CORE I Training

Training for the Certified Operational Risk Executive Accreditation
A Five-Day Residential Course

Course Content

This course is designed to take an experienced, senior business executive through all of the developmental stages in Operational Risk Profiling during an intensive five-day residential course.

The CORE certification attests to the fact that an individual has successfully completed the course and is competent to apply Operational Risk measurement and management techniques in their business. More advanced courses are available, should successful delegates wish to enhance their skills at a later date.

The course is based around Operational Risk software called CARE – Control And Risk Evaluation – and, whilst the techniques learned can be applied without the aid of software, CARE is the system recommended by the course providers.

The course is case-study driven, supported by traditional lectures; this allows delegates to put into practice the theory presented to them and ensures the maximum delegate involvement. Some evening work may be required to complete the practical examples. At all stages of the course "model" answers are supplied, so that each delegate is brought up to a common level of achievement at all points in the course-work.

 

Course Content

Day 1

  • An outline of Corporate Governance;
  • The eight facts of business life as regards risk management;
  • The nature of risk;
  • Types of risk, including Credit, Market and Operational;
  • How all business risk can be said to fall under the umbrella of Operational Risk;
  • How risk is identified;
  • What is a risk, and what is simply a control not working;
  • Identifying Risk Parameters including Asset Types under threat, and Risk Appetite;
  • The need to manage risk, not simply to measure it;
  • Risk Management Standards – UK and Australia/New Zealand standards;
  • Moving from the general to the specific with a discussion on Sarbanes–Oxley as an example.

Case Study

The delegates, as a group, discuss the bank detailed in the case study and determine the overall risk parameters, which are then fixed for the rest of the case study sessions. They will identify what "assets" the bank would consider to be under threat and how important each one is; the types of Corporate Risks this bank may be subject to; and what weighting should be given to each of the Risk Planning parameters within the bank.

From a detailed written description of the bank's Electronic Banking activity, small groups of delegates are asked to determine an acceptable Risk Appetite; establish what range of values would constitute high risk, medium risk and low risk; identify the key risks and assign them to an asset category and Impact and Probability category. In addition each risk will be assigned to an Objective linked to the bank's overall Strategy if delegates feel this is required.

Back to top

Day 2

Overnight, the instructors will have reviewed the delegate group's printed output. Overall feedback will be given (in general terms), and a "model" answer will be provided to all delegates to ensure that everyone starts the next phase of the course at the same level.

The delegates next learn about Controls, the types of control, the difference between a control and a process and the concept of an Entity control.

Case Study

Using the comprehensive data supplied, the delegate groups then work to identify the controls in the Electronic Banking function and categorise them into their various types.

The delegates next learn about matching controls and risks; they will learn about the many-to-many relationships between risk and control and the varying impacts of controls to risks.

Whilst the "matching" lecture is underway the instructors will have reviewed the delegate group's printed output from the controls exercise; overall feedback will then be given (in general terms) and a "model" answer will be provided to all delegates to ensure that everyone starts the next phase of the course at the same level.

Case Study

Again using the comprehensive data supplied the delegate groups then work to match the "model" controls to the "model" risks. (This activity may well require the delegates to work in the evening).

Back to top

Day 3

Overnight the instructors will have reviewed the delegate group's printed output. Overall feedback will be given (in general terms) and a discussion will be held to explore any marked differences in "scoring". A "model" answer will be provided to all delegates to ensure that everyone starts the next phase of the course at the same level.

The concept of control testing will be discussed; Compliance and Substantive testing will be dealt with. The direction of testing will be covered as will frequency of testing. The topic of Control Risk Self Assessment (CRSA) will be covered.

Case Study

Once more using the comprehensive data supplied the delegate groups then work to write Compliance Tests for the "key" controls in the case study. The issue of whether to use questions or tests will need to be addressed by the delegates as will the questions of sample sizes and frequency of testing.

The instructors will review the delegate group's printed output from the exercise; overall feedback will then be given (in general terms) and a "model" answer will be provided to all delegates, showing the Compliance Tests for all of the controls, to ensure that everyone starts the next phase of the course at the same level.

Case Study

The delegates will next be supplied with documentation representing the results of certain Compliance Tests; delegate groups will need to evaluate this data and decide upon the degree of confidence that can be given to each control. This data then needs to be fed into the previously established control environment for the case study.

Back to top

Day 4

The concept of Incident Recording will be discussed; the concept of Incidents v Near Misses will be covered as will the concept of Incident Significance. Contingency Planning will also be dealt with.

Case Study

Delegate groups will be supplied with documentation about "events" relating to the case study, they will need to decide what to record and what to omit as well as what category the recorded items should fall into (incidents or "near misses").

The instructors will review the delegate group's printed output from the exercise; overall feedback will then be given (in general terms) and a "model" answer will be provided to all delegates.

Case Study

Using all of the "model answer" data the delegate group's will be required to prepare a report for senior management on the overall control environment for the Electronic Banking function.

Back to top

Day 5

The instructors will have reviewed the delegate group's printed output. Overall feedback will be given (in general terms) and a "model" answer will be provided to all delegates to ensure that everyone starts the next phase of the course at the same level.

The linkages between Risk Management, Internal Audit and Compliance will then be explored. The subject of Risk Based Internal Audit will then be addressed.

Case Study

Data will be supplied to each delegate relating to some of the controls surrounding the Corporate Risks identified on Day 1, as well as some overall data concerning five other functions within the bank. The delegates will then use the data, plus the output from the detailed case study to:

  • Prepare a Quarterly Report on Operational Risk for the Board
  • Prioritise the 5 functions within the bank from an Operational Risk perspective.

Test

This consists of 20 multiple-choice questions based around what has been learned on the course.

The instructors will mark the test and the marks scored will be used, in conjunction with the delegate's overall performance on the course, to determine whether the delegate has demonstrated sufficient proficiency to be awarded a CORE certificate.

Back to top

Training for this qualification can also be undertaken on-line, at the individual's own pace. It covers the same ground as the course detailed above, and successful trainees are awarded the same standard of certificate. Register your interest now, without commitment or obligation, for the next round of on-line training.

 

CARE WEB TOUR