l&a sPEAKS

---

Operational risk is the broader are of risk management that exist in all businesses regardless of size or type.  Every business has its own operational and compliance-related risks.  Knowing your businesses top risks is important, as well as having a view on how you are covering those risks.  Operational risks are the potential for financial losses to your business due to the occurrence of negative events related to your business processes, your people, your data / technology, or some external event.  All these risks must be controlled for enterprises that want to avoid potentially disastrous issues.  

HOW DOES OPERATIONAL RISK MANAGEMENT WORK?

Understanding the nature of your business and the specific risks connected with it is, of course, the first step in any Operational Risk Management approach.  Operational Risk Management has been broken down into four basic principles by the US Department of Defense:

• Make the appropriate risk selections, focus on your top risks
• Plan ahead of time to mitigate your risks by putting good controls into your procedures
• Accept risk when the advantages outweigh the disadvantages.
• Do not take any unnecessary risks

Using those concepts gives the perspective on how to integrate operational risk management inside your organization and begin reaping the advantages.  Examples of operational risk include:

• Employee misconduct and errors
• Breach of personal information as a result of cyber-attacks
• Automation, robots, and artificial intelligence all pose technological hazards.
• Controls and processes in the workplace
• Natural catastrophes, for example, are physical events that can disrupt a business.
• Internal and external frauds are both prevalent

The primary advantages of operational risk management:

• Increasing the consistency of company processes
• Increasing the efficiency of risk management activities
• When there are dangers involved, the decision-making process should be strengthened.
• Losses caused by inadequately identified hazards are reduced.
• Early detection of illegal activities is critical.
• Costs of compliance are reduced
• The potential damage from future threats is reduced.

STAGES OF OPERATIONAL RISK MANAGMENT

• Identifying the Risk:  Recognizing the risks relevant to your organization is critical, but numerous potential hazards can influence any type of business, and you must identify all of them, both recurring and one-time incidents. If at all possible, workers from all levels of the organization should be included in the identification process, bringing a diversity of backgrounds and experiences to ensure a cohesive outcome. Risks that may be spotted by workers on the ground will be very different from those identified in the boardroom, but they will be just as important.

• Risk Evaluation:   After the hazards have been identified, they must be evaluated. This must be done from both a quantitative and qualitative standpoint, with elements such as the frequency and intensity of recurrence taken into account. Concerning those criteria, the evaluation must prioritize the management of these risks.

• Measurement and Mitigation:   The next step is to mitigate these risks (if not eliminate them), with measures in place to restrict the company's exposure to them and the potential damage they can create.

• Monitoring and Reporting:   Any Operational Risk Management strategy should include a mechanism for continual monitoring and reporting of these risks if only to verify the plan's effectiveness.  Most importantly, it's to confirm that the solutions in place are still functional and doing their job in terms of risk management.

Taking a similar approach to the one described above will have your business on your way to a successful operational risk management strategy.