Professional Documents
Culture Documents
What Is Operational Risk
What Is Operational Risk
Most organizations accept that their people and processes will inherently incur errors and contribute to ineffective operations. In evaluating operational
risk, practical remedial steps should be emphasized to eliminate exposures and ensure successful responses.
If left unaddressed, the incurrence of operational risk can cause monetary loss, competitive disadvantage, employee- or customer-related problems, and
business failure.
risk avoidance
People and decisions made by people (human error) tend to cause most operational risks.
As organizations become increasingly digital, thereby utilizing more data, operational risk managers should continually monitor and assess risks in real
time to minimize their potential impact.
https://www.techtarget.com/searchsecurity/definition/operational-risk 2/4
11/14/22, 10:36 AM What is Operational Risk? Definition from SearchCompliance
What key risk indicators should businesses track? That depends on the industry in which they operate. For example, banks follow guidance from the
Basel Committee on Banking Supervision (BCBS), which lays out approaches for measuring operational risk and requires banks to allocate a certain
amount of capital to cover losses from operational risk. Some of the ways companies can measure operational risk, not all of which are ideal, are the
following:
1. Internal fraud. Misappropriation of assets, tax evasion, intentional mismarking of positions and bribery.
2. External fraud. Theft of information, hacking damage, third-party theft and forgery.
3. Employment practices and workplace safety. Discrimination, workers' compensation, employee health and safety.
4. Clients, products and business practice. Market manipulation, antitrust, improper trade, product defects, fiduciary breaches and account churning.
5. Damage to physical assets. Natural disasters, terrorism and vandalism.
6. Business disruption and systems failures. Utility disruptions, software failures and hardware failures.
7. Execution, delivery and process management. Data entry errors, accounting errors, failed mandatory reporting and negligent loss of client assets.
1. Define operational risk management, its scope, purpose and function. Keep in mind that operational risk definitions vary from industry to industry.
2. Define roles that will be necessary for the function to succeed, which may involve -- but does not necessarily require -- a chief operational risk officer.
3. Define operational risk management's relationship to other risk management functions cooperatively with those other functions.
4. Decide the ways in which operational risk will be monitored and measured.
5. Decide which tools will be necessary to enable a successful operational risk function, and determine whether those tools already exist in the
organization or if additional tools are required. Procure what's necessary with the help of IT and security to avoid introducing unnecessary risk into the
tech stack or unknowingly creating security gaps.
6. Identify the necessary data sources and their owners; secure access to the data needed for operational risk management.
7. Work with other risk functions and the business to identify process-related risks and their respective causes.
8. Identify risks related to processes, such as whether they can scale as necessary or whether the processes are adequate within the context in which
they run.
9. Define risk categories.
10. Map processes in detail, along with their risks and controls.
11. Define key risk indicators.
12. Ensure that each part of the organization involved in a process has been identified.
https://www.techtarget.com/searchsecurity/definition/operational-risk 3/4
11/14/22, 10:36 AM What is Operational Risk? Definition from SearchCompliance
13. Understand what resources are required for a process. Monitor for changes, such as the need to scale up or down.
14. Understand the company's risk appetite in detail.
15. Implement control measures.
16. Educate the workforce about operational risks and what's expected of them as individuals. Include contact information so employees know whom to
contact about a potential issue.
17. Assess the impact of the operational risk management function on the business, and to the degree it involves change, ensure sound change
management practices.
18. Continuously measure and monitor operational risks. Use the historical data to understand trends, weak spots, etc.
https://www.techtarget.com/searchsecurity/definition/operational-risk 4/4