Managing Operational Risk in a Changing World

“Penny Cagan has written the operational risk book the industry has been waiting for: authoritative, experience-rich, and unflinchingly relevant. Drawing on nearly four decades in the field, she brings a rare combination of clarity, judgment and lived insight to a discipline that is evolving faster than ever. Whether she is unpacking the complexities of RCSA design and execution or setting today’s challenges against the backdrop of pandemics, climate shocks and geopolitical instability, Penny shows practitioners not just what operational risk is, but how to manage it in the real world.

What sets this book apart is Penny’s voice: practical, calm, and deeply informed. She bridges frameworks with reality, data with judgment, and emerging risks with the human behaviors that sit beneath them. My own assessment of this manuscript is simple ― there is nothing else on the market that blends technical depth, contemporary relevance, and practitioner wisdom in the way Penny has achieved here.

For operational risk professionals, regulators, students, and senior leaders, this is essential reading. Penny has captured the past, present, and future of the discipline in a way that is both accessible and profound. This book will elevate how firms think about risk ― and how they prepare for the world that is coming.” ― Lewis O’Sullivan, Publishing Consultant; Former Publisher, Risk Books

“Penny Cagan has been an early pioneer and recognized thought leader in operational risk management. Over four decades, she has made significant contributions in the field of risk management in executive, consulting, and academic roles. With this new book, Penny is once again defining how companies can effectively manage the many facets of operational risk. In the current age of disruption, her wisdom and guidance are more important than ever.” ― James Lam, President, James Lam & Associates, Author of Enterprise Risk Management and Implementing Enterprise Risk Management

“I’ve been enjoying Penny’s writings on Operational Risk for 20+ years. In this book she provides a refreshingly personal & practical view of Operational Risk management, reflecting her decades of hands-on experience.” ― Michael Grimwade, Managing Director Operational Risk, ICBC Standard Bank.

“The operational risk case studies and lessons you will learn about in this book and the frameworks you will gain to address them have never been more pertinent. What a valuable time to read this book. If you want to up your measurement and management of operational risk, read this book.” ― Tanya Beder, Chairman & CEO, SBCC Group Inc.

“I have known Penny for many years, and have been delighted to have her as one of our Industry Advisors, engaging with our global COO community. She has a wonderful intellectual inquisitiveness and a considered, thoughtful approach. This has been hugely beneficial to our membership, who have gained valuable insights from Penny’s contributions on many complex subjects. This book provides a very useful insight and is a valuable resource for those seeking to delve deeper into and understand the key challenges within operational risk today.” ― Maurice Evlyn-Bufton, CEO, Armstrong-Wolfe

“Penny Cagan is a thought leader on operational risk management. She made her first mark in the space over 20 years ago as she transformed and upgraded our fledgling first “external database” of global operational risk events into an indispensable industry-leading risk management tool. Since then, her many corporate operational risk roles and experiences have broaden her perspectives and views on the subject, further confirming her place as a force for continued advancement of the discipline. Now she has gathered those experiences and lessons learned — both broad and detailed – and penned a formidable new book, which is destined to take its place as a masterclass on the subject.” ― Douglas G. Hoffman, Author of Managing Operational Risk

“Penny Cagan has created the Bible in best practices for people managing Operational Risk (OR) in financial institutions. Penny covers both the history of managing OR with a look to the future in evolving approaches to managing OR, as well as the new risks on the horizon, such as AI. Both new entrants and seasoned professionals in the field will find Penny’s insights invaluable.” ―Dan Mudge, former president Netrisk, fomer head of risk management at Bankers Trust, Managing Director, Promontory

“In these times of heightened uncertainty throughout the world, this thoughtful book is relevant to readers from students to CEOs who are seeking to manage organizations in a more thoughtful way.” ― Charles A Fishkin, Author, board member, adviser, and former risk director at the US Securities and Exchange Commission

“Penny Cagan has written the operational risk book the industry has been waiting for: authoritative, experience-rich, and unflinchingly relevant. Drawing on nearly four decades in the field, she brings a rare combination of clarity, judgment and lived insight to a discipline that is evolving faster than ever. Whether she is unpacking the complexities of RCSA design and execution or setting today’s challenges against the backdrop of pandemics, climate shocks and geopolitical instability, Penny shows practitioners not just what operational risk is, but how to manage it in the real world.”
―LEWIS O’SULLIVAN, Publishing Consultant; Former Publisher, Risk Books

Practical frameworks for navigating operational risk from climate change to cyber threats

Managing Operational Risk in a Changing World provides practical frameworks and methodologies for risk professionals facing an evolving discipline. As regulations change and new threats emerge from geopolitical risk, artificial intelligence, cyber attacks, and pandemic scenarios, practitioners need guidance organized around contemporary challenges rather than historical definitions. This book blends nearly 40 years of frontline experience with emerging themes that define today’s operational risk landscape.

Each chapter integrates the author’s direct experience with interviews from industry veterans and case studies ranging from Barings to Silicon Valley Bank. The book demonstrates how risk frameworks can be applied in practice, covering resilience, climate considerations, staffing challenges, and the operational risk implications of AI adoption. Readers gain tools and techniques to implement risk methodologies successfully, supported by perspectives from multiple practitioners rather than a single voice.

Written for operational risk professionals, academics, and students in enterprise risk management programs, this book serves as both a practitioner’s manual and classroom text. A companion website offers supplementary materials for instructors, making it an essential resource for professional development and academic coursework alike.