Certified Operational Risk Officer

Covid-19 had created massive disruption to global supply chain globally impacting all businesses in the world as their transportation for land, air and sea came to a complete halt since March/April 2020. This phenomena had caused operational chaos amongst many international businesses and global governments into an unknown situation of not knowing what to do next operationally.

For once, global businesses recognised the importance of  operational risk. It existed in many varied forms and can quickly escalate into serious financial losses if not stopped at source.

During this 5-day intensive program, participants will take a deep dive into operational risk and will learn to construct an Operational Risk Management (ORM) Framework, RCSAs, scenario analysis, KRIs, importance of risk culture and conduct, and how to handle cyber risk. Each phase of the 5-day program will go in depth and provide examples of each of these different types of operational risk solving real-life case studies, case presentation and assignments.

This 5-day program is accredited. Participants shall be awarded the certificate – Certified Operational Risk Officer upon passing all assessments.

By the end of this training program, each participant will be able to:

  • Learn the importance of Operational Risks being part of ERM framework
  • Acquire the skills to examine operational risks deriving best practice techniques from Basel II/III/IV, ISO 31000 in 2018 and COSO ERM in 2017
  • Institute an Operational Risk Management (ORM) Framework
  • Able to identify, measure, control and mitigate varied types of operational risks
  • Implement the ORM processes from the real life cases given

Training methodology

This 5-day program is entirely interactive and every participant will be fully participative in group discussion, exercises and case studies. A step-by-step guidance in how to develop, establish and implement an operational risk framework will be taught to each participant.

Who should attend

Anyone who is currently working in the risk management department, compliance department and internal audit are welcome to join this certification program.

Course requirements

Participant should have at least 3 years of practical experience in risk and/or audit related experiences. He/she needs to have pre-requisite knowledge in finance and capital markets.

Day 1

Importance of Operational Risk

  • What constitute operational risk?
  • Definition of operational risks per Basel II/III/IV
  • Characteristics and types of operational risks per Basel II/III/IV

Interface of Operational Risk with overall Enterprise Risk Management

  • Relationship between Operational Risks with Market, Liquidity, Credit and Compliance Risks
  • Interface of operational risks with overall Enterprise Risk management framework
  • Drivers to Operation Risk Events


Participants will identify how the interface of events and happenings resulting in market, liquidity and credit risks with operational risks exposures in a given real life case study with trainer sharing best practice.

Operational Risk Trends and Developments Post Covid-19 Pandemic Crisis

  • The latest top 10 Operational Risks by RiskNet survey 2020
  • Emergence of New Operational Risks Post Pandemic Crisis
    • Health and safety risk
    • Fraud risk
    • 3rd party risk
    • Cyber risk
    • Conduct risk
    • Work-From-Home

Setup Operational Risk Management (ORM) Framework as part of Overall ERM Framework

  • Integrate Operational Risk to ERM Framework
  • Alignment of ORM to strategic plan
  • Importance of Strategic objectives
  • Identify key operational risks in the process of implementing the strategic objectives
  • Establish the Risk Appetite statement and risk capacity limits
  • Setup Operational Risk Management (ORM) Framework


Using real life case study, participants will learn to identify the misalignment of strategic objectives and risk appetite using varied operational risk techniques with trainer sharing best practice.

Day 2

Update and review of  International Regulation governing operational risk

  • Latest updates in both Basel II, Basel III and Basel IV for banks
  • Update from COSO ERM in June 2017 on operational risks
  • Latest from ISO 31000 Risk Management in February 2018 on operational risks
  • Derive implications to operational risk practitioners

Establish the Enterprise Risk Governance Structure with Impact on Operational Risk

  • Setup ERM Framework for the 3 Lines of Defence
  • Allocate risk management responsibilities to the 3 Lines of Defence
  • Institute ORM policy from ORM Framework
  • Establish the Committee Charter with roles and reporting structure
  • Emergence of Conduct risk and its impact on organisation culture
  • Institute best practice reporting structure for effective enterprise-wide risk culture


Participants will analyse a classical case study on how the risk governance structure was instituted inadequately and failed to support the implementation of strategic plan resulting in operational lapses and subjected to regulatory fines with guidance from trainer to form best practice.

Operational Risk Management (ORM) Process

  • Establish the Operational Risk Management Process – 5 key steps
    • Identify the key operational risks
    • Measure the operational risk
    • Monitor the operational risk
    • Control the operational risk
    • Mitigate the Operational risk

ORM Process – Identify the Root Causes to Key Operational Risks

  • How to identify key operational risks and its respective root causes?
  • Importance of in-depth knowledge of the firm’s strategy and operations
  • Map the end-to-end processes
  • Types of techniques used to identify the root causes to key risks
  • Top down and bottom up techniques – challenges and strength
  • Defined the varied types of operational risks and categorised them
  • Sharing of Best practice


Participants are given a real life case to firstly analyse and use different operational risk techniques to identify the root causes to key operational risks.  Next, they will learn to use different approaches and identify the challenges involved in the process of using varied operational risk techniques.

