SABSA Practitioner: Risk Assurance

 

 

Module PM2: SABSA Operational Risk Management - Course Content

 

 

1. The meaning of risk within the SABSA framework

  • Concepts, definitions and terminology
  • Risk ownership and custody
  • Roles and responsibilities
  • Risk governance
  • SABSA Business Attributes Profile as proxy assets at risk

2. Risk management and corporate governance

  • Characteristics, benefits and applications of risk management
  • Risk management strategy and process
  • Risk management frameworks and standards

3. Enterprise risk management

  • Risk interactions
  • The challenges presented by risk silos
  • Managing enterprise risk holistically
  • The SABSA approach to risk philosophy, methodology and architecture

4. Risk measurement and risk assessment

  • Risk assessment (Qualitative and semi-quantitative)
  • Risk measurement (Quantitative)
  • Risk metrics
  • Identifying and valuing assets at risk
  • Valuing intangible assets
  • Using the SABSA Business Attributes Profile as a proxy for assets
  • Threat analysis and threat scenario modelling
  • Threat identification and threat domains
  • Threat agents and their capabilities, motivations, opportunities, catalysts, inhibitors and amplifiers
  • Risk taxonomy
  • Business impact and consequences
  • Vulnerability assessment
  • Overall risk rating using the SABSA approach

5. Risk mitigation

  • Control frameworks, strategies and objectives and their place in the SABSA framework
  • Balancing costs and benefits
  • Total cost approach and optimisation

6. Risk appetite and risk tolerance

  • Scoring techniques for event likelihood and business impact
  • Risk thresholds of tolerance and appetite
  • Risk heat maps
  • Key risk indicators

7. Risk management tools

  • Risk information management
  • Risk registers
  • Dynamic risk dashboards
  • Integrated and automated risk solutions based on SABSA reference architectures
  • The SABSA approach

8. Measuring success of a risk management programme

  • Risk management maturity profiles
  • Applying Capability Maturity Models (CMM) to risk

9. Risk financing

  • Insurance and its place in risk management
  • Self-insurance schemes
  • Stochastic modelling of operational risk event distributions
  • Issues with completeness, integrity, homogeneousness and relevance of risk event data
  • Expected operational risk losses
  • Capital allocation against unexpected operational risk losses
  • Overall risk financing as a mix of P&L budget provisions, balance sheet capital allocation and insurance against extreme losses