Defining the problem©

• Typical organizational approach to operational risk management activities:

  • Poorly planned and executed function

  • Business units not involved

  • No asset management function

  • Seen as a technical function or responsibility

  • Searching for magic bullet: CobiT, ITIL, ISO17799, NFP1600

  • Poorly defined and measured goals

  • Funding model reactive, not strategic