This site is part of the Informa Connect Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

ORM Benchmarking, KRIs and Cyber Risk Assessment Workshop

Friday 6 December 2019. Separately bookable.

Led by Ariane Chapelle, Founder, Chappelle Consulting

Your workshop leader

Ariane Chapelle


Chappelle Consulting 

Ariane Chapelle, PhD, is an internationally recognised trainer and consultant in Operational Risk. Dr. Chapelle, is Honorary Reader at University College London for the course 'Operational Risk Measurement for Financial Institutions’ and is a Fellow of the Institute of Operational Risk. In 2018, she designed for PRMIA  (the Professional Risk Managers' International Association), a Certificate of Learning and Practice in Advanced Operational Risk Management, that she delivers globally, including for the World Bank and the International Monetary Fund.

Workshop highlights


After the course, participants will know about:

  • Categorising emerging risks
  • Best practices in Risk Management Framework
  • Maturity and Quality criteria in ORM
  • Risk Assessment methods
  • Quantifying rare events and cyber risk
  • Key control in cyber risk and information security
  • Selecting and designing preventive KRIs
  • Best practice in Outsourcing risk management and project risk management
  • Golden rules in risk reporting and risk communication

Module 1
Module 1

Introduction: Scope and recent trends in risk management

  • Lessons of a decade of risk predictions
  • Categorising emerging risks

Risk Management Framework Benchmarking

  • Operational Risk trends and emerging risks
  • Governance of Operational Risk: roles and responsibilities, 3 lines of defense

  • 1st line and 2nd line: The Partnership Model

  • ORM Maturity & Best Practice Criteria

Module 2
Module 2

Risk Assessment scales and method and Reporting

  • Tools and techniques for risk identification
  • Risk register: a list vs. Risk connectivity: network of risks
  • Definition and rules for Risk and Control Self Assessment
  • Impact and likelihood scales
  • Links with risk appetite
  • Cascading and reporting on RCSA

Module 3
Module 3

Designing and Selecting Preventive Key Risk Indicators

  •  KRI, KPI, KCIs: concepts,overlaps and examples
  • Essential features of preventive KRIs
  • Classifying KRIs: Environmental, Stress, Causal and Failure
  • KRI Design: Frequency - Trigger levels - Escalation criteria – Ownership - Data accuracy
  • Six steps to define and design preventive KRIs
Module 4
Module 4

Cyber risk and scenario quantification: case study

  • Case study on information security
  • Taxonomy of information security risks

  • Key controls on information and cyber security: behavioural and technical controls

  • Assessing rare events – case studies: : scenarios assessment of IT disruption, cyber attacks and other data leaks