Operational Risk

Management
 Hello!
We are Team
Krispy Kreme 

2
 Definition of Operational
Risk
Peccia
1 potential for loss due to failures of people, processes,
technology and external dependencies
FSA
ultimately firms need to decide for themselves what
operational risk means to them
 Scope of Operational
Risk
1. Business Risk
2. Crime Risk
3. Disaster Risk
4. Information Technology Risk
5. Legal Risk
6. Regulatory Risk
7. Reputational Risk
8. Systems Risk
9. Outsourcing
4
 Benefits of
Operational Risks
◇ Ability to achieve its business objectives.
◇ Providing management the opportunity to focus on revenue
generating.
◇ Minimizing day-to-day losses.
◇ Providing a more robust enterprise risk management system.
◇ Enables the correlation of different classes of risk to be
understood and, where appropriate, modelled

5
 Implementations of
Operational Risk
◇ Not overly constraining risk taking, slowing down decision
making processes or limiting the volume of business undertaken.
◇ The implementers, separate individuals to the managers of the
individual business units.
◇ Risks being managed at an appropriate level in the organization.
◇ The development of a culture

6
 STRATEGY
2 What the business will do and the rationale behind it
 Definition of Strategy
Risk
Risks that affect a company's business strategy
or strategic objectives

8
 OBJECTIVES

 For a strategy to succeed the objectives must be clearly

stated and understood.
 Objectives are the basis for work and the assignment
of work.
 They determine the structure of a business, the key
activities that must be undertaken and the allocation of
people to tasks

9
 BUSINESS
PLAN

“
◇ The business plan is required to “tell a story”
and explain how the business will achieve its
objectives in comprehensive, coherent,
consistent and cohesive in manner.

10
 New Business
Development
◇ Risks associated with plans for entering new
business areas, expansion through merger and
associations, providing new services and
enhancing infrastructures.

11
 RESOURCES

“
◇ Some businesses are more successful than
others because they have resources that are
inherently different from those of their
competitors

12
 Stockholder
Interest
◇ There should be a clear understanding of
stockholders interests. A stakeholder analysis
should be undertaken which identifies the
primary and possibly conflicting expectations
of the stakeholders and their power of
influence.

13
 Corporate
Experience
◇ Reflects on the risk exposure profile of
the business’s strategy;
◇ Issues will include knowledge of
markets, customers, suppliers,
contractors, distribution mechanisms.
Products and services and the legal and
regulatory/context/risk of the industry.
(will vary according to what the
corporate offers)

14
 REPUTATION
◇ One of the most valuable assets a business can have.
◇ Significant measurement is VALUE. Value helps branding become
successful by having a secured long-term competitive advantage.

“
◇ Persuasion to customers by making them believed of supremacy
of products or service offered than of rivals regardless if they are
or not.
◇ Brand value can be protected by trademark legislation
◇ Reputation erosion from single or multiple events can present a
serious risk to a business.

15
 Schmitt Five
Interrelated
Aspects to
Practice
Effective
Reputation
Management
16
 1ST Reputation management
needs to be broadly conceived

2ND Brand Reputation is an 4TH Organizations need to

1ST
on-going undertaking and take a unified approach to
should not be confused with reputation management
short-term crisis management 2ND across the whole business
by instilling the brand into its
3RD Corporate Brand has been employees
discovered as an essential 3RD
new marketing initiative. 5TH Brand protection needs
(before businesses focuses to be real time, to cope
only on single product but now 4TH with new form of brand
they focus on the scrutiny
5TH

17
 PEOPLE
3 A business must establish appropriate systems
and controls for the management of people risk
that may result from actions of employees or the
business itself.
 PEOPLE RISK
◇ Described as a combination of the detrimental
impact of employee behaviour (can be the
cause of business failure) and employer
behaviour (which impairs employee efficiency,
health, safety or loyalty)

19
 Two Levels of Severity that
Impact People Risk
1st Level
Lowest level is defined as events which should they materialise
would, in the short term, erode profitability, share value and/or credit
rating.

2nd Level
In the long term may have a detrimental impact on business’s wealth
or reputation and in the worst case can bring about the eventual
collapse of a business.

