This article will focus on operational risk management. After reading chapters 1, 2 and 7 in Essentials of Risk Management, you should have a basic understanding of what is involved in managing risks within a corporation. It focuses on the operational considerations. Most of these considerations involve the employees in some way. It provides an example of a company that failed to use risk management properly explains how it could have helped them to avoid their problems.
Costs of Operational Risk Management
Every risk in a business organization has got its own costs associated with it. Risk management is among the very basics and essentials of an organization. Poor risk management will cost the organization highly in terms of finances or even the public image. Proper and effective risk management will help the organization tackle issues in a very effective and efficient manner, which is less costly as compared to addressing the risk after it has occurred. Risks can result out of employees, technicalities in operations, and poor management strategies (Risk Center, 2013). In order to manage risks effectively, the organization needs to identify the risks and categorize them into strategic and operational risks. The former are those risks that come up due to the decisions that are made by the management, which affect the business adversely or negatively. A single operational risk may not affect the organization so much but the occurrence of the same, for instance, more than twice will affect the organization greatly. For instance, an occurrence of a single burglary in an organization may not affect it so much but its repetition will affect the organization greatly in terms of financial loss. This risk indicates a gap in the security systems of the organization and if not addressed effectively, then the entity is likely to suffer a great financial loss (Youngn& Coleman, 2009).
In the year 2007, the United Kingdom Government taxation authority, HM Revenue & Customs (HMRC) incurred a very great operational risk. In this case, personal details of 25 million people that were stored in two CDs were lost in the internal emails. The fallout from the loss of these CDs included the resignation of the HMRC chairman Paul Gray due to the organization’s substantial operational failure. This is a very good example of an operational risk, which has got a very great financial loss for the country.
Operational Risk Management Board
The operational risk management board cannot be able to manage risks by itself; however, it is responsible for formulation and implementation of control systems that can deal with the problem appropriately. The board can establish a risk committee that is to monitor exposure, actions taken, and the risks that have materialized. The risk committee will be tasked with the responsibility of assessing the operational risks in an aggregate over the whole organization. They make a decision on which risks are the most significant and the appropriate actions to be taken in order to counter them. In order to achieve this effectively, the risk committee needs to set priorities for the control systems and liaise with the internal audit through the auditor to ensure that these risks are covered (Bauer & Erdogan, 2012).
This risk committee can be supported by a risk management function, which shall be responsible for establishing a risk management framework and the appropriate policies and regulation in regard to effecting or the use of the framework.
The risk management function should also promote risk management by providing the appropriate information and training of the employees regarding how they can manage the risks that are available within their department or area of specialization. Apart from ensuring specific risks are dealt with appropriately, managers will be concerned with their local working environment and will deal with conditions that may cause risks to materialize (Bauer & Erdogan, 2012). For instance, they shall have to assess whether the employees are working excessively long hours and are more likely to make mistakes due to overworking. The managers shall also supply information to senior managers to enable them in assessing the risk position over the whole organization. In essence, the employees are held responsible for taking the appropriate steps to manage the risk and preventing risks from occurring. The senior management and the risk management committee are held responsible for ensuring that the employees have the appropriate knowledge and skills for dealing with the risks.
After the operational risk analysis by the operations committee, the organization can classify operational risks into two broader categories, which include low probability high impact risks and high probability low impact risks. The management of low probability but high impact risks can involve insuring the risks in question so that when they occur the organization can recover quickly to avoid much financial loss (White, 2014).
Operational Risk Management contingency plan
For the other risks, they can choose to use a contingency plan. A contingency plan serves to replace or replicate the efforts of other systems. This is commonly used by having generators or other sources of energy standby so that when there is a blackout, the production process can continue. The contingency plan can also be applied in information systems. In the above case of the United Kingdom taxation authority, replication of information materials could have helped manage the risks. In the current world, there are several methods and means of storing digital information, this includes cloud computing. Had the management used other alternative methods of storing the data, they could have recovered easily from the loss (White, 2014).
Managing operational risks is very essential in every organization. Clear analysis of the likely risk should be done, and then the appropriate measures to manage the risk are identified. The information is availed to the relevant people on how to manage the risk; this can involve training of the employees and equipping them if necessary. Poor risk management strategies result in large financial losses for the organization.
Operational Risk Management References
References
Bauer, T., & Erdogan, B. (2012), Organizational behavior (1.1 ed.). Nyack, NY: Flat World
Knowledge.
Risk Center, (2013). Operational Risk: Operational Risk Regulation and Assessment.
Retrieved from http://riskcenter.com/operational-risk
White, J. (2014). Security Risk Assessment: Managing Physical and Operational Security
(1St ed.). USA: Butterworth-Heinemann.
Young, B. & Coleman, R. (2009). Operational Risk Assessment: The Commercial Imperative of
a more Forensic and Transparent Approach. The Wiley Finance. NY: Wiley
