Overview Module 3 / Session 1 Operational Risk Identification Using Process Analysis and Activity Review

Welcome to Session 1

This session helps you move from governance thinking into practical operational-risk work. You will learn how to identify operational risk by analysing a process step by step and by reviewing how everyday activities are actually performed.

Learning objectives

1. Explain why structured risk identification is the foundation for later assessment, reporting, and management action.
2. Use process analysis to identify risks, controls, handoffs, dependencies, and failure points within a business process.
3. Use activity review to identify routine operational-risk exposures in everyday tasks, approvals, reconciliations, exceptions, and manual workarounds.
4. Distinguish between process steps, risk points, control points, indicators, and evidence sources.
5. Draft a simple process-based operational risk map for a business area or case-study scenario.

Core ideas for this session

• Risk identification should happen before detailed risk scoring and reporting.
• Process analysis helps you map steps, owners, systems, controls, and failure points.
•  Activity review helps you understand how work is really carried out, including workarounds and pressure points.
• Handoffs, overrides, exception queues, and unofficial spreadsheets are common blind spots.
• Strong identification uses evidence such as procedures, walkthroughs, incidents, audit findings, and operational data.