Mistakes to be Avoided While Building a Risk Management System


There are several books that have been written about the steps that need to be undertaken in order to be able to be effectively able to implement operational risk management in an organization. However, a lot of companies fail in their endeavors. This is because very few studies have been conducted about mistakes that need to be avoided while implementing an operational risk management system. In this article, we have a closer look at some of the common mistakes which need to be avoided.

Mistake #1: Not Integrating Risk Management with Strategy

There are many companies around the world that are struggling with their risk management solutions. This is because of a simple reason that they consider risk management to be an activity independent of the operations and the overall strategy of the company. However, this is not true. Companies that manage operational risk successfully consider this risk to be a part of their overall strategy. This is the reason that the balanced scorecard of these companies is often modified to include parameters about risk. The entire process is integrated with the overall management of the business and hence gets due attention from the top management.

Mistake #2: Reactive Approach

The operational risk management mechanism is often designed to be reactive. This means that the operational risks are often identified or the data is reported only after the risk event has taken place. On the other hand, successful companies have a proactive approach. They do not wait for a risk event to occur before it is entered into the risk management system of a company. They monitor the potential risks just as closely as they monitor actual loss events. The end result is that the organization becomes proactive. They can identify patterns and resolve issues before they become actual loss events

Mistake #3: Manual Process

Studies into the success of operational risk management programs have shown that the more automated a process is, the more likely it is to succeed. Many times, while implementing the risk management program, the companies get intimidated by the costs involved. Hence, they basically implement a stripped-down manual version of an operational risk management program. However, manual versions seldom work. This is because of the fact that in a manual process, the data is either collected in an ad-hoc manner or at periodic intervals. On the other hand, in an automated process, the data is collected continuously. Since the quantum of data collected in more, better statistical analysis can be done and as a result, the whole implementation becomes more successful. Also, if the monitoring is automated, the key risk indicators can be closely monitored. If it is observed that the key risk indicators deviate from the norm then an escalation process can also be set off immediately.

Mistake #4: Not Having a Clearly Defined Escalation Matrix

Having a clearly defined escalation process is vital to the success of any operational risk program. This means that firstly, the system should ensure that the escalations generated by the system are genuine escalations. There should not be any false positives being reported to the higher management. Also, once the correct cases are identified, the escalation matrix should be clearly defined. The people working in risk management should know exactly which case needs to be escalated to whom. Also, the number of cases escalated to senior management as well as the manner in which these escalations were handled have to be monitored and reported.

Mistake #5: Inability to See the Full Picture

The literature related to operational risk management is quite clear on one aspect. The aspect is that if you can’t measure a particular risk, odds are that you will not be able to manage it. This is because the inability to completely see a particular risk and to report it blindsides the organization.

The above adage is true. However, managers at many companies have been using this explanation to avoid work. They have not been trying to decode or manage risks that do not provide much data i.e. they are opaque. Many times organizations cannot avoid such functions. Even though they are complicated and opaque, these functions often form an integral part of the overall business of such organizations. Hence, if the management does not find innovative ways to collect data and monitor the risk, odds are that the operational risk management system of such an organization will fail since it will not be able to manage the required risk.

The bottom line is that there are several steps that need to be taken correctly in order to ensure that an operational risk management system works effectively in a company. Over the years, several companies have tried to implement these systems. Some of them have failed. The cumulative knowledge of the common causes that have led to these failures has been listed above so that other companies can learn from these mistakes and avoid them in the future.


❮   Previous  Article Next  Article   ❯

You’ll also like:
Related articles and how-to guides curated for you.

View All Articles



Authorship/Referencing - About the Author(s)

The article is Written By “Prachi Juneja” and Reviewed By Management Study Guide Content Team. MSG Content Team comprises experienced Faculty Member, Professionals and Subject Matter Experts. We are a ISO 2001:2015 Certified Education Provider. To Know more, click on About Us. The use of this material is free for learning and education purpose. Please reference authorship of content used, including link(s) to ManagementStudyGuide.com and the content page url.


Risk Management