Day 3

ORM Process – Measurement of Key Operational Risks

  • What and how to measure or asses key operational risks?
  • Types of challenges faced in the measurement of operational risks
  • Calculate Operational Risk Regulatory Capital per Basel
  • Importance of establishing Key Risk Areas (KRAs) and Key Risk Indicators (KRIs)

Types of Operational Risk Assessment techniques

  • Setup an Operational Risk Measurement framework
  • Establish Stress Testing and Scenario Analysis (STSA) capability
  • Use Stress Testing on potential Low Probability and High Impact (LPHI) scenarios
  • Create Scenario analysis to stress test new and existing products and services
  • Institute early warning indicators for potential LPHI events
  • Basel regulation on computing loss distribution approach (LDA)
  • Sharing of best practices


Participants are given a real life case where they are required to establish a scenario analysis and further stress test the outcome, assess areas of potential low probability and high impact (LPHI) events and set early warning indicators for effective operational risk assessments

Build an operational risk scoring system

  • Review of the existing key types of operational risks
  • Prioritise key risk drivers that impact on key operational risks
  • Establish Key Risk Areas (KRAs) and Key Risk Indicators (KRIs)
  • Setup operational risk dashboard for KRIs
  • Align operational risk KRIs to strategic objectives
  • How to delegate KRIs targets to division, departments, sections within an organisation?

Setting up Risk & Control Self Assessments (RCSA)

  • Identify the potential key risk drivers impacting key operational risks
  • Align RCSA monitoring indicators with KRIs for effective enterprise risk governance
  • Delegate RCSA responsibilities to all division and department heads and subordinates
  • Setup RCSA dashboard to track financial and non-financial results impacting strategic plan
  • Obtain feedback on events’ magnitude and effectiveness of measurements for improvements


Participants will be given a real life case where breaking into groups will learn to setup KRIs and KRAs, as well as create RCSA dashboard and learn how to detect potential misalignment of KRIs to strategic objectives.

Day 4

ORM Process – Monitor and Control the Key Operational Risks

  • What and How to monitor and control key operational risks?
  • Importance of loss reporting and regulatory requirements
  • Sources for Incident Data Collection – loss of data base, KRIs and RCSA reports
  • Institute Incident Data collection policy within overall ORM policy

Operational Risk Monitoring & Control Techniques to Loss and Incident Data

  • The fallacy of non-financial impacts on losses vs incidents
  • Incident Data collection process – importance of data fields
  • Incentivise timely self-reporting to instil the right risk culture
  • Review and validate the accuracy of data
  • Share best practices


This case study exercise takes the participants on a step-by-step journey through each stage of the process on a real life situation of problems, risks controls and solutions. Participants are required to identify the monitoring and controlling of operational risks lapses, determine the root causes and recommend improvements to correct it with trainer sharing best practice.

Institute a systematic operational risk monitoring and control process

Analyse the existing operational risk process – start to end with detailed examination of:

  • Pre-dealing controls
  • Dealing controls
  • Middle office functionality
  • Processing controls
  • Payment
  • Position
  • Reconciliation
  • Accounting
  • Documentation
  • Reporting
  • Compliance


Participants are given a real life case study to analyse the implementation issues resulting in Operational risks lapses and loss of data. Next, break into groups, they will identify the key lapses in the operational risk monitoring and control processes and suggest improvements steps to mitigate future occurrences.

Day 5

ORM Process – Mitigate and Report the Key Operational Risks

  • Types of heat maps/ scorecards/ dashboard and its purpose
  • Handle resistance to reporting losses and incidents
  • Scope of operational risks event to report to BoDs and top management
  • Incentivise the right behaviour to submit timely reports on losses and incidents
  • Review and validate the operational risk reports
  • Share best practice

Importance of Business continuity management (BCM) and Crisis Management

  • Identification and prioritisation of key risk factors
  • Prioritising of operational risk drivers
  • Establishing a risk hierarchy
  • Event magnitude and frequency measurements

Emergence of Information Security Risk

  • How to handle data breaches and headline news?
  • Determine the information breaches and its impact on firm’s financial losses
  • Best practices from international Information Security Standards
  • Identify the types of information security incidents – what is key to the firm?
  • Establish the key information security risks
  • Determine the level of confidentiality of the identify key information security risks
  • Types of Assessments – Surveys, RCSA and scenario analysis
  • Types of Controls – issues of behavioural bias, KRIs and early warning indicators


Participants will get to practice using the ORM framework and apply onto this final case study using all the ORM processes and techniques to identify, measure, monitor and control operational risks arises from this case study.

