top of page

Operational Risk for Auditors and Supervisors

Taught by an international expert in operational risk also former internal auditor certified by the IIA and a skilled person to the UK regulator, this course is a one of its kind, delivered for the IIA Luxembourg.


It focuses on the key elements to look for when auditing and reviewing operational risk framework, documentation and practice. It present some maturity criteria and reviews good signs and red flags in operational risk management and measurement.


Delegates will leave the course equipped with key concepts and examples, practical guidance to apply in their day to day mission and an open line for further questions with the trainer, Ariane Chapelle.


Key Objectives and Learning Outcomes :


After the course, participants will know about:

  • Rules for a consistent ORM and ERM framework

  • Essential elements to review and audit

  • Maturity criteria for each element of the framework

  • What documentation can and can’t tell

  • Effective ways to audit and supervise a risk function

  • A general risk-based approach to risk management and internal audit resource allocation



Who Should Attend

  • Internal auditors

  • Head of internal auditors

  • Regulators

  • Compliance officers

  • Operational risk managers

  • Head of operational risks

  • Heads of operations

  • External auditors


Course outline


Auditing and Reviewing Operational Risk Management


Session 1: Risk Appetite & consistency of an Operational Risk Framework

  • What to learn from general ERM frameworks (ISO, COSO)

  • Fundamentals of a risk management framework: taxonomy and risk appetite

  • CRICL taxonomy: Causes – Risks – Impacts – Controls – Location: organising the risk register

  • Risk Appetite: driving the rest of the framework

  • Structure and features of actionable risk appetite

  • Governance and operating model


Workshop : roundtable and comparisons of practice


Session 2: Maturity Criteria in Operational Risk Management

  • Key signs of maturity – or lack thereof – regarding

    • Governance and 3 LoD

    • Relationship between the lines of defense

    • Taxonomy and risk identification

    • Risk assessments

    • Risk indicators and reporting

    • Culture

  • Benchmarking tool


Benchmarking Exercise: Rate the operational risk practice of the firm(s) you know


Session 3: Documentation vs Culture

  • What can you read from the documentation of a risk function?

  • What to ask for and what to look for

  • Does the documentation reflects the culture: true signs and red flags

  • Signs of a good risk culture: timeliness, event sharing.. and simplicity

  • Other signs of good risk culture

  • Ways to review and audit a risk function


Roundtable: case studies


Session 4: Risk-based allocation of resources: a general approach

  • Risk-rating criteria for different risk objects (Information, Project, Process, Model, Third party, client.. )

  • Risk rating scorecard and scoring methods

  • Risk-based mitigation efforts

  • Risk-based approach in internal audit and in supervision


Class Interaction: sharing of practices when drafting audit plan and regulatory visits


Concluding remarks



About Ariane Chapelle - course designer and speaker

Ariane Chapelle, PhD, is an internationally recognised trainer and consultant in Operational Risk. Dr. Chapelle is Associate Professor at University College London for the course 'Operational Risk Measurement for Financial Institutions’ and is a Fellow of the Institute of Operational Risk and a trainer for the Professional Risk Managers' International Association (PRMIA), for whom she designed the Certificate of Learning and Practice in Advanced Operational Risk Management.

Dr. Chapelle runs Chapelle Consulting, a training and consulting practice in risk management serving Tier 1 to Tier 3 financial organisations and international institutions, including central banks and UN agencies.

In 2019, Chapelle Consulting received the Award for ‘Outstanding Achievement in the Year in Operational Risk’.

Dr. Chapelle is a former holder of the Chair of International Finance at the University of Brussels with backgrounds in internal audit, credit risk and investment risk. She is a Certified Internal Auditor (IIA, 2001).

She has been active in operational risk management since 2000 and was formerly head of operational risk management at ING Group and Lloyds Banking Group.

Her latest textbook Operational Risk Management: Best Practices in the Financial Services Industry, published by Wiley Finance Series in December 2018, rapidly became the No.1 best seller in its field. It is now translated in French by Pearson France and was elected « Book of the Year 2020 » by












Op risk.jpg


Ariane Chapelle


28/09: 13.00 – 16.00 

29/00: 09.00 – 12.00 

CPE Credits



Member 450 EUR 

Non-member 550 EUR




bottom of page