Operational Risk
An Operational Risk is an organizational risk that arises from failures in internal processes, people, systems, or from external events that disrupt organizational operations.
- Context:
- It can include risks due to Employee Errors, System Failures, and Fraud.
- It can be influenced by external events such as Natural Disasters and Cyber Attacks.
- It can be mitigated through Operational Risk Management practices including internal audits, risk assessments, and process improvements.
- It can impact an organization's Client Satisfaction, Reputation, and Shareholder Value.
- It can range from minor operational disruptions to major events causing significant financial losses.
- It can be managed to keep losses within acceptable levels of Risk Tolerance.
- ...
- Example(s):
- For-Profit Org. Operational Risks (in business operations), such as:
- Fraud Risk due to Employee Fraud.
- System Failure Risk leading to operational downtime.
- Cybersecurity Risk from data breaches and cyber-attacks.
- Non-Profit Org. Operational Risks, such as:
- Volunteer Management Risk impacting service delivery.
- Grant Compliance Risk causing loss of funding.
- Governmental Org. Operational Risks, such as:
- Regulatory Compliance Risk leading to penalties.
- Public Safety Risk due to inadequate emergency response systems.
- ...
- For-Profit Org. Operational Risks (in business operations), such as:
- Counter-Example(s):
- Market Risk, which involves risks due to market fluctuations and not internal processes.
- Credit Risk, which pertains to the risk of default on credit obligations rather than operational failures.
- See: Internal Audit, Operational Risk Management, Solvency II Directive, Basel II, Fraud, Security, Privacy Protection, Legal Risk, Basel I, Negative Definition, Market Risk, Credit Risk.
References
2024
- (Wikipedia, 2024) ⇒ https://en.wikipedia.org/wiki/Operational_risk Retrieved:2024-7-17.
- Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business operations. Employee errors, criminal activity such as fraud, and physical events are among the factors that can trigger operational risk. The process to manage operational risk is known as operational risk management. The definition of operational risk, adopted by the European Solvency II Directive for insurers, is a variation adopted from the Basel II regulations for banks: "The risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses". The scope of operational risk is then broad, and can also include other classes of risks, such as fraud, security, privacy protection, legal risks, physical (e.g. infrastructure shutdown) or environmental risks. Operational risks similarly may impact broadly, in that they can affect client satisfaction, reputation and shareholder value, all while increasing business volatility. Previously, in Basel I, operational risk was negatively defined: namely that operational risk are all risks which are not market risk and not credit risk. Some banks have therefore also used the term operational risk synonymously with non-financial risks.
In October 2014, the Basel Committee on Banking Supervision proposed a revision to its operational risk capital framework that sets out a new standardized approach to replace the basic indicator approach and the standardized approach for calculating operational risk capital. Contrary to other risks (e.g. credit risk, market risk, insurance risk) operational risks are usually not willingly incurred nor are they revenue driven. Moreover, they are not diversifiable and cannot be laid off. This means that as long as people, systems, and processes remain imperfect, operational risk cannot be fully eliminated. Operational risk is, nonetheless, manageable as to keep losses within some level of risk tolerance (i.e. the amount of risk one is prepared to accept in pursuit of his objectives), determined by balancing the costs of improvement against the expected benefits. Wider trends such as globalization, the expansion of the internet and the rise of social media, as well as the increasing demands for greater corporate accountability worldwide, reinforce the need for proper risk management. Thus operational risk management (ORM) is a specialized discipline within risk management.
It constitutes the continuous-process of risk assessment, decision making, and implementation of risk controls, resulting in the acceptance, mitigation, or avoidance of the various operational risks.
ORM somewhat overlaps quality management and the internal audit function.
- Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business operations. Employee errors, criminal activity such as fraud, and physical events are among the factors that can trigger operational risk. The process to manage operational risk is known as operational risk management. The definition of operational risk, adopted by the European Solvency II Directive for insurers, is a variation adopted from the Basel II regulations for banks: "The risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses". The scope of operational risk is then broad, and can also include other classes of risks, such as fraud, security, privacy protection, legal risks, physical (e.g. infrastructure shutdown) or environmental risks. Operational risks similarly may impact broadly, in that they can affect client satisfaction, reputation and shareholder value, all while increasing business volatility. Previously, in Basel I, operational risk was negatively defined: namely that operational risk are all risks which are not market risk and not credit risk. Some banks have therefore also used the term operational risk synonymously with non-financial risks.