Operational risk, broadly speaking, is the risk of loss from an operational failure. It encompasses a wide range of events and actions as well as inactions and includes, for example; inadvertent execution errors, system failures, acts of nature, conscious violations of policy, law and regulation, and direct and indirect acts of excessive risk taking. Health and Safety is also covered under the umbrella of our Operational Risk framework
Operational losses can be caused by junior staff; but they can also be caused by mid-level officers, senior managers, executives and Boards of Directors. They are sometimes caused by individuals and in other cases by groups of people working in collusion. Many of the largest losses take place when operational failures are present at the senior-most level. Additionally, business success centers on the ability of a company to correctly recognize and successfully manage the risks associated within its operations. Operational risks are all risks an organization might face that are not considered financial or strategic in nature. Addressing operational risks is difficult for many companies. Insufficient loss data, the lack of established methods for mitigating risk, the fact that there are many different types of operational risks with multiple corresponding owners, and an unclear cause and effect of risk and actual incidents are some of the challenges organizations face.
- We do not know what our major risks are and how to mitigate those risks nor do we know what our risk profile/appetite is.
- We are losing money (theft/fraud/inefficiencies) and do not know how or why
- How can management adequately and actively identify risks within the various businesses?
- How can we increase value, improve performance and increase productivity?
- We do not have any business continuity and disaster recovery plans
- We are not prepared for any type of disaster (e.g. floods, fires, power failures)
- How can you enhance your risk culture to achieve greater efficiencies and higher productivity levels?
- Are we a risk intelligent organization?