DUBAI 26 - 28 November 2019

From risk environment to risk culture, the course covers in breadth and depth the most topical elements of operational risk management and its challenges for the financial services industry.

Designed by a world leading expert in the field and delivered by a highly regarded speaker, the course is a must-have for all the operational risk practitioners wishing to benchmark their practice and discuss best practices. It is also a fantastic opportunity for newcomers to gain a comprehensive overview what modern operational risk managers need to know.

Delegates will leave the course equipped with a new network of practitioners, a wealth of content, additional references and readings, and an open line for further questions with the training designer and delivery team, Ariane Chapelle and David Lannoy.



Advanced Training

Course Length

3 Days

Course Location




Certificate by:

IPMO Advisory


Dr. Ariane Chapelle

  • Heads of Operational Risk
  • Entreprise Risk Managers
  • Operational Risk Managers
  • Operations Managers
  • Internal Auditors
  • HR officers
  • Compliance officers
  • Consultants
  • Regulators

After the course, participants will know about:

  • Identification of emerging risks
  • Risk networks rather than risk registers
  • Key elements of counter-terrorism measures and physical security
  • Implementing ORM: the invisible framework
  • Must-know about cyber security and threats
  • How to differentiate and address human errors
  • How to use root cause analysis most effectively
  • Influencing behaviours for better control
  • All best practices in operational risk management for financial companies
  • Risk Reporting and Conduct reporting
  • Builing a framework for risk culture change
  • Leading KRIs framework for indentification and design
  • Scenario analysis and assessment

CHAPELLE CONSULTING is a highly specialized company dedicated to operational risk and enterprise risk management.

Detailed Module Overview

The first day of the course covers….

Session 1: Risk identification tools and emerging risks

  • Tools and techniques for risk identification
    • Exposures and Vulnerabilities
    • The Risk Wheel
    • Value drivers and reverse stress testing
  • Risk register: a list
  • Risk connectivity: network of risks
  • World economic forum: risk map
  • Emerging risks

 Class Exercise: identify the network of your top risks and class feedback

Session 2: Implementing ORM: the invisible framework

  • Governance of Operational Risk
  • 1st line and 2d line: The partnership model
  • Use and reuse: The Invisible Framework
  • Business value of ORM

 Workshop: build a business case for risk management

Session 3: Risk reporting and Conduct reporting

  • Modern issues on events and risk reporting: the regulator’s view
  • Analysing operational risk data: get insight, tell a story
  • Management information: the “reporting cake”
  • Aggregate and escalate risk information: your options
  • Conduct reporting: themes and details

Highlights of best practice, Group discussion and sharing of experience

Session 4: Implementing the Desired Risk Culture: a method

  • Defining Risk Culture
  • Acting on behaviours: the Influencer
  • Necessary conditions: willingness and ability
  • Risk Culture: DESIRE steps: Define – Inspire – Support – Enable – Reinforce – Evaluate
  • Assessing the risk culture

Group work: Plan your own culture change

The second day of the course

Session 1 : Defining Risk Appetite statements and tolerance limits

  • Industry guidance on Risk Appetite
  • Risk appetite, tolerance, risk limits and controls
  • Templates and options for actionable Risk Appetite
  • Risk Appetite Statements: Features and Examples
  • Cascading Risk Appetite: RCSA & Indicators
  • KRI and risks limits

Session 2: Internal Controls: Human Error and Control Design

  • Slips and mistakes: Typology and causes of human errors (J. Reason)
  • HRA: Human Reliability Analysis and other methods
  • Understand and treat the causes of human error
  • Effective or Illusory controls
  • Prevention by Design

Group work: best and worst controls in the business: sharing of experience

Session 3: Root causes analysis – the bow-tie

  • Root cause analysis: tool and method
  • Benefits of root cause analysis: tracking the common failures and systematic patterns
  • Treating causes over symptoms
  • Bow-tie: a most effective tool to define
    • Preventive and corrective controls
    • Leading KRIs
    • Risk likelihood and expected impact

Exercise: apply the bow-tie to one of your incident; share the lesssons learnt

Session 4 : Features and types of leading KRIs

  • Features of leading KRIs
  • KRI, KPI, KCI: definitions and uses.
  • A typology of Key Risks indicators
  • KRIs: metrics of risks drivers
  • Case studies on selecting metrics of risk drivers

This third module

Session 1: Cyber threats and information security

  • Cyber threat landscape
  • An old emerging risk
  • Key controls in cyber security
  • Physical and behavioural measures
  • Priorities in prevention
  • Lessons learnt from some incidents

Q&A, benchmarking and exchange

Session 2: Scenario Analysis: Governance, Stress testing and Assessment methods

  • Four dimensions of stress-testing
  • Steps and governance of scenario analysis
  • Tackling behavioral biases in scenario assessment
  • Industry practices and lists of scenarios
  • Assessing probabilities of rare events
  • Acting on Scenario Analysis
  • Class exercise: quantify your own scenario in probability and impact

Session 3: Reorganisation risk and project management

  • Risk due to changes and reorganisations
  • The trap of cost-cutting
  • Invisible opportunity costs
  • Essentials of project risk management

 Class debate and sharing of best practice

Session 4: Key messages and wrap-up

  • What have you learnt?
  • What will you remember?
  • What will you apply?


Dr Ariane Chapelle has a PhD in Economics and is a former holder of the Chair of International Finance at the University of Brussels. She has been active in operational risk management since 2000, and has worked closely with ING Group and Lloyds Banking Group.

She is Associate Professor (Honorary Reader) at University College London for the course ‘Operational Risk Measurement in the Financial Services’ and is a Fellow of the Institute of Operational Risk and a trainer for the Professional Risk Managers’ International Association (PRMIA), for whom she designed the Certificate of Learning and Practice in Advanced Operational Risk Management.

Member of the editorial board of the Journal of Operational Risk, columnist for Risk magazine and author of 3 books published between 2005 and 2018. Since 2006, running her own training and consulting practice in risk management.

The FCA, PRA and Bank of England have appointed Chapelle Consulting on the “Skilled Person panel” in operational risk for the period 2017-2021 (12 firms selected for the UK for a period of 5 years). Clients include training organisations and universities, Tier 1 financial organisations and international organisations including the World Bank, the IMF and ESM.


This book provides a comprehensive overview of the most up to date methods and practices in operational risk management applied in financial services firms. Coverage includes: Risk Identification: tools, scenario analysis, risk register and taxonomy, risk connectivity, and risk networks Risk Assessment: risk appetite, risk and control self-assessment, scenario analysis, regulatory capital and modelling Risk Mitigation: operational risk governance, controls, transfers and prevention by design, root cause analysis and action plans, conduct, and culture Risk Monitoring: incident data collection, key indicators, risk reporting, and the value of risk management Advanced tools and techniques developed by the most mature firms in operational risk management.

Nenad Spasovski
Executive Education Programs Manager
Tel: +41445860567
IPMO Advisory Ag
Sihleggstrasse 23 | 8832 Wollerau, Switzerland