Identification of Operational Risks
The fundamental principle of operational risk management is to ensure that all operational risks have been considered and decisions have been taken about the best way to mitigate them. This is because experience has shown organizations that the worst outcomes come from risks that they have knowingly or unknowingly ignored.
It is therefore important to ensure that the organization tries to maintain an exhaustive list of all the operational risks that it faces. The reality is that the risk can never be exhaustive. However, the idea is to make the analysis as comprehensive as possible given the time constraints that the organization has.
It is also important to realize that the identification of operational risks is not a one-time process. Since the organization operates in a dynamic environment, it is important to periodically scan the environment in order to identify newer risks that may emerge and proactively manage them.
In this article, we will have a closer look at some of the best practices which are associated with the identification of operational risks.
Top-Down Approach Vs Bottoms Up Approach to Operational Risk Assessment
The identification of operational risks is one of the most crucial steps in managing risks. The failure to identify risks almost certainly means that the organization will not take any action to mitigate them. Hence, to identify risks, a thorough scan of the entire organization and its operating environment is necessary. This is the reason that companies often use a combination of a top-down approach as well as the bottom-up approach in their bid to identify operational risks.
The top-down level of risk identification starts with the actions of the senior management. This is because the data required to conduct the top-down analysis is not available to people working at lower levels.
Top-down risk identification is generally done by the senior management in seminars. The major process owners of the organization try to brainstorm about what could go wrong with their operations. These sessions include scenario generation exercises wherein the executives are supposed to come up with the probable scenarios that the external environment can bring up and the response that the organization would give in each case.
Generally, the top-down approach considers emerging technology and global risks in their meetings. This type of risk analysis happens quite infrequently. This is because the external environment does not change very often.
As the name suggests, the bottom-up approach to risk management is the opposite of the top-down approach. This is because the bottom-up approach is often undertaken by supervisors and mid-level management. However, they take their inputs from the lowest levels of workers.
Process mapping and interviews are some of the most common techniques which are used in bottoms-up management. This is because the idea is to map the entire process at a granular level.
Interviews help identify the most common threats to which the process is vulnerable. Also, it is the job of the management to conduct an operational risk analysis to identify key people and systems which can cause a systemic breakdown in the organization. This risk identification focuses on how technology and people can be deployed to provide optimum results for the company. However, there is an inherent issue with the bottoms up approach.
Many times, managers are too engrossed in finding their individual risks. Hence, the exercise is conducted on a very micro level. The end result of such an exercise is the identification of a series of disjointed risks. These risks may not have any pattern to them and maybe at a very low level.
Hence, formulating an organization-wide approach to mitigating these risks might become difficult in such an environment. The frequency of this process is quite high. Companies often conduct half-yearly or annual risk audits in order to identify the risks and create plans to mitigate them.
Problems with Risk Identification
The problem with risk identification is that it is not a process-based approach. The methods used in the risk assessment exercise are qualitative. Hence, the outcomes of such methods are not consistent.
For instance, two different groups at the same organization may brainstorm in order to identify risks and both the groups may come up with entirely different outputs. Both the bottoms up and top-down approach relies on intuition and judgment instead of using the scientific method.
Even after the risks are identified the categorization of these risks is subject to a lot of human judgment. This creates a huge problem since if the person conducting the risk management exercise is not competent, the risk identification would be incomplete.
Tools like risk matrix have been created to help managers identify and prioritize risks. However, they too work based on the inputs given to them by the person identifying the risks.
The bottom line is that the identification of risks is an imperfect process. This is the reason that it needs to be done in an iterative manner. This is because it is possible that a risk that was missed the first time may be identified in the second or third attempt.
|❮❮ Previous||Next ❯❯|
Authorship/Referencing - About the Author(s)
The article is Written By Prachi Juneja and Reviewed By Management Study Guide Content Team. MSG Content Team comprises experienced Faculty Member, Professionals and Subject Matter Experts. We are a ISO 2001:2015 Certified Education Provider. To Know more, click on About Us. The use of this material is free for learning and education purpose. Please reference authorship of content used, including link(s) to ManagementStudyGuide.com and the content page url.
