Operational Risk

Operational Risk
Operational Risk


Most major financial incidents result from operational risk issues that could have been mitigated or even prevented. Because operational risks are often interrelated with other risks, Operational Risk Management (ORM) leaders must translate business issues into ORM actions.


Protiviti’s Operational Risk professionals help organisations to drive operational performance, enhancing regulatory standing and shareholder confidence and are known for our collaborative approach towards helping leading institutions build and evolve their Operational Risk Management programmes so that tangible benefits are realised.


Our services include:

Operational Risk Management Programme Assessment/Implementation

Protiviti assists several of our clients with programme assessments and implementation efforts geared toward leading practises or regulatory guidance. Protiviti provides project management, advisory and implementation services as part of the ORM programme implementations.

Risk Control Self-Assessment (RCSA) Support

The RCSA should be utilised as a method to actively manage risk to business strategies and the health of supporting processes. Protiviti is able to help our clients redesign RCSA methodologies, document initial content to begin an RCSA (Processes, risks and controls) and support with technology implementations such as a GRC platform.

Operational Risk Appetite, Measurement and Reporting Analysis and Implementation

Protiviti has the capabilities to design an innovative suite of risk indicators and reporting. We analyse hundreds of risk and performance metrics, ultimately refining and clearly linking metrics to strategy, objectives and hard to measure risks. We leverage comprehensive industry knowledge and benchmarking to define the risk appetite, then employ monitoring and management techniques which align to the risk appetite at the enterprise level down to lines of business.

Process, Risk and Control evaluations and support

Our operational risk management professionals can assess the completeness and quality of existing risks and controls to identify gaps and ensure consistency.  We help our clients re-write, rationalise and improve their risk and control environments.

Monitoring and Testing Support

Protiviti has the capabilities to support first and second lines of defense to design and implement monitoring and testing programmes.  We can support creation of coverage plans, identifying automated techniques and assessing efficiencies in monitoring and testing operational risks across the organisation.

Operational Loss and Scenario Analysis

Protiviti helps clients to build operational risk loss tracking and analysis programmes both for internal losses and external losses.  Protiviti also assists organisations in assessing their scenario analysis programmes, linkages to emerging risk programmes and stress testing and assessing and recommending detailed scenarios. We can provide support in integrating operational loss data and scenario analysis into the RCSA programme and broader operational risk programme to effectively utilise the output and data to make informed decisions.

Operational Risks Programme Assessments and Support

Financial organisation face a variety of operational risks such as third party , new product/service, change management, technology and cyber-security, human resources, data quality, business continuation and financial crime.  Protiviti has experience in assessing and implementing these programmes and integrating them into the overall operational risk programme.

GRC Tool Implementation/Transition:

Protiviti helps clients with GRC software implementations and transitions – including process, risk and control taxonomy alignment and development, risk and control statement definition, data mapping of operational risk data and RCSAs to new structures, and migration of legacy data into new systems. Protiviti also facilitates change management and communication with regards to affected users and stakeholders by partnering with the organisation and technology providers.