20
 TYPES OF
PEOPLE RISK
“ ◇ Manage employees effectively as they have
high impact in business profitability

21
 Effectiveness of Human
Resource Management is
measured as follows:
Productivity,
Absenteeism rates quality of
Accident
and Labour finished goods,
rates (health and customer
turnover (staff
and safety) satisfaction
constraints) (management

22
 HRM PRACTICES
◇ Personnel management
◇ the development of people as assets
◇ Use strategic plan in order to improve or
sustain an organization’s competitive
advantage.
◇ Employee Resourcing
◇ Employee Development
◇ Employee Relations
◇ Employee Rewards
23
 HRM adapt differently to other company in

“
accordance to the threats and opportunities they
face in their business environments.

24
 HRM PRACTICES
◇ Personnel management
◇ the development of people as assets
◇ Use strategic plan in order to improve or
sustain an organization’s competitive
advantage.
◇ Employee Resourcing
◇ Employee Development
◇ Employee Relations
◇ Employee Rewards
25
 HRM
◇ Improvement of working
conditions
CONTRIBUTE
◇ Creation of job
satisfaction
S
◇ Development and Training
of employees
◇ Maintenance of
harmonious relationship
◇ Fairness of rewards

26
 HRM assists
◇ Low productivity the companies
◇ Unfair dismissals
with threats to
◇ Absenteeism
◇ Accidents
organizations
◇ Social Abuses (bullying, stress induced by
unrealistic workloads and sexual and racial
discriminations

27
 ABILITY TO PAY
SALARIES & WAGES
◇ Payment of Salaries is clearly a
liquidity issue. The salary burden must
be managed against the current and
anticipated income and staff numbers
balanced accordingly.

28
 Contracts Regulations
There must be an intention to create legal and Statutory
relations, consideration, capacity, consent Requirements
of the parties and no mistake,
misinterpretation, duress or undue
influence. The contract must not be
illegal.

29
 Regulations
Maternity and Statutory
A pregnant employee who has on the Requirements
advice of her doctor, midwife or health
visitor to obtain antenatal care must have
the time off to keep it and she must also
be paid.

30
 Regulations
Discrimination and Statutory
It is prohibited in relation to those Requirements
protected regarding: recruitment, pay and
benefits, promotion, training, terms, and
conditions, transfer, dismissal, action
short of dismissal and any other detriment.

31
 Regulations
Whistleblowing and Statutory
Which describes the practice of an Requirements
employee metaphorically blowing a
whistle to draw the attention of those
outside of the business to some form of
unethical practice inside the business

32
 Dismissal Regulations
Methods of dismissal become part of a and Statutory
business's culture and can modify the Requirements
behavior of remaining staff and in the
wider context, if a trend emerges, can
increase or decrease the attractiveness of
the business to potential employees.

33
 Trade Unions Regulations
The change in how businesses deal with and Statutory
unions has been brought by the changing Requirements
political, economic, and industrial context
in which businesses trade and not in a
shift in management ideology(Pinnington
and Edwards 2000).

34
 STAFF
CONSTRAINTS
◇ Organizations have to market membership as
much as they market products and services-
and perhaps more.
◇ They have to attract people, hold people,
recognize and reward people, motivate people,
and serve and satisfy people. (DRUCKER
1992)

35
 RECRUITMENT
◇ This process will have a direct impact on the
quality of the staff employed, the future
retention of existing valued client relationship
and with staff retention.

36
 Key Aspects of Recruitment
Recruiters- The effectiveness of the recruitment process
will be influenced by the behavioral characteristics of the
recruiter in terms of whether they are personable,
enthusiastic, and competent.
Job analysis- Involves undertaking a systematic
investigation of jobs by following a number of
predetermined steps specified.
Job descriptions- Realistic job Previews informs
applicants about all aspects of the job, including both its
desirable and undesirable facets.

37
 Key Aspects of Recruitment
Interviews- It remains the mainstay of the selection
process; however they can be plagued by problems of
subjectivity and personal bias.
Selection- It must contain a screening process to establish
the fitness and propriety of employees including their
honesty, integrity, reputation, competence, capability and
financial soundness.
Induction of employees- It help the new recruits to
integrate into their new surroundings and hence become as
efficient and effective in their work as quickly as possible.

38
 Key Aspects of Recruitment
Induction of directors- Newly appointed directors need to
be inducted efficiently so that they can quickly familiarize
themselves with the company's activities and begin to
apply their skills and experience for which they have been
appointed, for the benefit of the company and its
shareholders.
Staff turnover- The loss of key personnel has led to the
abandonment of the development of projects and new
products as the holder of the knowledge to bring these
products to the market place has walked out of the door.

