Operational Risk: Definition and Drivers
In the previous few articles, we have studied about the concepts of risk management in general. However, merely understanding general risk management is not enough for modern-day risk professionals. The challenging environment of today requires people to specialize in the different types of risk management. Out of all the different types of risks that are commonly studied, the organization has the maximum control over operational risk. Hence, in the next few articles, we will try to understand what operational risk really is and how it impacts the decision-making within the organization.
Definition of Operational Risk
For many years, there was no agreed-upon definition of operational risk. This meant that all organizational risks were classified into market risks and credit risks. The risks which could not be classified as either was often included in the category of operational risks. Obviously, this categorization was wrong and hence has faced severe criticism over the years. Over time, a new more acceptable definition for operational risks was arrived at. The same has been mentioned below.
Operational risk is defined as the potential loss which can occur because an organization has failed or inadequate processes, inadequate or failed systems, and/or incompetent people in the organization. It is important to note that the financial loss from the risk consists of any operational loss that may arise as well as any costs involving litigation. Reputational risks and brand management have been categorically excluded from the definition of operational risk since they are considered separately within the risk paradigm.
Drivers of Operational Risk
The above definition makes it clear that there are four major causes of operational risk. They are as follows:
- People: Companies are supposed to be careful about whom they hire to work for them. The integrity of their permanent employees, as well as their contractors, is considered to be the responsibility of the company. A system of internal checks and balances needs to be built in order to help the company avoid operational risks. The Sarbanes Oaxley act provides some guidelines about how much risk can be avoided.
- Processes: Companies are required to ensure that their processes work as intended. They should have a detailed idea about the flow of events in these processes. It is the job of the company to hire process improvement experts to recognize and close the gaps in the process at the earliest.
- Systems: Organizations hold critical data in their systems. This data may belong to third parties such as banks, customers, vendors, and so on. Hence, it is the responsibility of the company to ensure that adequate data security is in place. Companies should create secure systems which prevent unauthorized data access in these systems. The systems should also be created in such a manner that they are safe from external hacking.
- External Events: Lastly, there is always a chance that some external activity disrupts the operations of a business. The disruption caused by the COVID-19 pandemic is a prime example of this risk. Companies are expected to have detailed business contingency plans in place which allow them to continue operations even if such events occur.
Examples of Operational Risks
Many organizations have faced loss because of operational risks. Most of the time the losses are small. Hence, they are not reported in the media. As a result, awareness about these losses is not increased. However, in some cases, the losses are quite significant and hence end up being reported in the media. Some examples of these high profile adverse events related to operational risk are as follows:
There have been several financial frauds such as Enron, Worldcom, Bernie Maddoff scam, or the scam involving Raj Rajaratnam. These are all premier examples of how a group of incompetent or dishonest people is able to cause grievous loss to their organizations. Sometimes the loss is so severe that these organizations cease to exist as a result! The recent scam involving Facebook and Cambridge Analytica can also be included here because here too the actions of some contractors ended up harming the organization.
There are many examples wherein the systems of organizations have failed and as a result, the organization has suffered significant losses. For instance, many technology companies have been victims of cyber attacks in the recent past. Companies like Adobe, eBay, Equifax, and even LinkedIn have been found themselves at the center of many data leaks. This is also the case with many banks and financial institutions. Since data is vital to the performance of business activities in this organization, these data breaches have significantly impacted the business of these companies.
Lastly, there are many examples wherein processes set by organizations have failed. For instance, companies like Renault and Hyundai have been in the news. This is because some of their internal checks and balances failed. Their quality assurance team was not able to properly classify vehicles. As a result, faulty vehicles were sold. The end result was that these faulty vehicles had to be recalled and the organization had to suffer significant operational harm even if the reputational harm is not considered.
The bottom line is that there a clear and concise definition of operational risk which is in place. The drivers and causes of operational risk are also well known. It is this knowledge that enables the measurement and management of operational risks in the organization.
|❮❮ Previous||Next ❯❯|
Authorship/Referencing - About the Author(s)
The article is Written By Prachi Juneja and Reviewed By Management Study Guide Content Team. MSG Content Team comprises experienced Faculty Member, Professionals and Subject Matter Experts. We are a ISO 2001:2015 Certified Education Provider. To Know more, click on About Us. The use of this material is free for learning and education purpose. Please reference authorship of content used, including link(s) to ManagementStudyGuide.com and the content page url.
