How to Identify Operational Risks
In the previous article, we discussed about the top-down and bottom-up approach which has been created to identify risks. In this article, we will provide an alternate approach. This approach is similar to the bottom-up approach in that it uses process maps to identify risks. However, the way that they look at the process maps and the methodologies used for the identification of risks is quite different.
Operational Risk Exposure
Risk exposure is defined as a measure of the possibility of future loss which may arise from a specific process or event. Exposure is related to the activities themselves whereas risk is the probability of an adverse event occurring while conducting those activities.
During the natural course of business, companies tend to engage in a lot of activities that increase their exposure to operational risks. Some of these activities have been mentioned below:
If you tried to map operational risk exposure on a risk matrix, it would be mapped in a high impact low probability zone. This means that the probability of any of these events mentioned above happening is very low. However, if it does happen then the impact will be significant.
Operational vulnerabilities on the other hand are low impact, high-frequency events. These events are much more likely to occur and even keep happening in the day-to-day life of any company. However, their financial impact is not that high. Operational vulnerabilities are often defined as the weakest link in any business process.
Defects or shortcomings in the day-to-day processes of the company are referred to as operational vulnerabilities. For instance, it is quite possible that a company may manufacture defective products or sometimes may ship the wrong product to the wrong customer. If these events occur, the company can quickly replace the product and provide the right order to the customer. They can even provide some freebies to ensure customer satisfaction. Hence, the cost will be low. However, these events happen quite often in some companies.
There is always a chance that the information system of a company crashes due to high data load. It is not unheard of for companies to stop functioning for a couple of hours or even a couple of days due to defects in their information systems. The financial impact of such outages is relatively low. However, they tend to happen more frequently
Incompetent personnel is also an operational risk to the business. There are some companies that routinely hire inexperienced people and then train them. In such cases, it is quite possible that the service level of the company may drop because of the inexperienced people providing the service. This is another important operational vulnerability that may cost the company in the long run. It is quite possible that each company may have some silos wherein a small group of people will continue to operate unabated without following the proper risk management protocols.
The goal of operational risk management is to thoroughly assess the exposures and vulnerabilities. Once they have been identified, the goal is to minimize the exposure. It is important to realize that exposures cannot be completely eliminated. However, at the same time, it is important to eliminate the vulnerabilities. Multinational companies spend a lot of their time and money ensuring that their processes are six sigma compliant and are therefore devoid of operational vulnerabilities.
Authorship/Referencing - About the Author(s)
The article is Written By Prachi Juneja and Reviewed By Management Study Guide Content Team. MSG Content Team comprises experienced Faculty Member, Professionals and Subject Matter Experts. We are a ISO 2001:2015 Certified Education Provider. To Know more, click on About Us. The use of this material is free for learning and education purpose. Please reference authorship of content used, including link(s) to ManagementStudyGuide.com and the content page url.