A pioneer of operational risk takes the field’s biggest questions head on. Forty years of frontline experience, ten interviewed industry veterans, and a candid look at why she finally had to write this book.
Operational risk is in flux. Climate change, ESG, AI, cyber, pandemics, geopolitics, and regulators raising the bar are all reshaping the discipline at once. Frameworks built a decade ago feel inadequate for a landscape changing this fast.
In this live conversation, we sit down with Penny Cagan, author of the new Wiley title Managing Operational Risk in a Changing World, to explore why she wrote the book, what made it different from anything else on the shelf, and what practitioners can take into their work on Monday morning.
Penny is widely considered a pioneer of operational risk as a formal discipline. She brought the first Operational Risk Loss Database to market, has led operational risk functions at UBS Americas, MUFG Union Bank, JPMorgan Chase, Citigroup, and Ernst & Young, and lectures in the Enterprise Risk Management Master’s programme at Columbia University. She has been recognised three times by Operational Risk & Regulation magazine, including a special industry award for outstanding contribution to the field.
About the book
Most operational risk books define the discipline or recount its history. Managing Operational Risk in a Changing World takes a different route. It is organised around the contemporary challenges practitioners actually face, and shows how established frameworks and methodologies can be applied to them in practice.
The book draws on nearly forty years of frontline experience, plus interviews with ten industry veterans, from people who lived through the collapse of Barings to those who watched Silicon Valley Bank unwind. It is positioned as a practitioner’s manual and a classroom text in equal measure.
Buy the book on Amazon:
https://www.amazon.com/Managing-Operational-Risk-Changing-World-ebook/dp/B0GX3164PW
Inside the book
First-hand interviews, with practitioners who have managed through some of the highest-profile risk events of the past four decades
Emerging regulations, including the Digital Operational Resilience Act (DORA) and what it means in practice for ICT risk management, third-party oversight, and resilience testing
Cyber risk in depth, from firewalls and intrusion detection through to encryption as a load-bearing element of any robust programme
Data governance and data controls, covering how to check, clean, and independently review the data that risk decisions sit on top of
Geopolitical risk, framed across people, processes, technology, and external factors rather than treated as a separate silo
Climate, ESG, AI, DE&I, and pandemics, the contemporary themes that have moved from the margins to the centre of the operational risk register
Why Penny wrote the book
Penny’s career has tracked the emergence of operational risk as a formal discipline. She was in the rooms where the discipline was named and shaped after the Barings collapse, and she has watched it stretch to absorb every new shock since, from the financial crisis to COVID, to the rise of generative AI.
In her own words, when she sat down to write, it felt important to tell the story in her own voice and to bring in others. So she interviewed ten industry experts and wove their accounts through the chapters. The result is a book that reads as a record of the field, a working manual, and a personal reflection on what has changed and what still has not.
What we will cover in the webinar
- The motivation behind the book and what Penny set out to do differently
- How operational risk has evolved from the early 2000s to today, and the misconceptions that still persist
- The emerging risks Penny believes deserve more attention, including AI risk and climate-linked operational risk
- What good looks like for a modern operational risk programme under regulations such as DORA
- Practical advice for risk leaders trying to mature their programmes without ballooning headcount
- Lessons from the industry veterans she interviewed, including practitioners with direct experience of Barings and Silicon Valley Bank
- Career advice for the next generation of risk leaders, drawn from her teaching at Columbia
Who this session is for
This webinar is designed for practitioners who are accountable for the design, oversight, or evolution of their organisation’s risk programme.
- Chief Risk Officers and Heads of Operational Risk
- Heads of Compliance, Internal Audit, and Resilience
- Second line risk and control practitioners in regulated industries
- Risk technology, data, and analytics leaders
- Academics, lecturers, and students in enterprise and operational risk programmes
- Executive sponsors who want a clearer picture of what modern operational risk looks like
Why this matters now
Boards are no longer satisfied with a longer risk register. They are asking sharper questions, and they expect sharper answers.
- Accountability: who owns each risk, and what is being done about it
- Confidence: what is working, what is drifting, and where the evidence stands up
- Insight: where decisions need to be made now, not after the next reporting cycle
- Outcomes: how the risk function actively protects strategy and performance
Penny’s book, and this conversation around it, are aimed squarely at practitioners working through those questions in real organisations under real regulatory pressure.