39
 Key Aspects of Recruitment
Staff absenteeism- When employees miss work, the
organization incurs direct costs of lost wages and decreased
productivity.
Mitigation- By monitoring these differential attendance
records, managers can assess where problems might exist
and more importantly begin planning ways to resolve or
improve the underlying causes.

40
 Key Aspects of Recruitment
Staff critically matrix- It can be developed which will
show visually which individual is carrying out a critical
task during any one phase of an activity and hence whose
unplanned or unexpected departure could threaten the
completion date of the overall activity.

41
 STAFF DISHONESTY

“
This is a fraudulent act made by an employee in
a company or involves dishonest actions of a
person who’s in a company

42
 Risk Management
A business's risk management culture encompasses the
general awareness, attitude, and behavior of its employees
to risk and the management of risk within the organization.

43
 SYSTEM

“
It refers for the group of "action plans" known as
strategy, policy, framework, process and profile.

44
 Operational
Risk Strategy Risk Terms
a description of the overall objective of
the risk management process, normally
expressed in terms of its contribution to
the business objectives.

45
 Operational
Risk Framework Risk Terms
the overall plan of implementation of risk
management, which includes a
combination of the scope, policy, profile
and process.

46
 Operational
Risk Policy Risk Terms
policy should describe the business's
appetite for all classes of risk.

47
 Operational
Risk Terms
Risk Profile
describes the types of operational risk that
are faced by the firm and its clients and its
exposure to those risk.

48
 Operational
Risk Terms
Risk Process
consists of how the firm intends to
identify, assess and evaluate its
operational risks.

49
 Operational
Risk Terms
Risk Exposure
relates to the extent of operational risk
faced by a firm.

50
 Operational
Risk Terms
Risk Scope
refers to the risk categories included in the
bespoke risk taxonomy.

51
 Management
Operational risk management will be influenced by the
way in which the following series of issues are addressed.

52
 Training and Development for Non-
executives
Non-executive directors should regularly

“
appraise their individual skills, knowledge and
expertise and determined if tailored professional
development would help them develop their
expertise and meet their board obligations.

53
 HEALTH AND SAFTEY
• Businesses commonly are faced with a
multifaceted health and safety task as a result of
a number of different workplace “environments”
relating to plant and machinery, fleet
3 management and office accommodation.
• Health and safety management while being a
statutory requirement for businesses can be used
to increase operational efficiency, enhance
working environments and improve financial
performance.
 Processes and System Risk
◇ Failure of processes or systems due to their poor design,
complexity or non-performance, giving rise to
operational losses.
◇ As a result, a business may experience a wide range of
problems including inability to meet orders, poor
quality control, settlement processing errors, fraud and
information security failure.

55
 Control versus Controls
◇ Control deals with providing strategic

“
direction, future events
◇ Controls relate to recording events in the past.

56
 Major Characteristics of
Controls in Business
Enterprise
controls are
controls needed for
controls can neither
need to measurable and
be objective nor non-
neutral focus on measurable
results ) events

57
 Regulations and Statutory
Requirements

“
◇ Businesses within regulated industries have to
ensure that they comply with the restraints
imposed

58
 CONTINUITY
A business must make arrangements for the continuity of
its operations in the event that a significant process or
system becomes unavailable or destroyed.

59
 Indicators of LOSS
The risk indicators are used to facilitate
regular quantitative assessment and
monitoring of risk exposures and
mitigating responses.
60
Typical indicators are:
◇ Bank borrowing against credit limits
◇ Cost of raw materials
◇ Sales revenue
◇ Third-party defaults
◇ Shareholder complaints
◇ Lawsuits
◇ Business continuity events
◇ Customer complaints
◇ Contracts secured and contracts lost
 Meeting commitments
A common process risk for any
Transactions
business relates to the processing of
transactions. The risks to a business
emanate predominantly from not
honouring commitments to a
customer in terms of time, quality
and quantity.

61
 Production processes Another
common process risk is product Transactions
defects. The basic idea was to
improve processes so that the
probability of a defect was
effectively zero.

62
 Transactions
Documentation Risk
This might considered a subset of
transaction risk, as it is one step in
the overall process of a transaction.

