Introduction to Operational Risk

What is operational risk?

Operational risk is defined as “The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events”. Good operational risk management (ORM) depends on people and processes and it helps the organisation achieve its goals. Good ORM involves linking across disciplines, breaking down silos and recognising the value of generalists as well as specialists. Good ORM results in risk specialists understanding and integrating into business processes and being part of an overall competitive advantage delivered holistically across the lines of defence.

What is the foundation of good operational risk management?

A key point regarding risk is that we manage risk because we want to take it whilst ensuring that it remains controlled to our appetite. In this context, we manage operational risk to ensure that business processes operate within our tolerance whilst aiming to achieve outcomes. One of the goals of ORM is to ensure the assessed and approved chance of failure remains the same every time. Unexpected outcomes are not advantageous to stable income, share price or regulatory expectations.

Financial institution policies, regulation, structure, individual accountability and other concepts contribute to the success, or not, of that ambition. This can contribute to operational risk management being a competitive advantage.

What are the main stages within operational risk management?

• Risk appetite
• Risk identification
• Risk evaluation
• Risk response
• Reporting risk

In order to achieve success in ORM, we need an integrated approach between different lines of defence to ensure all of these stages.