Curriculum
Qualifi Certified Professional in Operational Risk Management (QCP-ORM)
Module 1 Operational Risk Foundations, Drivers, Taxonomy, and Risk Context
0/37
Module 2: Operational Risk Governance and Framework Design
0/30
Module 3 Operational Risk Identification, Assessment, Analysis, and Reporting
0/30
-
Overview Module 3 / Session 1 Operational Risk Identification Using Process Analysis and Activity Review
Preview -
Module 3 / Session 1 Operational Risk Identification Using Process Analysis and Activity Review
-
Activity : Map the process and spot the risk
-
Mini-case: Settlement delays at CedarPay Services
-
Process-based operational risk identification
-
Downloadable Worksheet| Module 3 / Session 1 Operational Risk Identification Using Process Analysis and Activity Review
-
Formative quiz| Module 3 / Session 1 Operational Risk Identification Using Process Analysis and Activity Review
-
Overview Module 3 / Session 2 | Conducting a Structured Risk and Control Self-Assessment (RCSA)
Preview
-
Module 3 / Session 2 | Conducting a Structured Risk and Control Self-Assessment (RCSA)
-
Activity : Build an RCSA for an Assigned Process or Business Area
-
Mini-case: Orion Bank card-dispute operations
-
Formative quiz| Module 3 / Session 2 Conducting a Structured Risk and Control Self-Assessment (RCSA)
-
Structured RCSA
-
Overview Module 3 / Session 3 | Scenario Analysis, Control Evaluation, and Event Review
Preview
-
Module 3 / Session 3 | Scenario Analysis, Control Evaluation, and Event Review
-
Activity: Assess the scenario, rate the controls, review the event
-
Mini-case: NovaBank digital-account onboarding disruption
-
Formative quiz Module 3 / Session 3 | Scenario Analysis, Control Evaluation, and Event Review
-
Integrated assessment note
-
Overview Module 3 / Session 4 | Operational Risk Information, KRIs, Threshold Triggers, Event Data, Issue Logs, and Action Plans
Preview
-
Module 3 / Session 4 | Operational Risk Information, KRIs, Threshold Triggers, Event Data, Issue Logs, and Action Plans
-
Formative Assignment| Build an Operational Risk Dashboard and Management Commentary
-
Mini-case: Horizon Bank onboarding and access control trends
-
Formative quiz Module 3 / Session 4 | Operational Risk Information, KRIs, Threshold Triggers, Event Data, Issue Logs, and Action Plans
-
Operational risk information
-
Overview Module 3 / Session 5 Preparing Operational Risk Reports and Dashboards for Management
Preview
-
Module 3 / Session 5 Preparing Operational Risk Reports and Dashboards for Management
-
Mini-case: Orion Bank monthly operational risk report
-
Formative quiz Module 3 / Session 5 | Preparing Operational Risk Reports and Dashboards for Management
-
Assignment: Prepare a concise operational risk dashboard or management
Module 4 Technology, Third-Party Risk, Operational Resilience, and Professional Recommendations
0/28
Text lesson
Overview Module 3 / Session 2 | Conducting a Structured Risk and Control Self-Assessment (RCSA)
Welcome to Session 2
This session helps you convert process knowledge into structured operational-risk assessment. You will learn how to define scope, write strong risk statements, evaluate controls, and produce a practical RCSA output that management can use.
Learning objectives
- Explain the purpose of risk and control self-assessment (RCSA) in operational risk management.
- Define the scope, boundaries, and evidence requirements of an RCSA for a business area, process, or case scenario.
- Identify key risks, existing controls, control gaps, and residual exposures within a structured RCSA template.
- Apply practical rating logic to assess risk severity, control effectiveness, and priority actions.
- Prepare a concise RCSA output that supports management discussion, issue ownership, and action tracking.
Core ideas for this session
- RCSA is a structured management tool, not just a spreadsheet exercise.
- A good RCSA combines risk statements, controls, evidence, ratings, ownership, and actions.
- Clear scope prevents workshops from drifting into unrelated topics.
- Control evaluation should test both design and actual operation.
- Residual-risk views should follow honest assessment of current controls.