63
 Product Variation Risk Transactions
Variability risk is the risk
experienced by manufacturers. The
risk relates to a process burden and
how successfully it is responded to.

64
 Goods In-transit Risk
This risk arises when shipping goods. A
facet of operational risk management Transactions
responsibility for large global
organizations is goods-in-transit, which
is being composed of three (3) key
areas: theft, accumulation risks, and
recoveries.

65
 Computer/IT Systems
Computer system risks include
IT systems include the computer systems and ◇ Business alignment
information technology infrastructure required for the
◇ Network availability
automation of processes and systems, such as application
software, operating system software, network ◇ Data integrity
infrastructure, and desktop and server hardware. ◇ Electronic data security
◇ System capacity
◇ Data recovery/loss

66
 ◇ Business alignment
The board must be assured that its IT system reflects its business needs and

“
that the organization is exploiting the system to full advantage.
◇ Network availability
A temporary loss of a network can prevent access to files, the intranet, the
world wide web, customer details, personal calendars, e-mail, personal contact
details, transaction records and so on.

67
 ◇ Data integrity
Corrupted or degraded data is as valueless as data that is

“
completely lost, when the extent of corruption or degradation is
unknown.
◇ Electronic data security
Security of electronically held data is a serious risk, which,
as a result of the internet, now has a global perspective.

68
 ◇ System capacity
System capacity relates to the amount of memory on a
server which impacts all businesses.

“
◇ Data recovery/loss
Back-ups have been used since the earliest beginnings of IT,
when the inherent unreliability of the hardware necessitated
rigorous copying of data, and the frequent use of the back-up
data.

69
 Information is increasingly forming the
KNOWLEDGE lifeblood of any organization. A
company's knowledge or intellectual
MANAGEMENT property is usually the basis of the
company's current success.

70
 The tracking of online dissemination
INTELLECTUAL and use of intellectual property, as well
as the capability to collect payment, is
PROPERTY not well developed in interactive
networks.

71
 Is about planning, controlling,
PROJECT coordinating a project from inception to
completion on behalf of a sponsor (or
MANAGEMENT sponsors), where the sponsor(s) may be
within or outside of the business.

72
 EXTERNAL EVENTS
4 • External events are events that occur outside of
the business, which may require a response in
the form change management (such as
organisational change) or the instigation of
contingency events to cope with, say, a natural
disaster
 ◇ The introduction of change needs to
be handled with care to avoid a
series of common risks.

CHANGE ◇ Where radical IT change is planned

it is often prudent to consider the

MANAGEMENT implementation of a small pilot

study initially to understand the
implications of the change and how
they may be best addressed.

74
 ◇ Business continuity management is
a holistic management process that
identifies potential impacts that

BUSINESS threaten an organisation and

provides a framework for building
resilience and he capability for an
CONTINUTIY effective response, which safeguards
the interests of its key stakeholders,
reputation, brand and value creating
activities (Business Continuity
Institute 2002).

75
 Events Causing the
Disruption
BUSINESS ◇ There are a number of issues that
can disrupt businesses, or in severe
CONTINUTIY circumstances put them out of
business. The issues of attacks by
animal rights activists, computer
hackers and terrorists is addressed
by a BBC report.

76
 OUTSOURCING
◇ Businesses frequently decide to outsource aspects
of their operations to independent third parties for
reasons including cost, efficiency and/or risk
transfer.

BUSINESS ◇ Outsourcing provides the opportunity to bring

significant benefits to a business; however, it may

CONTINUTIY
alter the risk profile of a business from a number of
aspects.
◇ The boundaries of outsourcing risk need to be
clearly understood, due to the relationship with
business continuity, information security,
regulatory risk and so on.

77
 MEASURING
◇ A key aspect of operational risk management is
BUSINESS control.
◇ However, to be able to priorities management
CONTINUTIY action and focus on those issues likely to have the
greatest detrimental effect on the operation of the
business, it is necessary to measure their likely
impact.

78
 MITIGATION
◇ The success of mitigation will depend on a number
of things.
◇ It will depend for instance on:
1. the degree to which risk management is embedded
in the business and championed from the top;
BUSINESS 2. the robustness of the risk identification process;
3. the willingness and the desire of senior
CONTINUTIY management to distil from the assessment process
the priority issues and take the time to prepare
specific tailored risk response actions;
4. the experience of senior management

79
 Thanks!
Any questions?

80