[OR] [RBI] [5] Responsibilities of Board of Directors and Senior Management

Responsibilities of the Board of Directors and Senior Management in Operational Risk Management and Resilience

The Three Lines of Defense model is a risk management framework that delineates responsibilities across an organization to identify, assess, and mitigate operational risks effectively. This approach divides risk management into three distinct functions: operational management, risk management/compliance, and internal audit, each with specific roles in safeguarding the organization from potential threats.

Principle 3: Board of Directors Oversight and Review

The BoD’s responsibilities include:

Risk Management Culture: Establishing a risk management culture and ensuring adequate processes to understand the nature and scope of operational risk in current and planned strategies and activities.

• Oversight of Risk Management Processes: Ensuring operational risk management processes are integrated into the overall risk management framework.
  
  
• Guidance and Policy Approval: Providing Senior Management with guidance on ORMF principles and approving policies aligning with these principles.
  
  
• Effectiveness Review: Regularly evaluate and approve the ORMF to manage operational risks arising from external changes and new activities.
  
  
• Independent Review: Ensuring the ORMF undergoes independent reviews by third parties.
  
  
• Adoption of Best Practices: Keeping abreast of best practices in risk management.

Principle 4: Risk Appetite and Tolerance

The BoD should approve and periodically review a risk appetite and tolerance statement for operational risk, reflecting the nature, types, and levels of risk the entity is willing to assume. This involves:

• Development of Risk Appetite Statement: Ensuring the statement is aligned with the entity's strategic and financial plans and regulatory requirements.
  
  
• Clear Communication: Making the risk appetite statement understandable for all stakeholders.
  
  
• Inclusion of Key Information: Including background information and assumptions behind the business plans.
  
  
• Articulating Motivations and Boundaries: State motivations for risk-taking and set boundaries for monitoring.
  
  
• Scenario and Stress Testing: Ensuring the statement is forward-looking and tested against various scenarios.

Principle 5: Governance and Implementation by Senior Management

Senior Management is responsible for developing and maintaining a robust governance structure and ensuring the implementation of the ORMF across the organization. Key responsibilities include:

• Policy Implementation: Translating the ORMF into specific policies and procedures within different business units.
  
  
• Accountability and Resource Allocation: Assigning authority and ensuring necessary resources are available for managing operational risk.
  
  
• Challenge Mechanisms: Establishing systems for reporting, tracking, and resolving issues and ensuring the three-lines-of-defence approach is effective.
  
  
• Coordination and Communication: Ensuring effective communication between staff managing various risks and those responsible for third-party arrangements.
  
  
• Staff Competence: Ensuring staff have the necessary experience, technical capabilities, and independence to enforce compliance.
  
  
• Committee Structure and Operation: Designing a governance structure that suits the entity’s size and complexity, with appropriate committees and meeting practices.

Following these principles, the BoD and Senior Management can ensure robust operational risk management and resilience, safeguarding the entity against potential disruptions and aligning with strategic objectives.

More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.