IMT 556 A (SLN 15260) – Information and Operational Risk
Topics covered in this course include the parameters of operational risk; integrating operational risk and business process frameworks; the role of corporate governance, the role of technology and business process decisions; and the role of information in operational risk management. The course includes practical applications of operational risk frameworks, using real world examples where the intersection of people, processes, systems, and external events can lead to unexpected financial loss — easiest to identify in major disasters such as Japan’s Sendai earthquake, the Equifax data breach, the Uber saga, the Volkswagen emissions scandal, or even the 9/11 destruction of the World Trade Center.
Operational risk is present in every organization, and arises from the intersection of people, systems, external events and failed internal controls. A resilient organization intertwines operational risk management and business process management to minimize the risk of loss from failures in one or more of these elements.
Information analysis and reporting – or the lack of it – is a critical element in operational risk management, to ensure that important business processes and behaviors stay within the tolerances that have been established in an organization. This course examines commonest types of operational risk – internal and external fraud; legal and liability loss; noncompliance with regulations; processing errors; physical security breaches; information security breaches, technology failures, disaster recovery and business continuity/resilience; and inappropriate business processes – against the actual business process decisions and practices of organizations.