ABSTRACT
This chapter outlines the key components of a robust operational risk management process. The elements of a business operational risk management framework are: the risk and control self assessment (RCSA); key risk indicators; risk incident recording and management; improvement – action point management and tracking; and compliance – internal and external. RCSA consists of identifying operational risks in the business together with their related controls and assessing the level of risk and perceived effectiveness of the controls. RCSA may be enhanced using a process called scenario analysis. This is where specific high consequence risks are analysed by developing plausible but extreme scenarios, then assessing and testing the effectiveness of controls and potential impacts. Risk and control self assessment is used to identify and document the future potential risks with their related controls and to assess the level of the risks and the effectiveness of the controls.
