Operational Risk Framework and Tools
Risk and Control Self Assessments (RCSA), which should be carried out annually
-
Residual Risks with High and Medium ratings shall have mitigation plans. Â
-
Risk mitigation plans for High and Medium risks should not have target dates beyond 6 months from the date of identification. Â
-
For High and Medium-rated risks, the Risk Committee must approve any future change in the target dates beyond 6 months, need to be approved by the Risk Committee according to the OR Policy. Â
-
The Board of Directors need to approve High Risk Acceptances need to be approved by the Board of Directors through the Risk Committee. Â
-
The Risk Committee should approve Medium Risk Acceptances. need to be approved by the Risk Committee Â
KRI’s
-
1
Step 1
The KI – name and description, standardised key risk, risk description and associated process.
-
2
Step 2
Identify the data owner, frequency and type (leading or lagging).
-
3
Step 3
Thresholds should be set, based on the following.
-
4
Step 4
KRI for a department should be approved by the Head of the Department and ORMF
*If no response is received within one week, the list of KRIS will be considered final and approved.
Risk Event and Issues Reporting and Templates notes the responsibility of all CBUAE employees to identify and report incidents immediately upon discovery. Â

Rate this page
Rated by
PeopleThanks for rating
Last updated on: Thursday 28 July 2022
Total visitors 5123
Rate this page
Rated by 1 People
Thanks for rating