Easy2comply has its third Basel II – Operational Risk webinar that focused on building effective Risk Management frameworks that can be implemented with smaller budgets and smaller departments.

Many questions were asked and I would like to focus on a few of them as they raise some interesting ideas for all of us.

A risk manager from the United States wanted to know about the overlap between Operational Risk and Sarbanes-Oxley. Whilst this blog won’t go into a lot of detail about the similarities and differences, the point that I made was around Controls coverage.

The SOX program covers all of the controls surrounding the Financial Reporting process, as well as the information flows into the end financials. The analysis on these controls is incredibly rich and deep, from identification, assessment, and all the way through to testing.

In contrast, Operational Risk covers a much broader set of controls across the organization; however the analysis on these controls is generally a lot shallower. Quite often it is sufficient to record that the controls exists and that they work.

These different approaches are both supported by the easy2comply SOX and Operational Risk software. Click to continue »