Evolution of Operational Risk Management
An interesting article by Kris Lovejoy, VP of Consul RM.
Today's vision of Operational Risk Management is to optimize the performance of a business by understanding the effects of adverse operational losses on our business activities and assets so that we can insure against them by preparing for that 'rainy day.'
Traditionally, operational risk can be associated with the following:
- People: losses associated with intentional violation of internal policies by current or past employees.
- Process: losses that have been incurred due to a deficiency in an existing procedure, or the absence of a procedure. Losses can result from human error or unintentional failure to follow an existing procedure.
- Systems: losses that are caused by unintentional breakdowns in existing systems or technology.
- External: losses occurring as a result of natural or man-made forces, or the direct result of a third party's action.
The answer to this question varies according to geographic region. In Europe, for example, there are often more formal, structured, enterprise-wide operational risk programs in the works. Why? Regulators there appear to have been more vocal about operational risk for the past decade, most likely in the wake of events like the Barings rogue trading incident and in reaction to the Basel II Capital Accord.
In the U.S., on the other hand, risk management efforts have been focused on tactical initiatives and activities: risk assessment and monitoring, risk mitigation and remediation, measurement, and monitoring within a business line, or around a specific operation. Often, efforts within this area are identified as security management efforts, which are often driven by the need to comply with minimum-security standards. Read the rest of article.