Every participants will either use their own company or an approved case study by SIMI on special reason and attempt to apply all the knowledge that they had acquired over the 5-day. This including setting up the ORM Framework, KRIs, RCSAs, identify the root causes to key operational risks,  setup operational risks measurements, monitoring and controls plus reporting structure.

Dr. Christopher Goh

Dr. Christopher is a professional, with some 25 years with extensive experience in, risk management, design thinking, compliance, anti-money laundering, strategic planning, exotic options, behavioural finance, and structuring products using derivatives and in particular to enterprise risk management where he spent some 15 years in this area, where he was the pioneer in risk management, since 1989.

He holds the title of chief risk officer for Asia Pacific having established holistic enterprise risk management and compliance framework, which includes anti-money laundering, sanctions, compliance and governance, spearheaded the implementation enterprise risk management process for some 3 international banks in Asia Pacific.

He had implemented enterprise risk management and compliance framework through practical experience gained through various diverse economic cycles. He had worked for 6 different banks over a period of some 25 years across 6 different cultures, business practices and management styles. This had given him a very deep knowledge in handling clients and managed staff from diverse cultural background.

Dr Christopher had conducted many in-house corporate seminars for the past 15 years training international and central bankers, senior management from government bodies from Asia region like Malaysia, Indonesia, Taiwan, China, Singapore, South Korea, Thailand, Hong Kong, Vietnam, Myanmar, Philippines, and to as far as London, Vienna, Jeddah, Riyadh, Kuwait, Johannesburg, Lagos (Nigeria), Accra (Ghana), Nairobi (Kenya), Dubai, Zimbabwe, Zambia, Lesotho, Moscow and Ulaanbaatar (Mongolia). He had since travelled to some 38 international cities to conduct international workshops and consultancies.

His current seminars and consultancy works are mainly focused on Governance, Risk and Compliance, Design Thinking for Bankers and Non-bankers, Enterprise Risk Management, Setting KPIs with Enterprise Balanced Scorecard, Organisational Development Audit/Assessment, Compliance Risk Management, Operational Risk and Compliance Management, Transforming Strategy into Business Results.

He had published over 20 Risk Management, Strategy and Technopreneurship articles. He had co-authored 2 books published in 2017:

  1. Design Thinking for Management, Leadership and Technopreneurship, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-4217-8, published in December 2017
  2. Technopreneurship: in Industry 4.0, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-3875-1 published in December 2017

Dr Christopher has most recently been appointed as Dean for School of Finance and Banking with Swiss Institute of Management and Innovation based in Zug, Switzerland. He is also an Adjunct Visiting Faculty to some foreign universities namely: Shanghai JiaoTong University, Central University of Finance and Economics (Beijing), Harbin Institute of Technology (Harbin), S.P. Jain (Singapore and Dubai campus) on a yearly basis on banking certification courses and/or EMBA courses.

The Certified Operational Risk Officer (CORO) is the unique programs from the Swiss Institute of Management and Innovation (SIMI)’s School of Finance & Banking. This program is also accredited as the other accredited programs from SIMI.

Accreditation & Recognized of the Swiss Institute of Management and Innovation (SIMI)

Zug Canton

Legal License No. CHE-258.08.017
The Swiss Institute of Management and Innovation (SIMI) is a training institution established and licensed in the Canton of Zug in Switzerland, Legal License No. CHE-258.08.017. SIMI cooperates with our university’s or institute’s partners offering professional and career-oriented higher education programs, participating in various research projects in Switzerland and abroad, and providing internship services for learners.

Accreditation for International Schools, Colleges, & Universities, ASIC, UK

ASIC is an independent, government-approved accreditation body specializing in the accreditation of schools, colleges, universities, training organizations, online and distance education providers, both in the UK and overseas. ASIC accreditation is recognized by the UK Visas & Immigration (UKVI), part of the Home Office and a Member of the CHEA International Quality Group in the USA. SIMI is an accredited Institution by ASIC with Premier status.
Contact SIMI

Blegistrasse 7, 6340 Baar, Switzerland

SIMI is the first Higher Education provider in Zug, Switzerland. SIMI is accredited by ASIC and licensed by Canton of Zug, Switzerland in the training and research.

Accredited by ASIC
Fully accredited by ASIC UK, Premier institution status.

Apply for a scholarshipSIMI offers a variety of Scholarships for International Students. The Scholarship is not for full-time learners in Switzerland and is limited.

    SIMI is the first accredited institute of higher education in Zug Switzerland

    The Swiss Information and Management Institute (SIMI Swiss) website uses cookies and only uses your data to enhance your browsing experience.