- Risk Management - Introduction
- Benefits of Risk Management
- Principles of Risk Management
- Risk Management Process
- Risk Identification and Assessment
- Aspects of Risk Management
- Steps in Risk Management Process
- Approaches to Risk Management
- Risk Management Policy
- Commonly Used Measures of Risk
- Risk Management Plan
- Evaluation of Risk Management Plan
- Risk Treatment
- Role of HRD in Risk Management
- Enterprise Risk Management
- Implementing ERM
- Risk Management and Stock Market
- Outsourcing Risk Management Program
- Risk Management as a Profession
- Anticipating and Mitigating Organizational Risks in the Digital Age
- Challenges Facing the Australian Economy
- The Economic Costs of MeToo
- Automated Claims Processing
- Challenges in Global Insurance And International Claims
- Conflicts of Interest in the Insurance Business
- The Cost Structure in the Insurance Industry
- How Drones Will Impact the Insurance Industry?
- How Is Health Insurance Funded?
- How Self Driving Cars Impact Insurance?
- How Stock Market Volatility Affects Insurance Companies?
- Insurance Agents vs. Insurance Brokers
- The ABCs of Insurance Fraud in India
- Technological Advances in the Insurance Industry
- The Basics of Unemployment Insurance
- The Pros and Cons of Unemployment Assistance and Why it Matters in the Present Times
- The Role of Insurance In #MeToo Movement
- Why the Flood Insurance Market should be Privatized?
- Basics of Pet Insurance
- Cannabis Insurance
- Challenges Facing Cryptocurrency Insurance
- Evolution of Insurance Regulation
- Food Delivery Apps and Insurance
- How Does Captive Insurance Work?
- On-Demand Insurance
- Reinsurance vs. Double Insurance
- Solvency Regulations in the Insurance Industry
- Terrorism and Insurance
- The Basics of Microinsurance
- The Basics of Reinsurance
- Types of Captive Insurance Companies
- What is P2P Insurance?
- How Risks Affect Companies Providing Financial Services
- Risk Management Information System
- Disadvantages of Risk Management Information Systems
- The Known-Unknown Classification of Risk
- Operational Risk: Definition and Drivers
- How Regulations Have Affected Operational Risk?
- Identification of Operational Risks
- How to Identify Operational Risks
- Using Internal Loss Data to Mitigate Operational Risks
- External Loss Data in Operational Risk Management
- Risk Control Self Assessment (RCSA)
- Scenario Analysis in Risk Management
- Key Risk Indicators
- Basel Approaches in Operational Risk Management
- The Basel Risk Categories
- Cause Categories in Operational Risk Management
- Loss Distribution Approach
- The COSO Framework for Internal Control
- Mistakes to be Avoided While Building a Risk Management System
- Credit Rating Terminology
- Types of Exposures to Determine Credit Limit
- Types of Credit Events
- Active Credit Portfolio Risk Management
- Metrics to Measure Credit Risk
- Credit Derivatives: An Introduction
- Credit Linked Note
- How do Credit Default Swaps Work?
- Why are Credit Default Swaps Dangerous?
- Total Returns Swap
- What are Collateralized Debt Obligations and How do they Work?
- Collateralized Debt Obligations: Advantages and Disadvantages
- Mark To Market Accounting
- What are Recovery Rates? - Different Types of Recovery Rates
- Netting, Close Out, and Acceleration
- Expected Default Frequency (EDF)
- Expected Default Frequency: Advantages and Disadvantages
- Altmans Z Score Model
- Unexpected Loss and Economic Capital Buffer
- Stress Testing in Credit Risk Management
- Provisioning in Credit Risk Management
- How Corporate Governance Impacts Credit Risk
- Exit Strategies In Credit Risk Management
- What is Market Risk? - How its Measured and Sources of Market Risk
- Why is Market Risk Management Important?
- Introduction to Value At Risk (VaR)
- The Three Types of Value at Risk (VaR)
- Marginal, Incremental and Component Value at Risk (VAR)
- How Value at Risk (VaR) is Implemented?
- Backtesting Value at Risk (VaR)
- Advantages of Using Value at Risk (VaR) Model
- Disadvantages of Using the Value at Risk (VaR) Model
- How Margins Are Calculated Using Value at Risk (VaR)
- Market Risk Limits
- Tail Risk
- The Upside of Market Volatility
- Relationship between Volatility and Risk
- Importance of Data Quality in Risk Management
- Impact of Using Poor Quality Data and Metrics to Measure Data Quality
- Enterprise Risk Management (ERM) vs Traditional Risk Management
- Benefits of Enterprise Risk Management
- Corporate Risk Governance
- International Risk Governance Committee (IRGC) Framework
- Failure of Market Risk Management
- Mistakes to Avoid in Risk Management