Unit Operational Risk Manager

  • RM80,000 p.a.
  • Kuala Lumpur, Malaysia
  • Permanent, Full time
  • Scope International (M) Sdn Bhd
  • 06 Sep 16

Effective management of Operations Risk within the business unit including ensuring the proper functioning of embedded and periodic controls. Escalation of Risk related KCSA exceptions / to BORC Establish the First Line of Assurance in the Business unit by implementing a program of Key Control Self Assessment/Control Sample Testing. Assist Business Unit Head and SORO in coordinating, driving and directing effective compliance and Operational risk management at the Business unit level. Implement controls within the Business unit to meet all regulatory and internal policy requirements

Risk Governance

  •  Assist SORO in the implementation of OR framework or other relevant OR initiatives
  • Ensure, jointly with the Business / Function, that the business heads and relevant staff understand and accept their risk management responsibilities in relation to operational risk.
  • Ensure smooth conduct of BORC and other unit level risk related meetings and ensure quality / accurate updates of various OR events and initiatives.
  • Co-ordinate periodic business monitoring (self-assessment) activities within the Business Unit and escalate findings and or breaches to Business Unit Head and SORO, when they occur.
  • Design and implement control measures and monitoring plans for compliance and operational risk management.  Ensure effectiveness of controls for compliance monitoring and risk management
  • Support the initiatives and risk reviews driven across the hub


Risk Appetite

  • Assess periodically the unit’s operational risk profile and maintain alignment with risk appetite by rebalancing of risks or controls that may be required in response to internal and external factors.
  • Review and challenge the existing process to identify the gaps on Systems Design, Systems Control , Process Design and Process Control 
  • Engage closely with Peer Groups within Hubs to share the lessons learnt, process gaps and adhere to effective control measures.


Risk Control Ownership of Operational Risk

  • Implement approved plans /Recommend for implementation of enhanced /new control measures and monitoring plans for compliance and operational risk management.
  •  Ensure effectiveness of controls for compliance monitoring and risk management Challenge the completeness of risk identification, monitoring and control activities and identify/address any significant gaps that may exist between them.
  • Ensure compliance with Operational Risk policy & procedures.


Risk identification and Assessment

  • Validate and challenge risk identification and assessment of gross and residual risks arising from executed processes and identify any gaps. 
  • Assess the control environment including, but not limited to, control design, control execution, control testing and control history.
  • Recommend changes to the control environment or to business practice to reduce the level of operational risk exposures.
  • Propose effective process controls where there are material risks of process control failure.
    • Validate Business / Functions Controls - Regularly assess implementation of Business/functions Key Control Standards as defined by the business to ensure cost effectiveness, efficiency and relevance.
    • Identify Local Control Gaps - Regularly assess all key controls against the risk profile to monitor exceptions and identify gaps.
    • Optimise portfolio of local controls - Regularly assess existing Local Key Control Standards, Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) to ensure cost effectiveness, efficiency and relevance.
  • Provide balanced and informed assessment of operational risks arising from acquisitions and major change initiatives or country projects, where applicable

Risk Acceptance

  • Review and recommend for approval risk record templates within the unit for Local KCSAs/CSTs..
  • Recommend for approval the classification and accurate reporting of operational risk events and the appropriateness of mitigation actions.
  • Challenge and recommend on relevant business activities where risks are not aligned with control requirements or risk appetite.
  • Escalate Risks according to the Risk Acceptance policy.

Risk Monitoring

  • Ascertain and confirm that KRIs, KCIs, and Key Control Self Assessment (KCSA) or Control Sample Testing (CST) as approved, are effectively implemented.
  • Periodically review operational risk assessments to ensure these appropriately reflect changes in environment, mitigating controls and the progress of treatment plans.
  • Systematically monitor process control effectiveness where there are material risks of process control failure.
  • Review and recommend for approval risk treatment plans.
  • Monitor treatment plans to ensure they are implemented accordingly by the business.
  • Lead and support implementation of OR initiatives for the Business unit.
  • Proactively communicate with the Business Unit Head and SORO on operational risk issues.  Escalate significant events to Business Unit Head/SORO/Business Head as appropriate.
  • Co-ordinate and consolidate operational risk and loss reporting of the unit for the reporting to the BORC, SORO and Business Unit head. Ensure data accuracy and completeness.
  • Review and Recommend for approval for annual key control testing plans.

Risk & Loss Reporting

  • Validate the classification and accurate reporting of operational risk losses.
  • Support SORO in reporting and escalating Significant Operational Risk Events (SORE).
  • Facilitate units for conducting Root Cause Analysis (RCA) reports for relevant events.
  • Provide risk information/updates to functions/domains/Country GTO Operational Risk Committee (GTO FORC) as appropriate.