The board of directors of a midsize bank has recommended that the bank improve its processes for managing operational risk. The CEO asks an enterprise risk manager to review the bank's tools and processes for managing operational risk and to suggest improvements that are consistent with Basel II and Basel III guidelines for operational risk governance. The bank also plans to adopt the new Basel III standardized approach (SA) to determine its regulatory capital for operational risk. Which of the following actions should the manager recommend that the bank take?