The COSO Framework for Internal Control
February 12, 2025
Research has shown that the best way to get the senior managers at all levels interested in the change initiatives is by engaging them and seeking their buy-in for the change management process. Studies have proved that the managers in the upper echelons buy into the change from a strategic perspective where the accent is […]
High-Performance work teams comprise a group of highly talented and motivated professionals working together for the achievement of a common goal or business objectives. High-Performance teams assure the highest levels of performance and productivity, unlike average teams by leveraging the business resources optimally and making best utilisation of the available talents or competencies. Such teams […]
The term Psychological Contract gained popularity during the 1960s when its description and definitions were mentioned in the studies of behavioural and organizational theorists Chris Argyris and Edgar Schein. Since then, many other theorists and experts have contributed their insights on this subject and propounded several approaches or studies which have unveiled newer perspectives on […]
Let us first go through a simple real life situation. John was working as a key accounts head with a leading advertising firm. He had four members reporting to him. Unfortunately he always under estimated his team members and fought with them constantly. He could never trust them and always thought they were incapable of […]
When individuals with a common interest, goal, attitude, need and perception come together, a team is formed. Individuals need to come and work together to form a team for the accomplishment of complicated tasks. In a team, all team members contribute equally and strive hard to achieve the team’s objective which should be predefined. In […]
The Basel guidelines are the gold standard when it comes to identifying and managing operational risks. This is the reason why every organization tries to align its risk management practices with those recommended by the Bank of International Settlements. The guidelines provided are quite exhaustive.
The Bank of International Settlements has recommended that every operational risk can be classified into one of the seven categories.
In this article, we will have a closer look at those seven categories as well as how this categorization helps in better risk management.
For instance, an internal party may intentionally want to misappropriate property owned by the company. In other cases, they can simply be taking more risks by trying to circumvent the systems which have been built.
Instead, they may intend to defraud the company by swindling money from them or by getting the company to break the law. In such cases, there are no internal parties involved in the fraudulent activity.
The company may not have condoned the behavior of its erring employee. However, it will be held responsible and may have to pay monetary damages.
Companies may also have operational risks arising from non-compliance with policies regarding the health and safety of workers.
As a result, they may have to pay damages to the injured or otherwise aggrieved personnel.
For instance, consulting companies like Arthur Andersen were penalized for fraud when their employees were found to be in cahoots with the perpetrators of the Enron fraud.
Similarly, a company may have to face operational risk because of non-compliance with its duties towards the client.
Investment banks have been penalized for wrongfully advising their clients to buy certain securities when they were themselves in the process of selling out those securities.
Companies manufacturing products may also face lawsuits if they sell defective products which do not work as intended.
However, these assets may get destroyed in riots, terrorist attacks, or even acts of God.
Since building these assets requires a significant capital outlay, the losses may also be significant. This is the reason why effective operational risk management is necessary in such cases.
It is important to note that physical information technology assets such as servers and computers are also included in this category even though there is a separate category for physical assets.
If a company faces any outage or data theft that arises because of the improper functioning of its business systems, it could face severe losses. These losses could be related to lost business revenue. However, they could also be related to lawsuits that may arise because of the data which has been compromised.
For instance, a company may be under obligation to manufacture and deliver a certain quantity of goods.
However, it may not be able to follow through on its promise because of the inability to procure raw material because of a labor strike.
Alternatively, it may have wrongly estimated the time required to complete the task and may have overcommitted. This too can lead to losses in the form of fines, penalties, demurrages, and lost reputation. It is for this reason that these scenarios should also be included in the list of operational risks and attempts should be made to avoid them or mitigate them if they do arise.
This framework is extremely useful for companies trying to identify their operational risks. Since all risks can be classified in these seven buckets, they serve as the topic for brainstorming.
Also, this makes the risk identification process standardized across companies.
Your email address will not be published. Required fields are marked *