Operational risk is defined as the risk of loss resulting from insufficient or failed internal processes, people, and systems or from external events. This description includes legal risk but excludes strategic and reputational risk (BCBS). Operational risk is unlike from other risks (e.g. credit, market, liquidity) since it is typically not taken in exchange for an expected return; it exists in the natural course of business activity. Failure to correctly manage operational risk can expose firms to substantial losses.
Herewith tips for managing operational risk management for business. These are based on the research and Du Pont Sustainable Solution (DSS) findings, in which 75 senior leaders across eight industry sectors spanning 10 countries were interviewed to determine their perceptions of Operational Risk Management (ORM) strategies within their organizations.
Get the backing of the organization’s leadership. This is a critical first stage. An ORM program will only be really effective if it is championed at the very top of the organization. According to the research conducted for DSS Roughly eight out of 10 companies (79%) say that accountability for risk management is assigned at the corporate level.
Introduce risk accountability across the organization. Employees across every level of the enterprise require to be trained to incorporate risk-based thinking into their day-to-day activities and be held accountable for risks within their immediate area of control. Alarmingly, more than one-third (38%) of companies say that shop-floor employees are currently not held accountable for risk management.
Quantify and prioritize risks. Managing an optimised ORM program requires that risks are quantified in terms of probability and severity, and calculated in terms of the costs and benefits of mitigating a risk against allowing the risk to remain as is. This enables mitigation efforts to be targeted most effectively.
Agree to timely risk assessments. Risk assessments help ensure companies fulfill with new requirements and keep risk management a top priority. The frequency of these audits should be determined by the unique characteristics of each company and its operational footprint. According to the research done for DSS, 92% of firms are conducting risk assessments on at least yearly basis. Reviewing and revising an organizations’ risk assessment on a regular basis allows the company to keep the risk profile up-to-date and to incorporate any relevant changes (economic, geopolitical, technology, workforce).
Establish appropriate metrics and key performance indicators to monitor and assess performance. This is one of the most vital steps in a successful ORM program. It enables companies to safeguard the appropriate effort and resources are expended based on the specific risk profile of the business. The research conducted for DSS shows a number of firms are already aware of the importance of this step and are supplementing the development of their metrics with advice from outside sources.
Reinforce the importance of risk management through regular communications. Establishing a consistent timetable of communication on ORM performance is an effective way of maintaining commitment on the subject. Communications should be tailored to specific levels and functions of the organization to address diverse priorities and focus areas.
Implement consistent, well-documented and cost-effective controls. Such control measures are vital to vigorously mitigate identified priority risks. While almost all companies (98%) feel they already have adequate controls already in place, only about one in four (27%) considered them cost-effective, suggesting an prospect for them to classify better options for managing and controlling identified risks.
