ORX launches op risk Controls Library

Operational risk association ORX has today launched a Controls Library for operational risk.

Developed with McKinsey & Company, the library is based on data collected from nearly 50 financial services firms, contains 761 typical operational risk controls, and is aligned to the ORX Reference Risk Taxonomy.

The Control Library is designed to help organisations better understand and benchmark their own controls against industry practice, to enable shared learning and to provide insight into the efficiency of their control environment.

Steve Bishop, research and information director at ORX, said: “Many of our members were spending significant time and money on improving their controls and some had built their own Control Library. These in-house libraries, which are based on a financial organisations’ proprietary data and insight are extremely useful, but we saw an opportunity to take the collective data of 50 organisations to create an industry view.

“The library also creates the opportunity for industry control benchmarking, this is particularly important with operational and non-financial risk and control being an important topic on boardroom agendas.”

Daniel Mikkelsen, senior partner at McKinsey & Company added: “We’re delighted to serve as a knowledge partner with ORX to develop a robust and comprehensive reference library of typical controls used to mitigate different types of operational and non-financial risk.

"We believe this library will be a valuable resource for financial institutions to compare their internal controls with typical control types, to facilitate the development of their own control libraries, and to share and benchmark information to derive insights into the importance of their controls in mitigating risk. The library also enables institutions to streamline control identification and assessment processes across their businesses and to standardise and simplify their controls.”

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.