Managing Operational Risk in a Changing World

Cagan, Penny

John Wiley & Sons Inc（2026/06発売）

• 製本 Hardcover:ハードカバー版
• 言語 ENG
• 商品コード 9781394421619

Full Description

Practitioner manual to operational risk blending contemporary challenges with case studies 

Managing Operational Risk in a Changing World is both a practitioner's manual and a classroom text that blends nearly 40 years of frontline experience with emerging themes that define today's risk landscape, from climate change and ESG to AI, DE&I, cyber threats, and pandemics. Unlike existing titles that focus on defining operational risk or recounting its history, this book is organized around contemporary challenges, showing how frameworks and methodologies can be applied in practice.  

The book contains interviews with industry veterans, from Barings to Silicon Valley Bank, who share their perspective and strategy for managing operational risk. In Managing Operational Risk in a Changing World, readers will find insights on: 



Recent regulations focused on managing emerging risks, such as the Digital Operational Resilience Act (DORA) 
Firewalls, intrusion detection systems, and encryption as critical elements in a robust approach to cyber risk management 
Data governance and data controls—checking and cleaning up erroneous data, and performing independent reviews 
Operational risks associated with geopolitical events, including people, processes, technology, and external factors 

The operational risk discipline is in flux, with regulators raising expectations and new risks constantly surfacing. Managing Operational Risk in a Changing World is required reading for all OpRisk professionals, academics, and students seeking to stay ahead of the curve. 

Contents

Acknowledgments xiii

Introduction to Operational Risk Book 1
Operational Risk at a Crossroads 1

Chapter 1
The History and Importance of Operational Risk 3
The Definition of Operational Risk 3
The Impact of the Barings PLC Unauthorized Trading Event 5
The Introduction of Basel II and Operational Risk Capital Adequacy 5
The Language of Operational Risk 8
Basel III Endgame 9
Significant Unauthorized Trading Events 11

Chapter 2
Managing Operational Risk in the New World Order 19
Managing Through the Great Challenges of Our Time 19
Managing Operational Risks Associated with Geopolitical Events 21
Communicating Operational Risks 27
Interview with Industry Veteran on Managing Operational Risk and Compliance: Mike Silva 28

Chapter 3
Building the Team for Today and Tomorrow Across the Lines of Defense 33
Managing Operational Risk Across the Lines of Defense 33
General vs. Specialist Roles 36
The Composition of Operational Risk Teams 37
Interview with Industry Veteran on First-Line Risk Management: Aarona Chou 38

Chapter 4
Making It Real: Developing a Framework for the Real World 43
The Operational Risk Framework Is Only as Effective as Its Implementation 44
Elements of the Framework 46
Governance 46
Policies and Procedures 47
Risk Appetite 48
Key Risk Indicators 49
Loss Data 50
Risk and Control Assessment 51
Scenario Analysis 52
Issue Management 53
Monitoring and Reporting 54
Culture and Awareness 55

Chapter 5
Managing Operational risk appetite and Key Risk Indicators 59
Definitions 60
Considerations When Managing Risk Appetite 60
Risk Appetite Framework 62
Integration with Operational Risk Program Components 66
Key Risk Indicators 67

Chapter 6
Developing and Deploying Risk Assessments 73
Risk and Control Self-Assessment Overview 73
Governance: Defined Roles and Responsibilities 75
Communication Plan 78
Leveling Up: Determining Risk Assessment Units 79
The Perspective: Top Down and Bottom Up 81
Technology Enablement 84
Methodology: Rating Risks and Controls 86
Process Mapping 93
The Trigger-based Approach 94
Remediation 96
Reporting on the Results 98

Chapter 7
Internal and External Loss Data 103
Types of Loss Data 105
Roles and Responsibilities 106
Framework and Methodology 107
Internal Loss Data 108
Stage 1: Identify 109
Stage 2: Assess 113
Stage 3: Mitigate 116
Stage 4: Monitor 116
Stage 5: Report 117
External Data 118
Citibank Revlon Bond Case Study 120

Chapter 8
Setting Up the Guardrails: Operational Risk Governance 123
Risk Culture 124
Training 127
Conduct Risk 127
Policies and Frameworks 131
Governance 134
Risk Committees 135
Interview with Industry Veteran: Maureen Day 138
Wells Fargo Pays USD $7.57 Billion in Penalties and Redress Over Retail Customer Violations 141

Chapter 9
The Fourth Line: Managing Regulatory Risks 151
The Regulatory Climate 151
Managing Regulatory Relationships 155
Tracking Regulatory Changes 158
Regulatory Expectations 159
The Four Lines of Defense Model 160
Seeking Help 161
Confidential Supervisory Information 162
Interview with Industry Veteran on Managing Regulatory Risk: Tom Balogh 164

Chapter 10
It Could Happen Here: On Developing Scenarios 169
The Scenario Program 172
The Scenario Framework 172
Governance and Framework 172
Preparation 175
Facilitation 176
Scenario Workshop 178
Reporting and Alignment 179
Scenario Examples 182
Interview with Industry Veteran on the Use of Scenarios: Evan Sekeris 184

Chapter 11
Know Your Process: Managing Execution Risks 191
Managing Through the Operational Risk Framework 194
Governance 195
Policies and Procedures 195
Risk Appetite and Key Risk Indicators 196
Loss Data, Incidents, Escalations, and Issue Management 198
Risk and Control Assessment 199
Scenario Analysis 202
Monitoring and Reporting 204
Culture and Awareness 204
Payments 205
Boeing Case Study 206
Citigroup Fat Finger Case Study Courtesy of IBM 209

Chapter 12
Managing Change, and Product and Service Risk 219
Change Management 219
Lifecycle 222
Change Initiative Risk Assessment 225
Roles and Responsibilities 227
Waterfall vs. Agile 227
Success Criteria 228
Products and Services Change Initiatives 229
U.S. Regulatory Guidance 231

Chapter 13
Managing Data Risk, AI, and Machine Learning 239
Data Risk Management Framework 241
Governance and Policies and Procedures 244
Risk Appetite and Key Risk Indicators 245
Loss Data 246
Risk and Control Assessments and Maturity Assessment 247
Scenario Analysis 248
Monitoring and Reporting 250
Cultural Awareness 250
AI and Machine Learning 250
Data Is Foundational to AI and Machine Learning 252
AI-Specific Operational Risks 253
Using AI to Manage Risk 254
Interview with Industry Veteran on Data and Machine Learning: Jae Kang 256

Chapter 14
Managing Cyber Risk 261
A Tale of Two Attacks 262
Cyber Frameworks 263
Aligning NIST to an Operational Risk Framework 271
Strong Cyber Practices 274
Interview with Industry Veteran: Alicja Cade 275
United Healthcare Case Study Courtesy of IBM 280

Chapter 15
Managing Third-Party Risk 291
Third-Party Risk Management Framework 292
Planning (Including Governance) 293
Due Diligence and Third-Party Selection 296
Contract Negotiation 298
Ongoing Monitoring 299
Termination 300
Interview with Industry Veteran: Jeannie Pumphrey 303

Chapter 16
Managing Fraud 307
Managing Internal and External Fraud 308
Fraud Risk Management Frameworks 311
JPMorgan London Whale Case from O.R.X: An Example of internal Fraud 318
JPMorgan Pays USD $950 Million in Fines and Settlement
After "London Whale" Trading Losses of Up to USD $6.25 Billion 318

Index 323