Operational Risk Management
Operational Risk Management, otherwise known as ORM, is defined as a continual recurring process which includes risk assessment, risk decision making, and execution of risk controls, which results in acceptance, mitigation, or avoidance of risk. It is the oversight of operation risk, which is a risk arising from execution of a company’s business functions. It is a very wide concept which focuses on the risks arising from the people, systems and processes through which a company operates. It also includes other categories like fraud risks, legal risks, physical or environmental risks. As for ORM, some include the risk of loss resulting from insufficient or failed internal processes and systems; human factors; or external events.
There are different factors and/or processes that need to be taken into consideration when talking about the ORM process, which may influence the outcome, and the input needed to balance it in a positive way. Our first factor that comes into play is known as “risk”, and it is simply made up of two main components, which may be known as loss and probability. When combining these two together, they may indicate how much we can expect to suffer as a result of unwanted or unplanned events, also known as exposure to risks. Loss is just but a reflection of financial loss arising from an incident. Financial loss may include but not limited to credit, lost of opportunity, fines, penalties, and restrictions. Loss can also be in qualitative measures like reputation, image, morale, loyalty, confidence, credibility. Probability on the other hand, is a qualitative measure of likelihood and is frequently applied due to the lack of statistical data. Our next factor is known as “risk profile”, and is defined by three elements, each is uniquely characteristic of the organization and substantially defines the execution and cost of its ORM plan. The first element is known as threat profile and it reflects the importance of hazards due to environments, working practices, business sector, etc. In second comes loss profile and it reflects how it feels pain following a disruptive event. Las but not least, gap profile, which reflects the condition of its defenses, identifying where holes and over lapses exist. The next factor that comes into play is what we know as “causes” or “causes of disruption” which always arise from a point beyond our regular operational control. Also known as threats or hazards, and there are many to consider. They may also include natural events like lightning strike as well as human errors, arson, sabotage, and terrorism. There is also the factor known as “dependency”, which is simply the dependability that one has on his resources available, and planning for an ORM to go according to plan. Another factor we may know as “scenarios” which are the gathering of effects that have spread right through the business as a result of one or more threats occurring. And because they are cumulative they may concurrently take many different forms. For example, the network goes down, it may cause one’s ability to communicate with other departments or make it that much more difficult to do so. Scenarios can be complex, and very difficult to predict. Scenarios are the outward manifestation that leads to loss, and/or completing the cycle. In addition we have the “ORM life cycle and process”. To manage operational risk we must devise ways of measuring, prioritizing, monitoring and thoroughly reduce our exposure. The ORM life cycle offers an illustration of the concepts explained in this section. Then we have “impact analysis”, which is the technique used to determine the organization’s tolerance and characteristic pattern of loss arising from disruption. The resulting priority and time-frame data is used to determine loss arising from specific incidents and is used in risk assessment. It is also used to establish the time-frames for recovering functions, processes and systems in...
Please join StudyMode to read the full document