Operational Risk Manager (ORM™) Certification Program
New forces are creating new demands for operational risk management. Breakthrough technology, increased data availability, and new business models and value chains are transforming the ways organisations serve customers, interact with third parties, and operate internally. Operational risk must keep up with this dynamic environment, including the evolving risk landscape.
Legacy processes and controls have to be updated to begin with, but organisations can also look upon the imperative to change as an improvement opportunity. The adoption of new technologies and the use of new data can improve operational risk management itself. Within reach is more targeted risk management, undertaken with greater efficiency, and truly integrated with business decision making.
When equipped with practical policies, processes, procedures, objective data and measurement, the operational risk management function can well understand the true level of risk. It is therefore in a unique position to see nonfinancial risks and vulnerabilities across the organization, and it can best prioritize areas for intervention. Together with the business lines, operational risk management can identify and shape needed investments and initiatives. This would include efforts to digitize operations to remove manual errors, changes in the technology infrastructure, and decisions on product design and business practices.
The relationship between operational risk management and the business can also integrate operational risk reporting and executive and board reporting—including straight-through processing rates, incidents detected, key risk indicators, and insights from complaints and customer calls.
The advantages for organisations that manage to do this are significant and, conversely, operational risk can be a costly risk for companies that do not manage it well. Already, efforts to address the new challenges are bringing measurable bottom-line impact. Progress will require time, investment, and management attention, but the transformation of operational-risk management offers organisations compelling opportunities to reduce operational risk while enhancing business value, security, and resilience.
By helping the business meet its objectives while reducing risks of large- scale exposure, operational risk management will become a creator of tangible value.
Advanced Principles of Operational Risk Management
Organisations globally are evolving a more common view of the purpose, function, and value contribution of operational risk management (ORM). ORM programs have continued to mature with a focus on the identification, measurement, and communication of operational risk exposures. The most commonly cited key obstacle to the successful implementation of ORM is a lack of overall awareness and knowledge of Operational Risk Issues among senior staffers. In order for the full value of these ORM programs to be realized, Management and Risk Management professionals must guide the firm in linking ORM performance to the performance of the firm. To achieve this, the relevant senior team members must possess a sound grasp of the various quantitative and qualitative ORM tools (absolute vs relative measures, establishing practical Key Risk Indicators (KRIs), Advanced Risk Appetites, Stress testing and scenario analysis, etc.) in order to guide the Board and Organisation on its journey towards operational excellence.
Cyber Security Risk Management
Cybersecurity threats exploit the increased complexity and connectivity of systems, placing the organisation’s sustainability, performance and viability at risk. This module has been designed to enable Risk and Management professionals to better assess the cyber-resilience and exposures of their organisations and to design and implement effective cybersecurity mitigation and governance plans for their organisation. Participants will also be grounded in selecting, designing and implementing a practical Cyber Risk Maturity framework for their organisation and exposed to various cyber threat scenarios as well as the importance of ensuring the various perimeters within and without the organisation are secure. With so much at stake for a business – financial loss, operational disruption, competitive disadvantage, legal liability, and harm to corporate reputation – the question for corporate directors and officers is not whether to become involved in cyber risk management, but how to appropriately implement and oversee their company’s initiatives.
Technology and Data Risk
To keep up with the lightning speed of development in business digitisation, a proactive approach to risk management is not a luxury but a necessity to cater for, and catch-up with, the market. Issues that risk professionals have always been concerned about such as security, privacy and compliance are hyper-magnified in today’s dynamic digital operating environment. As such, risk management strategies must be equally responsive and agile in order to continue the bottom-line defence and top line offence – because digitisation & expansion should not come at the price of higher exposure to risk than the company is prepared for or willing to embrace.
This module on Digital Risk Management & Disruption is especially designed to help participants drive the proactive evolution of risk management methodologies from compliance-based, reactive, and linear to proactive, risk-based, iterative and future proof.
Participants can expect to be skilled and equipped to pivot risk management tools that drive greater efficiency and profitability in tandem with digitisation efforts. Learn how to effectively adapt existing risk and control frameworks to new technologies and innovation. Gain insights on the role of organisational risk culture in risk management and benefit from practical guidance on how to drive the evolution of risk culture in the company to support the digitisation journey. Participants can also expect to walk away and be able to approach risk as an overarching business strategic concern and become a value-adding partner to digital projects lifecycle – from planning/design through deployment and monitoring.
Participants will be equipped with knowledge on digital ERM fundamentals, concepts and standards as well as exposed to the end- to-end process of integrating/applying ERM in the organisation’s digitisation blueprint. The content extends to identifying challenges or shortfalls of traditional risk management especially in addressing digitisation risks, the case for digitising ERM in overcoming these challenges to practical guidance on gaining management buy-in, designing the company’s bespoke digital ERM framework and its application, as well as driving the organisation culture change needed to provide a firm foundation for the digitised ERM to work.
Enterprise Risk Management
Anyone involved in ERM or embarking on a career in ERM must have a sound practical grounding in the theories and practices of ERM – and its linkages to other relevant and associated disciplines and standards (e.g. BCM). When implemented and utilised properly, ERM can become a driver for Commercial Sustainability as well as Organisational Agility and Resilience. This program coaches participants in how to achieve all of this. The module explains and re-emphasises the fundamentals of ERM, and shows how it can be utilised to drive strategy, performance, and the linkages to corporate governance and internal controls. Participants will also be taught how to apply strategic risk management concepts to enhance decision making processes and to add value to the business.
Has obtained the ORL™ qualification
A degree holder (or its equivalent, and above) with a minimum of 3 years proven operational risk management experience or with ORL™ qualification
A non-degree holder with a minimum of 10 years proven operational risk management experience or with ORL™ qualification
The IERP® utilises adult-learning methodologies that incorporate a highly practical approach to ensure participants are fully engaged in the learning process. About 20-30% of the program will be covered in lectures, and 70-80% utilising interactive learning methodologies.
This program is suitable for anyone working in or related to Operational Risk Management, Risk Management, Internal Audit, Governance, Compliance, Operations, Quality, Environmental Health & Safety, Project Management, etc.
To become fully certified, participants will be assessed based on the following criteria:
- Attendance and participation in class
- Multiple choice examination
Who are the instructors?
All our faculty are practitioners with relevant risk management and BCM experience, averaging over 30 years of working experience each and with most of their last positions being C-Level executives in large national and multi-national corporations. Some hold Board Directorships and chair Board Committees such as Board Risk, Board Audit, and Board Investment Committees.
How many modules are there in this programme?
4 modules over 4 days
What is the time limit for me to finish this programme if I can’t attend all the modules within one year?
Maximum 3 years
Can I attend the certification program in other country?
Yes, however, you will have to pay whatever fee applicable in that country. And you will have to pay the travel, accommodation and subsistence yourself.
What will I get after taking this certification course?
- Enhances your professional credibility
- Gives you confidence that you have “passed through the chairs” and proof of ability
- Extends your knowledge and skills, preparing you for more job responsibilities
- Enriches self-image and reputation among peers
- Improves career opportunities-promotion, pay increases, job portability
- Establishes you as a continuous learner who believes in continuous professional development
- Gives you an edge over your competition in the eye of your potential employers
- Plugs you into a new network of like-minded risk professionals “club”
In addition, you will receive instant recognition that you have achieved the minimum standard of competency as a certified and qualified enterprise risk manager. Organizations have also started approaching the Institute to source for risk managers – which is one of the services that the Institute offers to corporate members of the Institute.