Curriculum
Qualifi Certified Professional in Operational Risk Management (QCP-ORM)
Module 1 Operational Risk Foundations, Drivers, Taxonomy, and Risk Context
0/37
Module 2: Operational Risk Governance and Framework Design
0/30
Module 3 Operational Risk Identification, Assessment, Analysis, and Reporting
0/30
Module 4 Technology, Third-Party Risk, Operational Resilience, and Professional Recommendations
0/28
-
Overview Module 4 / Session 1 | Technology Dependency, Cyber Events, Data Issues, Models, and Third-Party Risk
Preview -
Module 4 / Session 1 Technology Dependency, Cyber Events, Data Issues, Models, and Third-Party Risk
-
Downloadable Worksheet| Module 2 / Session 4 Escalation and Reporting Arrangements in Operational Risk Governance
-
Activity : Dependency map and exposure review
-
Assignment: Mini-case: Nimbus Lending platform disruption
-
Formative quiz Module 4 / Session 1 | Technology Dependency, Cyber Events, Data Issues, Models, and Third-Party Risk
-
Session assignment: Technology and third-party exposure review
-
Overview Module 4 / Session 2 Business Continuity, Incident Response, Disruption Testing, and Dependency Mapping
Preview
-
Module 4 / Session 2 Business Continuity, Incident Response, Disruption Testing, and Dependency Mapping
-
Mini-case: Orion Payments weekend outage
-
Formative quiz Module 4 / Session 2 | Business Continuity, Incident Response, Disruption Testing, and Dependency Mapping
-
Session assignment: Resilience capability review
-
Downloadable Worksheet | Business Continuity, Incident Response, Disruption Testing, and Dependency Mapping
-
Overview Module 4 / Session 3 | Lessons Learned from Incidents, Near Misses, and Case Material
Preview
-
Module 4 / Session 3 | Lessons Learned from Incidents, Near Misses, and Case Material
-
Mini-case: Falcon Trust reporting near miss
-
Formative quiz Module 4 / Session 3 | Lessons Learned from Incidents, Near Misses, and Case Material
-
Session assignment: Lessons-learned improvement brief
-
Overview Module 4 / Session 4 | Evidence-Based Recommendations, Dashboards, and Action Plans
Preview
-
Module 4 / Session 4 | Evidence-Based Recommendations, Dashboards, and Action Plans
-
Mini-case: Solara Insurance operations dashboard request
-
Formative quiz Module 4 / Session 4 | Evidence-Based Recommendations, Dashboards, and Action Plans
-
Session assignment: Concise dashboard and action plan
-
Overview Module 4 / Session 5 Ethical Judgment, Confidentiality Awareness, and Professional Communication
-
Module 4 / Session 5 | Ethical Judgment, Confidentiality Awareness, and Professional Communication
-
Mini-case: Redwood Services sensitive findings briefing
-
Formative quiz Module 4 / Session 5 | Ethical Judgment, Confidentiality Awareness, and Professional Communication
-
Session assignment: Professional risk communication note
Overview Module 4 / Session 1 | Technology Dependency, Cyber Events, Data Issues, Models, and Third-Party Risk
Welcome to Module 4 / Session 1
This learner guide summarises the main ideas, activities, and applied tasks for this session. Use it during class and for post-session review.
Learning objectives
· Evaluate how technology dependency changes the operational-risk profile of an organisation.
· Explain the operational-risk implications of cyber events, data-quality issues, and model use.
· Assess outsourcing and critical third-party relationships as sources of concentration, dependency, and control risk.
· Differentiate between primary exposure, control weakness, and downstream business impact in technology and third-party settings.
· Prepare an initial risk view for a technology- and vendor-dependent operating model.
Core ideas for this session
· Technology, data, models, and vendors are connected operational-risk exposures, not isolated topics.
· A dependency is most important when several critical services rely on it.
· Operational-risk evaluation should focus on implications for service, control, customers, and resilience.