- Risk Management - Introduction
- Benefits of Risk Management
- Principles of Risk Management
- Risk Management Process
- Risk Identification and Assessment
- Aspects of Risk Management
- Steps in Risk Management Process
- Approaches to Risk Management
- Risk Management Policy
- Commonly Used Measures of Risk
- Risk Management Plan
- Evaluation of Risk Management Plan
- Risk Treatment
- Role of HRD in Risk Management
- Enterprise Risk Management
- Implementing ERM
- Risk Management and Stock Market
- Outsourcing Risk Management Program
- Risk Management as a Profession
- Anticipating and Mitigating Organizational Risks in the Digital Age
- Challenges Facing the Australian Economy
- The Economic Costs of MeToo
- Automated Claims Processing
- Challenges in Global Insurance And International Claims
- Conflicts of Interest in the Insurance Business
- The Cost Structure in the Insurance Industry
- How Drones Will Impact the Insurance Industry?
- How Is Health Insurance Funded?
- How Self Driving Cars Impact Insurance?
- How Stock Market Volatility Affects Insurance Companies?
- Insurance Agents vs. Insurance Brokers
- The ABCs of Insurance Fraud in India
- Technological Advances in the Insurance Industry
- The Basics of Unemployment Insurance
- The Pros and Cons of Unemployment Assistance and Why it Matters in the Present Times
- The Role of Insurance In #MeToo Movement
- Why the Flood Insurance Market should be Privatized?
- Basics of Pet Insurance
- Cannabis Insurance
- Challenges Facing Cryptocurrency Insurance
- Evolution of Insurance Regulation
- Food Delivery Apps and Insurance
- How Does Captive Insurance Work?
- On-Demand Insurance
- Reinsurance vs. Double Insurance
- Solvency Regulations in the Insurance Industry
- Terrorism and Insurance
- The Basics of Microinsurance
- The Basics of Reinsurance
- Types of Captive Insurance Companies
- What is P2P Insurance?
- How Risks Affect Companies Providing Financial Services
- Risk Management Information System
- Disadvantages of Risk Management Information Systems
- The Known-Unknown Classification of Risk
- Operational Risk: Definition and Drivers
- How Regulations Have Affected Operational Risk?
- Identification of Operational Risks
- How to Identify Operational Risks
- Using Internal Loss Data to Mitigate Operational Risks
- External Loss Data in Operational Risk Management
- Risk Control Self Assessment (RCSA)
- Scenario Analysis in Risk Management
- Key Risk Indicators
- Basel Approaches in Operational Risk Management
- The Basel Risk Categories
- Cause Categories in Operational Risk Management
- Loss Distribution Approach
- The COSO Framework for Internal Control
- Mistakes to be Avoided While Building a Risk Management System
- Credit Rating Terminology
- Types of Exposures to Determine Credit Limit
- Types of Credit Events
- Active Credit Portfolio Risk Management
- Metrics to Measure Credit Risk
- Credit Derivatives: An Introduction
- Credit Linked Note
- How do Credit Default Swaps Work?
- Why are Credit Default Swaps Dangerous?
- Total Returns Swap
- What are Collateralized Debt Obligations and How do they Work?
- Collateralized Debt Obligations: Advantages and Disadvantages
- Mark To Market Accounting
- What are Recovery Rates? - Different Types of Recovery Rates
- Netting, Close Out, and Acceleration
- Expected Default Frequency (EDF)
- Expected Default Frequency: Advantages and Disadvantages
- Altmans Z Score Model
- Unexpected Loss and Economic Capital Buffer
- Stress Testing in Credit Risk Management
- Provisioning in Credit Risk Management
- How Corporate Governance Impacts Credit Risk
- Exit Strategies In Credit Risk Management
- What is Market Risk? - How its Measured and Sources of Market Risk
- Why is Market Risk Management Important?
- Introduction to Value At Risk (VaR)
- The Three Types of Value at Risk (VaR)
- Marginal, Incremental and Component Value at Risk (VAR)
- How Value at Risk (VaR) is Implemented?
- Backtesting Value at Risk (VaR)
- Advantages of Using Value at Risk (VaR) Model
- Disadvantages of Using the Value at Risk (VaR) Model
- How Margins Are Calculated Using Value at Risk (VaR)
- Market Risk Limits
- Tail Risk
- The Upside of Market Volatility
- Relationship between Volatility and Risk
- Importance of Data Quality in Risk Management
- Impact of Using Poor Quality Data and Metrics to Measure Data Quality
- Enterprise Risk Management (ERM) vs Traditional Risk Management
- Benefits of Enterprise Risk Management
- Corporate Risk Governance
- International Risk Governance Committee (IRGC) Framework
- Failure of Market Risk Management
- Mistakes to Avoid in Risk Management