Margaret A Searle
Special study and research in topics of current concern to faculty and students.
OPERATIONAL RISK MANAGEMENT IN THE PUBLIC AND PRIVATE SECTORs
This course examines the practice of operational risk in both the public (government and nonprofit) and private sectors through examples of five critical infrastructure sectors—banking and finance, information technology, telecommunications, public health and emergency services—selected because they have most rapidly adopted best practices for handling information and operational risk. This is the second of two operational risk courses designed for MSIM students to examine how information related to operational risk is identified and managed. This course examines the challenge closely in both the private sector and in the public sector.
Searle is the author of "Advice From A Risk Detective: At Home, At Work, Online And On The Roa" (2011), and editor of "Reflections on Risk" (2012), a collection of 22 ASA research notes compiled by Andrew Hansen and written primarily by interns from the UW Information School since 2009. Searle spent ten years at Washington Mutual Bank (WaMu), most of them as Senior Vice President for Enterprise Risk Services, with responsibilities over the years that included business continuity, information security architecture and assurance, and technology risk management for the entire company; as well as change management, regulatory and audit assurance for the Technology Group. For five of those years, she was chair of WaMu’s Crisis Management Team and executive sponsor of the WaMu technology innovation program.
Searle has a B.A. and an M.A. in English from the University of Iowa.
Student learning goals
•Identify and discuss key operational issues in government and in the private sector, in particular risks involving the handling of or decision-making around information. •Distinguish between effective risk policies and weak ones. •Learn how to transform the fundamentals of operational risk into a cohesive operational risk management strategy. •Examine current and emerging trends in operational risk management in government work and in the private sector, including concealed or unknown risks.
General method of instruction
The course will meet once a week for three hours. It will be conducted with a combination of lectures, guest speakers and facilitated discussion.
This course is open to graduate students who have completed "Fundamentals of Operational Risk"(Spring 2012) or "Information and Operational Risk" (Winter 2013), and by permission from the instructor.
Class assignments and grading
Readings will include a textbook (Moeller's "COSO Enterprise Risk Management, Second Edition) as well as selected readings that may include •Gawande, Atul. The Checklist Manifesto: How to Get Things Right . New York, Metropolitan Books, 2010 •National Initiative for Cybersecurity Education (NICE) Framework, http://csrc.nist.gov/nice/framework/ •Basel III: A Global Regulatory Framework for More Resilient Banks and Banking Systems – Revised Version (Basel Committee on Banking Supervision Publication, June 2011) •National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, http://www.dhs.gov/xlibrary/assets/Physical_Strategy.pdf •National Strategy to Secure Cyberspace (February 2003), http://www.us-cert.gov/reading_room/cyberspace_strategy.pdf •Federal Financial Institution Examination Council (FFIEC) Guidance, IT and other handbooks, http://ithandbook.ffiec.gov/
• Students will write one 3-5 page paper, facilitate weekly discussions and complete both an oral and written final presentation.
Reading, class discussion, class facilitation, two papers and an oral presentation are the basis of the course grade.