Why does operational risk originate ?
(a) Inadequately defined products and services which may not be compliant to industry regulations, and/or may be exposed to risk of misspelling;
(b) Inadequately defined policies and processes which would directly adversely impact quality of controls like checks and balances, segregation of duties as may be required;
(c) Inadequate technology functionality, or infrastructure that exists in any technology supported environment, which organisations use in respective business operations;
(d) Internal or external crime that takes advantage of gaps in processes for unlawful gain, i.e. fraud;
(e) External events like terrorist attacks or natural disasters that disrupt business or cause financial losses;
(f) Change in the environment of the industry sector (including significant regulatory changes) that impacts the operational risk profile of an organisation.
Thus, Operational Risk Management (ORM) is primarily an exercise in mitigating potential losses, i.e. possible losses, through a well-laid out mechanism of identifying the inherent risks in a business process and reviewing / testing the efficacy of the controls related to each risk.
Additionally, an important part of ORM is also to identify and report operational risk events, including their financial impact (losses and recoveries) if any. Thus, an adequate governance framework is expected to cover both the preventive and the lag aspects of operational risks.
No comments:
Post a Comment