Building an Invisible Framework for Operational Risk Management

Despite the sure knowledge of operational risk being integrally linked to business performance, organizations prefer not to face operational risk at all. But as in so many aspects of business activity, non-preferences can seldom be chased away. It is truer in the case of operational risk as this type of risk arises because organizations function and the way they function. Therefore, operational risk can‘t be entirely prevented or avoided, but can be actively managed by allocating the same prominence as afforded to credit and market risk.

Each risk type poses unique challenges but they are also opportunities to build resilience that is critical for business continuity. However, being the “risk of loss” operational risk has little or no positives. But with the rise in large operational risk event counts, regulatory concerns are also on the rise requiring better risk management, as well as substantial capital requirements. Therefore, an effective operational risk management framework is a vital component in the development of a robust risk management strategy.

For the framework of operational risk management to be effective risk managers must aim at developing a strategy that communicates the risk in a manner that eases the burden of the institution’s senior executive. Such an invisible framework will allow the leadership to accept operational risk as the result of standard operating procedures and help in establishing a coordinated approach to risk across the enterprise by including all stakeholders, resulting in a trusted relationship.

An invisible framework of operational risk management should be built around the following principles:

1. Operational risk is the cornerstone in achieving operational excellence.
2. Effectively manage the levels of operational risk management.
3. Operational risks exist in each step/function of business execution.
4. Operational risks could create other risk types.
5. Control causative circumstances to cancel catastrophic consequences.

Use operational risk to achieve operational excellence: A successful operational risk framework is not a formula to be applied, but a thoroughly prepared and diligently executed process to support the enterprise level risk management strategy. A simple yet process-driven culture helps in the identification of a range of threats hidden in business activities. Similarly a process-led mitigation strategy helps to manage all risks, internal as well as external.

Manage the levels of operational risk management: It is wise to classify operational risks into the accepted categories of strategic, tactical and dynamic. Strategic operational risk management decisions require rapid evaluation of an organization’s objectives, the strategies to achieve those goals and the efficacy of implementation. Tactical decision making should be built around strategies to avoid loss and developing mitigation techniques. Dynamic decisions aim at revamping processes and tools in sync with the emerging challenges.

Risks exist in each business step: Since elements in business execution are the same in each step: people, processes, external events and systems; operational risk exists throughout the cycle. For example, credit and market risks are specific during investment and product portfolio management, but operational risks are present beginning from product planning through investment and product portfolio management to institutional reporting.

Operational risks create other risk types: In specific cases, operational risks could expose enterprises to other risk types. For example, failure to safeguard critical infrastructure against evolving threats could bring about regulatory risks, obstructing continuation of business performance in a risk-intensive world.

Control causative circumstances to cancel catastrophic consequences: An effective operational risk framework emphasizes on managing risks at its roots. Identifying the causative factors allows organizations to limit or stop the occurrence, or helps to devise strategies to manage the risk all along. An early remediation enables to transfer, avoid, accept and mitigate highly damaging risk events.

Putting sound risk management practices in place has unique challenges and opportunities. But using an invisible operational risk framework allows timely and contextualized development of mitigation strategies by senior executives who stays confident throughout the process. It also enables the senior management to choose a mature technological tool to implement an effective operational risk management framework that helps to bridge commitment and execution in risk management.