Operational Risk Leader (ORL™) Certification Program
New forces are creating new demands for operational risk management. Breakthrough technology, increased data availability, and new business models and value chains are transforming the ways organisations serve customers, interact with third parties, and operate internally. Operational risk must keep up with this dynamic environment, including the evolving risk landscape.
Legacy processes and controls have to be updated to begin with, but organisations can also look upon the imperative to change as an improvement opportunity. The adoption of new technologies and the use of new data can improve operational risk management itself. Within reach is more targeted risk management, undertaken with greater efficiency, and truly integrated with business decision making.
When equipped with practical policies, processes, procedures, objective data and measurement, the operational risk management function can well understand the true level of risk. It is therefore in a unique position to see nonfinancial risks and vulnerabilities across the organization, and it can best prioritize areas for intervention. Together with the business lines, operational risk management can identify and shape needed investments and initiatives. This would include efforts to digitize operations to remove manual errors, changes in the technology infrastructure, and decisions on product design and business practices.
The relationship between operational risk management and the business can also integrate operational risk reporting and executive and board reporting—including straight-through processing rates, incidents detected, key risk indicators, and insights from complaints and customer calls.
The advantages for organisations that manage to do this are significant and, conversely, operational risk can be a costly risk for companies that do not manage it well. Already, efforts to address the new challenges are bringing measurable bottom-line impact. Progress will require time, investment, and management attention, but the transformation of operational-risk management offers organisations compelling opportunities to reduce operational risk while enhancing business value, security, and resilience.
By helping the business meet its objectives while reducing risks of large- scale exposure, operational risk management will become a creator of tangible value.
Fundamentals of Operational Risk Management
Operational risk is a costly risk for companies that do not manage it well. Learn about this rapidly developing discipline as it evolves in sophistication and relevance to business decision making. This module provides you with a firm fundamental grounding in Operational Risk Management as we enter the second decade of the 21st century. Regardless of your seniority or which function, team, department or division you are involved in within your organisation, this program will ensure you gain the necessary Operational Risk Management (ORM) skills and knowledge to contribute towards a stronger, more efficient, effective, sustainable, agile, and resilient organisation.
The program provides you practical exposure and insights and you will be exposed to both the traditional and emerging thinking about ORM. The syllabus covers all aspects of ORM including Risk Appetite Fundamentals, Risk Metrics, understanding Key Risk Indicators, Key Control Indicators, Reporting and ORM decision making.
Risk and Control Self Assessment
Internal Controls are an important element in Operational Risk Management processes and frameworks – and accordingly constitute an important element when conducting any evaluation over the fitness of purpose of an Operational Risk Management process or program. This module encompasses a detailed examination into various options available to Risk Practitioners for implementing and evaluating internal controls in relation to the management of Risk. Participants will be guided through various evaluation tools, including Risk Control Self Assessments (“RCSA”) options. The studies entail understanding and applying the various approaches and methodologies including their purpose and design, tools, and their fit into an ORM and ERM framework. Participants will be taken through a detailed case study, workshop and exercise over a complete RCSA lifecycle. The module also includes exercises where participants will be given the opportunity to practise the tools and concepts covered in the program in a workshop environment.
Cyber Security Framework
Management and risk managers should focus on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. At the core of this program is a set of cybersecurity activities, outcomes, and informative references that are common across sectors and critical infrastructure which organisations should bear in mind. The Framework taught enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving security and resilience.
The program teaches a flexible way to address cybersecurity, including cybersecurity’s effect on physical, cyber, and people dimensions. It is applicable to organizations relying on technology, whether their cybersecurity focus is primarily on information technology (IT), industrial control systems (ICS), cyber-physical systems (CPS), or connected devices more generally, including the Internet of Things (IoT). This can assist organizations in addressing cybersecurity as it affects the privacy of customers, employees, and other parties. Additionally, the program’s outcomes serve as targets for workforce development and evolution activities. The Framework taught is not a one-size- fits-all approach to managing cybersecurity risk for critical infrastructure. Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances. They also will vary in how they customize practices described in the Framework. Ultimately, the Framework taught is aimed at reducing and better managing cybersecurity risks.
Fraud Risk Management
The design of this program provides participants with a firm grounding in the purpose and aims of Fraud Risk Management, as well as how to go about establishing and running such a framework in your organisation. You will be schooled in effective fraud risk management frameworks, processes, policies and procedures from an ORM and ERM perspective. The program also provides relevant guidance in establishing appropriate fraud risk management reporting and oversight and how to deal with red flags.
A degree holder (or its equivalent, and above) with a minimum of 6 months working experience
A non-degree holder with a minimum of 3 years working experience
The IERP® utilises adult-learning methodologies that incorporate a highly practical approach to ensure participants are fully engaged in the learning process. About 20-30% of the program will be covered in lectures, and 70-80% utilising interactive learning methodologies.
This program is suitable for anyone working in or related to Operational Risk Management, Risk Management, Internal Audit, Governance, Compliance, Operations, Quality, Environmental Health & Safety, Project Management, etc.
To become fully certified, participants will be assessed based on the following criteria:
- Attendance and participation in class
- Multiple choice examination
Who are the instructors?
All our faculty are practitioners with relevant risk management and BCM experience, averaging over 30 years of working experience each and with most of their last positions being C-Level executives in large national and multi-national corporations. Some hold Board Directorships and chair Board Committees such as Board Risk, Board Audit, and Board Investment Committees.
How many modules are there in this programme?
4 modules in 4 days
What is the time limit for me to finish this programme if I can’t attend all the modules within one year?
Maximum 3 years
Can I attend the certification program in other country?
Yes, however, you will have to pay whatever fee applicable in that country. And you will have to pay the travel, accommodation and subsistence yourself.
What will I get after taking this certification course?
- Enhances your professional credibility
- Gives you confidence that you have “passed through the chairs” and proof of ability
- Extends your knowledge and skills, preparing you for more job responsibilities
- Enriches self-image and reputation among peers
- Improves career opportunities-promotion, pay increases, job portability
- Establishes you as a continuous learner who believes in continuous professional development
- Gives you an edge over your competition in the eye of your potential employers
- Plugs you into a new network of like-minded risk professionals “club”
In addition, you will receive instant recognition that you have achieved the minimum standard of competency as a certified and qualified enterprise risk manager. Organizations have also started approaching the Institute to source for risk managers – which is one of the services that the Institute offers to corporate members of the Institute.