Operational Risk Management
Operational Risk Management has increasingly become the most important of the three primary risks (along with Market and Credit Risk) facing corporations, and not just in financial services. Its key sub-disciplines – cyber security, business continuity, fraud (especially internal fraud), vendor management, and IT risks have assumed significant standalone proportions in recent years.
Organizations are necessarily taking a fresh look at implementing an effective operational risk management infrastructure, which takes it from the very abstract and/or the pure backward-looking (loss counting and reporting) perspectives that dominated its early days.
What is Operational Risk?
Operational risk management got its first formal definitions under the Basel (II) Accord: as the risk of loss due to failures across people, process, systems and external events. One sources of complexity is that the high-severity end of Operational Risk (business and people conduct & practices, regulatory penalties, fraud & theft) requires significantly different approaches than the high-frequency end of it (execution, process-management, errors).
Operational risk management entails the use of direct and circumstantial evidence to identify, define, assess, mitigate, monitor and manage the risk. This may include Risk Control Self-Assessment (RCSA), any and all of avoidance, reduction, control, management, transfer and acceptance strategies. Not least, an economic (risk) capital program helps with dimensioning the extremes. The toolkit / process elements can be described in the following diagram:
RECONCILING RISK APPETITE WITH ASSESSMENT
What can RiskCounts do for you?
Develop an Operational Risk framework and process
Implement end-to-end controls
Develop and implement an RCSA plan with an easy-to-use technology-enabled toolkit
Build Risk Metrics, Key Risk & Control Indicators, and all required measurement and reporting
Develop a strong Governance program across the full framework