Preface xiiiAcknowledgments xvChapter 1 Definition and Drivers of Operational Risk 1The Definition of Operational Risk 12012 London Olympics: A Case Study 5Operational Risk Management and Operational Risk Measurement 9Drivers of Operational Risk Management 13Key Points 14Review Questions 14Notes 15Chapter 2 The Regulatory Push 17History of the Basel Accords 17Rules of the Accords 22Adoption of Basel II in Europe 27Adoption of Basel II in the United States 27Impact of the Financial Crisis 29Basel III 34Key Points 36Review Questions 36Notes 37Chapter 3 The Operational Risk Framework 39Overview of the Operational Risk Framework 39The Foundations of the Framework 40The Four Data Building Blocks 42Measurement and Modeling 44Reporting 44Risk Appetite 45Key Points 45Review Questions 46Note 46Chapter 4 Operational Risk Governance 47Role of Governance 47First Line of Defense 50Second Line of Defense 51Third Line of Defense 63Risk Committees 66Key Points 68Review Questions 69Notes 69Chapter 5 Culture and Awareness 71Winning over the Firm 71Marketing and Communication 72Agile 73Training 75Planning 76The "Use Test" 82Key Points 84Review Question 84Note 84Chapter 6 Policies and Procedures 85The Role of Policies, Procedures, Guidelines, and Standards 85Best Practices 88Operational Risk Policy 88Sample Operational Risk Policy 89Sample Standards, Procedures, and Guidelines 95Key Points 97Review Question 97Note 97Chapter 7 Internal Operational Risk Event Loss Data 99Operational Risk Event Data 99Internal Loss Data or Internal Operational Risk Events 100Risk Event Categories 103Using the Basel Risk Categories 112Minimum Operational Risk Event Data Standards 113Where Should Operational Risk Event Data Be Collected? 129When Should Operational Risk Event Data Be Collected? 130How Should Operational Risk Event Data Be Collected? 130Key Points 132Review Questions 132Notes 134Chapter 8 External Loss Data 135External Operational Risk Event Data 135Sources of External Loss Event Data 136Challenges of External Data 139Key Points 147Review Question 148Notes 148Chapter 9 Key Risk Indicators 149Key Risk Indicators 149Selecting Kris 153Thresholds 154Kri Standards 154Kri Challenges 155Metrics Examples 155Key Points 161Review Question 161Note 161Chapter 10 Risk and Control Self-Assessments 163The Role of Assessments 163RCSA Methods 166RCSA Scoring Methods 169RCSA Best Practices 173Key Points 178Review Question 179Note 179Chapter 11 Scenario Analysis 181Role of Scenario Analysis 181Scenario Analysis Approaches 183Scenario Analysis Output 192Key Points 195Review Questions 195Notes 196Chapter 12 Capital Modeling 197Operational Risk Capital 197Basic Indicator Approach 199Standardized Approach 202Advanced Measurement Approach 208Insurance 221Future of Capital Requirements: Basel III 223Key Points 235Review Questions 236Notes 236Chapter 13 Reporting 239Role of Reporting 239Operational Risk Event Reporting 241Risk and Control Self-Assessment Reporting 247Key Risk Indicator Reporting 248Scenario Analysis Reporting 249Capital Reporting 249Action Tracking Reporting 250A Consolidated View 253Dashboards 253Key Points 253Review Question 255Chapter 14 Risk Appetite 257The Role of Risk Appetite 257Regulatory Expectations 259Implementing a Risk Appetite Framework 264Monitoring Operational Risk Appetite 268Risk Appetite Today 272Key Points 272Review Question 273Notes 273Chapter 15 Reputational Risk and Operational Risk 275What Is Reputational Risk? 275Reputational Impact 277Regulatory Oversight of Reputational Risks 283Reputational Risk Management Framework 284Key Points 289Review Question 289Notes 290Chapter 16 Operational Risk and Convergence 291Operational Risk as a Catalyst for Convergence 291Governance, Risk, and Compliance (GRC) 292Converged or GRC Reporting 301Key Points 302Review Question 303Notes 303Chapter 17 Best Practices in Related Risk Management Activities 305New-Product Approval 305Supplier and Third-Party Risk Management 306Legal Risk Management 307Regulatory Risk Management 308People Risk Management 308Fraud Risk Management 309Technology Risk Management 310Climate Risk 311Pandemic Planning 312Strategic Risk 314Key Points 316Review Question 317Notes 317Chapter 18 Case Studies 319JPMorgan Whale: Risky or Frisky? 319Review Questions 324Notes 339Appendix: Answers to Review Questions 341About the Author 351About the Website 353Index 355

PHILIPPA GIRLING, PhD, is Chief Risk Officer at Varo Bank N.A. She has over 25 years of experience in global financial services and is a recognized risk management leader who has authored two popular operational risk textbooks. She is a sought-after public speaker on enterprise risk management and digital transformation and was named as one of the decade's "Top Fifty Faces of Operational Risk" in 2006.