Operational Risk and Cyber-Risk Management

About This Course

This 1-day course provides a comprehensive understanding of the various operational and cyber risk concepts commonly deployed in the financial industry. Be it in the formulation of business strategies (incl. risk appetite) or operations, a broad appreciation of how risks can pose a challenge at the enterprise or BU level, will be useful, whether these risks involve external or internal drivers, processes, personnel and system challenges.

This course covers the key operational risk management concepts and best practice implementation approaches, including its management and applications to IT and cyber risks as well. It will also go beyond that and address the practical usage of that knowledge; with case studies and examples.

Who Should Attend

  • Operational Risk
  • Risk management
  • Compliance and internal audit and
  • Other middle/back office functions

Learning Outcomes

  • Understand emerging trends and developments in ORM including in the cyber-risk area
  • Develop comprehensive ORM framework
  • Identify practical considerations and approaches
  • Develop templates for RCSA, KRI inventory and reporting
  • Learn to use tools to enhance effectiveness

Risk Identification Tools & Emerging Risks

  • Tools and techniques for risk identification
  • Risk register: Creating a list and maintaining it
  • Risk connectivity: Network of risks and their implications
  • Emerging risks and how to manage them

Defining Risk Appetite Statements and Tolerance Limits

  • Industry guidance on risk appetite
  • Risk appetite, tolerance, risk limits and controls
  • Templates and options for actionable risk appetite
  • Risk appetite statements: Features and examples
  • Cascading risk appetite: RCSA & indicators
  • KRI and risks limits

Root Causes Analysis – The Fishbone Tail / Bow-Tie

  • Root cause analysis: Tools and methodologies
  • Benefits of root cause analysis: Tracking the common failures and systematic patterns
  • Treating causes over symptoms
  • Fishbone / Bow-tie : A most effective tool to define
  • Preventive and corrective controls
  • Leading KRIs
  • Risk likelihood and expected impact

Features and Types of Leading KRIs

  • Features of leading KRIs
  • KRI, KPI, KCI: Definitions and uses
  • A typology of key risk indicators
  • KRIs: Metrics of risk drivers

Cyber Threats and Information Security

  • Cyber threat landscape
  • Key controls in cyber security
  • Physical and behavioural measures
  • Priorities in prevention
  • Lessons learnt from some incidents

Applying KRI to Cyber Risks

  • KRI for key cyber controls
  • Governance KRIs
  • Behavioural KRI

Reorganisation of Risk and Project Management Best Practices

  • Managing risks due to changes and reorganisations
  • The trap of cost-cutting – Impact on operational risk management
  • Uncovering invisible opportunity costs
  • Essentials of project risk management

Dr Khoo Guan Seng

PhD in Computational Physics (NUS)

GS Khoo has over 30 years of AI, data-mining, management and startup work-experience, focusing on risk and hedge fund analytics. He joined CAI in Feb 2016, after relocating back from Canada, where he was the Head of ERM with one of the largest Canadian pension fund managers, AIMCo, which he joined in 2011.

Prior to AIMCo, He was with Temasek Holdings, which he joined in 2009 from Standard Chartered Bank, where he was the Global Head/MD, Group Risk Analytics, heading the global team performing all global risk models validation for Basel & BIPRU compliance, and liaised with all the financial regulators in Europe, Asia, Africa and the Middle East, including the FSA (UK), the FSS (Korea), CBRC, HKMA and MAS (Singapore). At Temasek Holdings, he focused on developing novel investment performance and portfolio risk management metrics, applicable across the whole spectrum of investment asset classes and horizons.

In his other previous roles, he designed and managed an algorithmic hedge fund at Man Investment Products (Man Group plc.) in the 90s, was Head of Innovation (Strategy & Business Devt.) at the Singapore Exchange, was Group Chief Risk Officer at a SE Asian conglomerate (RHB Capital, Malaysia) and was based in Chicago and Denver in 2001-02 at American Bourses Corp (ABC, spun off from the Man Group), providing AI-based investment and trading analytics to clients trading on the ECNs in N America and in the Asia Pacific. At ABC, he managed the launch and production of the financial portals of SPH, and in 2000. He also provided advisory services to the regulators, family offices, research institutes, global and Asian banks in the Asia-Pacific region on data-mining, ERM, Basel 2 and 3.

In addition, he has also advised startup and IT companies in S’pore, Silicon Valley and Vancouver, B.C in BigData, FinTech, and Energy Farming. He has a PhD in Physics, and has done post-doctoral work at Nagoya University, MSI’s (Molecular Simulations Inc.) research centers at Caltech (Pasadena, California), Boston and at Teijin-MSI in Tokyo, Japan on computer-aided drug design. In academia, he published over 30 journal papers on financial engineering, artificial intelligence (AI) applications in financial markets and materials science.

He has also published chapters on sovereign investing in “Sovereign Investments” (Riskbooks/IncisiveMedia, 2013), enterprise risk management for financial institutions in “Operational Risk 2.0”, (Riskbooks/IncisiveMedia, 2007), investment management in “Sovereign Asset Management for a post-crisis World”, (Riskbooks, 2011). Other publications included articles in Investment & Pensions Asia (IPA) magazine (Sept/Oct issue, 2010) where he demonstrated a deficient frontier outcome (instead of efficient frontier), entitled, “Rethinking Investment Decision-making post-GFC (Global Financial Crisis)” as well as on “Strategic Risk Allocation” in IPA Magazine (Sept/Oct 2011 issue). He has also been a speaker on ICAAP, Stress Testing, Model Validation and Economic Capital at RISKMINDS (Geneva, 2008) and RISKCAPITAL (Brussels, 2009), panelist on “Investing Beyond BRICs” at the 2013 Taft-Hartley Pension Fund Forum in Los Angeles, “Long-term Investing” & “Hedge Fund Investing” at the Asia & Middle East Govt. Funds Roundtable, (Institutional Investors, 2012-2015) and on “Emerging Markets and FX Risks” at the Asian Pension Funds Roundtables (Pacific Pension Institute, 2010-2015). He has also presented a paper on “Valuation & Risk Issues in Illiquid Investments”, in Seoul, S. Korea for Korea’s pension fund association in 2012.

The Financial Training Scheme (“FTS”)

The Financial Training Scheme (“FTS”) is a training incentive scheme supported by the Financial Sector Development Fund (FSDF). The scheme supports financial sector-specific training programmes that raise the competency of the financial sector.

All our programmes are approved for listing on the Financial Training Scheme (FTS) Programme Directory and are eligible for FTS claims, subject to all eligibility criteria being met. For latest development on the Enhanced Funding Support for IBF FTS, please visit the Financial Training Scheme site.

Early Bird Discount

Enjoy 10% early bird discount when you register one (1) month before the course commencement date.

Operational Risk and Cyber-Risk Management


Course Features
  • Duration
    1 Day
  • CPD
    7 Hours
  • RRCE
    2 Hours
This course is offered for our on-site corporate classroom training.
Need More Info?
Thank you for your interest in this course. We will be in touch soon.