What You Should be Able To Do

To become a proficient operational risk manager, you need to practice "What You Should Be Able to Do" (WYSBAD) after each lesson and receive feedback, and then re-practice after incorporating the feedback.

Avoiding the Ilusion of Proficiency

Research shows that the more people merely watch others perform (without actually practicing it themselves i.e. listening to a lecture, or reading ), the more they believe they can perform what they watched others do. However, test after test shows that people's actual ability to perform what they observed others do does not improve. All that improves is their ability to describe the task accurately but not their ability to perform the task proficiently. For example, you may know all the rules of chess by studying the rules or observing others play chess but you will never be an expert chess player unless you deliberately practice playing chess. The same is true for doing risk management.

To avoid the illusion of proficiency, you must practice, identify gaps in your practice against the desired level of proficiency by either self or coached feedback, practice correcting the gaps, and repeat until there are no remaining gaps within your desired level of proficiency. This is what is meant by deliberate practice.

Becoming Proficient

In this course, there will be ample opportunity for you to deliberately practice both in class and offline. It will be up to you to seize the opportunity.

In class, case studies and working through risk issues will give you time to practice. Offline, the opportunity to practice is provided through practice exercises described within the What You Should Be Able to Do (WYSBAD) after each class.

These exercises are more than just key takeaways.  Key takeaways are summaries of what you should know while WYSBADs are practice sessions designed to improve your proficiency in doing rather than just knowing. It is about improving know -how not know about.

WYSBAD provides a self-assessment after each class to identify areas (the gaps) where you need further practice and feedback to improve your proficiency.  To get the full benefit of completing WYSBAD, you should actually practice doing the exercise with a colleague and get their feedback or ask questions in the comment section below. If you just read them and convince yourself that you can do it, you will fall into the illusion of proficiency and the illusion will be shattered once you are asked to perform the task either on an exam or more importantly at work.

To paraphrase Feynman, one of the greatest 20th-century theoretical physicists, the best way to know if you really understand something is by showing to someone else how it is done. This technique has become popular beyond physics and is now known as the Feynman technique. 

By practicing WYSBAD with a colleague or in groups, you will identify

• what you really can do vs. what you think you can do and

• guide you to seek feedback on those you can't yet do

• you can seek feedback by asking in-class questions or by positing as "comments" in the related post.

  
  

​

What You Should be Able To Do (organized by Class)

• Create a MECE structure

  • gather lots of information about something you find interesting and organize the information into a MECE structure

• Use Agile Problem Solving when appropriate

  • take any interesting problem you would like to solve

  • where you don't know where to start and solve it using the Agile Problem Solving methodology

• Create an Elevator Pitch

  • Find a question you may be asked, like "What is the operational risk course about" or "What are you working on?" or any other question

  • Create an answer

  • Organize the answer into a MECE structure, this may involve adding parts or deleting parts of the answer

  • Create an EP from the MECE, using the EP methodology ( example of an EP: "I am creating y, for x, by using z." or some variation of this structure, and where x, y, and z are the first level of your MECE structured answer.)

  • 
    

• Explain what an operational risk manager does

• Given an event in SaS Op Risk Database, identify the operational risk type and provide the rationale

• Apply the ORM Framework to the RBC TD FX Regultoy Fine Case study

• Create and use a Gap analysis to identify less than full compliance with regulatory or internal policy requirements (gaps) and develop action plans to close the gaps

• Generate an Op Risk Exposure Profile using historical loss data

• Analyze and draw conclusions from an Op Risk Profile

• test and fix internal data to create an ORP V2.0

• Enhance ORP to correct for no loss experience does not equal no exposure/ using external data

• Prepare External Data for creating the enhanced ORP (V3.0)

• Enhance the ORP profile for no industry loss experience does not equal any exposure/ using Scenario Analysis

• Prepare and facilitate a scenario analysis to identify exposures, and create ORP (V4.0)

• Enhance the ORP to account for changes in the external and Internal business and control environments

Identify the risk associated with a new business or product launch using internal and external prepared data, scenario analysis, and changes in the external and internal business environment

• Create an Elevator Pitch Describing an RCSA

• Identify controls for a given exposure and describe how the controls are used to keep the exposure within the RA

• Do an RCSA

• Create an Elevator Pitch Describing Resilience

• Design a MECE BCM Framework

  • Business Continuity Plan

  • Business Impact Analysis

  • Recovery Objective

  • Testing

  • Governance for BCM

• Evaluate the Major Elements of a BCM, using Gap Analysis and Make Remediation Recommendations

• Create an Elevator Pitch describing the Operational Regulatory Capital prior to Dec 2017

• Create an Elevator Pitch describing the reasons the regulators replaced AMA with SMA

• Calculate and represent graphically the SMA Op Risk Reg Capital

• Start with the Cybersecurity Elevator Pitch and create a Risk Management Program for
  

  • Classifying Information Assets and ensuring

  • sufficient Confidentiality

  • appropriate Integrity

  • adequately Available

Model Risk

• Evaluate a Model Risk Management Program by identifying what is missing (a Gap Analysis),

  • what the missing parts are used for,

  • and what doesn’t belong, if any

• Take any Model Risk Framework and identify what is missing when compared to the ECEG or modify the ECRG

Third-Party Risk

• Evaluate a Third-Party Risk Management Progam by identifying what is missing (a Gap Analysis),

  • what the missing parts are used for,

  • and what doesn’t belong, if any)

• Take any Third Party Risk Management Framework and identify what is missing when compared to the ORF/TPRM or modify the ORF/TPRM

Risk Culture

• Create an EP-type description of Risk Culture

• Create a 3-level MECE structure for the Risk Management of Risk Culture (using regulatory guidance as a base)

Climate Risk

• Create an EP-type description of Climate Risk

• Create a 3-level MECE structure for the Risk Management of Climate Risk (using regulatory guidance as a base)