery method : In-person, virtual training
  • Duration : 4 modules over 4 Days
  • CPE hours : 32 hours

Certification Modules

Fundamentals of Operational Risk Management (21 August 2023)

Operational risk is a costly risk for companies that do not manage it well. Learn about this rapidly developing discipline as it evolves in sophistication and relevance to business decision making. This module provides you with a firm fundamental grounding in Operational Risk Management as we enter the second decade of the 21st century. Regardless of your seniority or which function, team, department or division you are involved in within your organisation, this program will ensure you gain the necessary Operational Risk Management (ORM) skills and knowledge to contribute towards a stronger, more efficient, effective, sustainable, agile, and resilient organisation.

The program provides you practical exposure and insights and you will be exposed to both the traditional and emerging thinking about ORM. The syllabus covers all aspects of ORM including Risk Appetite Fundamentals, Risk Metrics, understanding Key Risk Indicators, Key Control Indicators, Reporting and ORM decision making.

Risk and Control Self Assessment (19 September 2023)

Internal Controls are an important element in Operational Risk Management processes and frameworks – and accordingly constitute an important element when conducting any evaluation over the fitness of purpose of an Operational Risk Management process or program. This module encompasses a detailed examination into various options available to Risk Practitioners for implementing and evaluating internal controls in relation to the management of Risk. Participants will be guided through various evaluation tools, including Risk Control Self Assessments (“RCSA”) options. The studies entail understanding and applying the various approaches and methodologies including their purpose and design, tools, and their fit into an ORM and ERM framework. Participants will be taken through a detailed case study, workshop and exercise over a complete RCSA lifecycle. The module also includes exercises where participants will be given the opportunity to practise the tools and concepts covered in the program in a workshop environment.

Cyber Security Framework (23 August 2023)

Management and risk managers should focus on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. At the core of this program is a set of cybersecurity activities, outcomes, and informative references that are common across sectors and critical infrastructure which organisations should bear in mind. The Framework taught enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving security and resilience.

The program teaches a flexible way to address cybersecurity, including cybersecurity’s effect on physical, cyber, and people dimensions. It is applicable to organizations relying on technology, whether their cybersecurity focus is primarily on information technology (IT), industrial control systems (ICS), cyber-physical systems (CPS), or connected devices more generally, including the Internet of Things (IoT). This can assist organizations in addressing cybersecurity as it affects the privacy of customers, employees, and other parties. Additionally, the program’s outcomes serve as targets for workforce development and evolution activities. The Framework taught is not a one-size- fits-all approach to managing cybersecurity risk for critical infrastructure. Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances. They also will vary in how they customize practices described in the Framework. Ultimately, the Framework taught is aimed at reducing and better managing cybersecurity risks.

Fraud Risk Management (22 August 2023)

The design of this program provides participants with a firm grounding in the purpose and aims of Fraud Risk Management, as well as how to go about establishing and running such a framework in your organisation. You will be schooled in effective fraud risk management frameworks, processes, policies and procedures from an ORM and ERM perspective. The program also provides relevant guidance in establishing appropriate fraud risk management reporting and oversight and how to deal with red flags.

A degree holder (or its equivalent, and above) with a minimum of 6 months working experience
A non-degree holder with a minimum of 3 years working experience

The IERP® utilises adult-learning methodologies that incorporate a highly practical approach to ensure participants are fully engaged in the learning process. About 20-30% of the program will be covered in lectures, and 70-80% utilising interactive learning methodologies.

This program is suitable for anyone working in or related to  Operational Risk Management, Risk Management, Internal Audit, Governance, Compliance, Operations, Quality, Environmental Health & Safety, Project Management, etc.

To become fully certified, participants will be assessed based on the following criteria:

  1.      Attendance and participation in class
  2.      Multiple choice examination


Who are the instructors?

All our faculty are practitioners with relevant risk management and BCM experience, averaging over 30 years of working experience each and with most of their last positions being C-Level executives in large national and multi-national corporations. Some hold Board Directorships and chair Board Committees such as Board Risk, Board Audit, and Board Investment Committees.

How many modules are there in this programme?

4 modules in 4 days

What is the time limit for me to finish this programme if I can’t attend all the modules within one year?

Maximum 3 years

Can I attend the certification program in other country?

Yes, however, you will have to pay whatever fee applicable in that country. And you will have to pay the travel, accommodation and subsistence yourself.

What will I get after taking this certification course?
  • Enhances your professional credibility
  • Gives you confidence that you have “passed through the chairs” and proof of ability
  • Extends your knowledge and skills, preparing you for more job responsibilities
  • Enriches self-image and reputation among peers
  • Improves career opportunities-promotion, pay increases, job portability
  • Establishes you as a continuous learner who believes in continuous professional development
  • Gives you an edge over your competition in the eye of your potential employers
  • Plugs you into a new network of like-minded risk professionals “club”

In addition, you will receive instant recognition that you have achieved the minimum standard of competency as a certified and qualified enterprise risk manager. Organizations have also started approaching the Institute to source for risk managers – which is one of the services that the Institute offers to corporate members of the Institute.

Request a Brochure

    Name (required)

    Email Address (required)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    What is the biggest challenge in your job/industry


    User registration

    Reset Password