Risk Workspace for the operational risk manager

  • Release version: Australia
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Risk Workspace for the Operational Risk Manager

    The Risk Workspace for operational risk managers enables organizations to manage operational risks effectively, which can arise from errors, breaches, or damages due to various factors. This workspace supports operational risk managers in defining risk frameworks, conducting assessments, and communicating risk postures to stakeholders.

    Show full answer Show less

    Key Features

    • Operational Risk Framework: Establish a robust risk management framework that includes risk identification, measurement, mitigation, and reporting.
    • Setup Libraries: Create risk statements and control objectives to ensure a common understanding of risks and their priorities.
    • Periodic Risk Assessments: Conduct annual assessments and maintain an up-to-date risk register.
    • Risk Event Monitoring: Record and analyze risk events to understand losses and identify areas for improvement.
    • Key Risk Indicators: Monitor risk posture continuously by defining and tracking key risk and control indicators.
    • Issue and Incident Management: Manage issues and incidents that may threaten operations, ensuring proper tracking and remediation.
    • Reporting: Develop dashboards and reports to communicate risk assessments and operational risk posture to executives.

    Key Outcomes

    By utilizing the Risk Workspace, operational risk managers can effectively manage and mitigate risks, ensuring a clear understanding of their organization’s risk posture. This proactive approach leads to better decision-making, improved compliance, and enhanced organizational resilience against operational risks.

    Operational risk managers manage operational risks such as losses due to errors, breaches, or damages that are caused by people, internal processes, systems, or external events. Operational risks range from the small, such as the risk of loss due to minor human errors, to the large, such as the risk of bankruptcy due to serious fraud.

    Operational risk manager

    Operational risk managers are a part of the operational risk team that manages the risk posture of the organization. Risk posture is the current risk profile for a company. As an operational risk manager, you must perform the following tasks.
    Define the operational risk framework
    Effectively manage the operational risks of an organization by defining a robust risk management framework. This framework helps to identify risks and to define the control framework to mitigate those risks. A risk management framework consists of the following components:
    • Risk identification
    • Risk measurement or scoring
    • Risk mitigation
    • Risk reporting and monitoring
    Set up libraries
    Set up comprehensive libraries by doing the following:
    • Creating risk statements: A risk statement is used to record a risk in a way that everyone can reach a common agreement on its severity or relative priority.
    • Creating control objectives: A control objective defines the aim or purpose of risk-mitigating controls. These controls need continuous monitoring.
    • Defining entity classes, entity types, and entities: For more information on entities, see Understanding entities.
    • Defining the upstream and downstream entities.
    The first step is to set up risk statements so that your team has a specific idea of the risk. For example, simply calling a risk as a cybersecurity risk is not specific. Cybersecurity risks could mean different things to different people. Therefore, a common statement to define cybersecurity is created as a risk statement. To create risk statements and their hierarchy, clearly define the risk impact, the assets at risk, and the source of risk. By defining the risk statements and creating their hierarchy, you can ensure that the risk scores are aggregated thus giving the complete risk status.
    Conduct risk assessments on a periodic basis
    Perform the annual risk assessments according to your organization's policies. Also, ensure that the risk register is updated and accurate. Create risk assessment scopes and schedule assessments. To learn more about risk registers, see Risk register in the Risk Workspace.
    Record and monitor risk events
    Risk events are potential or actual financial and non-financial losses, near misses, and gains that occur within an organization. To effectively manage risks, it is essential to monitor risk events, perform a root-cause analysis, and track the remedial tasks. Organizations use risk events to understand their losses and analyze areas of improvement to reduce further losses. You must maintain the loss event register to capture complete event information and to suggest additional controls to mitigate risks in the future.
    Define key risk indicators
    Monitor the risk posture of your enterprise on a continuous basis. Continuous monitoring of risks and controls involves identifying and creating key risk and control indicators. Supporting information can be collected for those indicators through automatic data collection or manual tasks. Indicator results are then used to create issues for controls, signal a change in the risk posture, and to provide supporting information for audit activities and control testing. If the indicator thresholds are breached, you must escalate to the respective stakeholders.
    Manage issues and incidents
    An issue is created when there is a change in the environment, process, or system that poses a threat. An issue requires action to prevent an incident or loss. An incident is a successful outcome or event with a negative impact. As the operational risk manager, you can view, create, and manage issues and incidents. Ensure tracking, proper closure, remediation, and monitoring of issues and incidents.
    Communicate the operational risk posture
    Define dashboards to report data effectively and accurately. You must create the required reports which can be shared with the executives and the head of the operational risk team. The reports and dashboards ensure that the aggregated assessment results across the organization help to identify the top operational risks for the enterprise.
    The following table lists the key tasks that you perform in your role as an operational risk manager.
    Table 1. Tasks of an operational risk manager
    Activity Task
    Define the operational risk framework
    Communicate the operational risk posture
    Monitor the critical incidents and issues View, create, and manage issues
    Define the key risk indicators Risk indicators, control indicators, and indicator templates
    Conduct the annual risk assessment process
    Facilitate recording and learning from loss events
    Create aggregated risk reports Reports in the Risk Management application
    The following image shows the view for the operational risk manager.
    Figure 1. Home page for the operational risk manager
    Operational risk manager home page.