Introduction to operational risk management
At a macro-level, a country’s economy is dependent on
processes in government, industrial, service and infrastructure
sectors running smoothly and efficiently. When they do not –
for example, as a result of natural disaster, industrial action or
a major financial crisis – an economic price is paid in terms of
lost competitiveness, increased running costs, lower future
growth expectations, unemployment or even recession.
At a micro-economic level, individual organizations also face
the risk that their activities and processes may be disrupted
unexpectedly or fail to meet expected performance levels.
Recent high profile failures – Barings, Piper Alpha and Exxon
Valdez – have focused attention at every level on the impor-
tance of risk management. The consequences of failures and
disruption on performance may be more or less severe –
running from minor losses arising from processing backlogs,
reduced customer service quality, loss of reputation, and in the
extreme, to bankruptcy.
What is clear at a boardroom level is that strong risk manage-
ment is an essential part of good corporate governance and
something that helps to protect shareholder value. There is
also a growing recognition of the need to ensure that an effec-
tive framework of management controls and supervision is in
place. This view is reflected in the attention that is being placed
management overview
on risk management by regulators and listing authorities
around the world.
The aim of operational risk management – the subject of this
book – is to ensure that the varied exposures to operational risk
faced by an organization are identified and addressed in the most
e fficient way possible. The achievement of this goal is dependent
on management taking positive actions to consider what steps
should be taken to optimize an org a n i z a t i o n s exposure to oper-
ational risk so that shareholder value gains can be maximized.
The scope of operational risk management at the highest level
can be broken down into two main components:
operational integrity – the adequacy of operational controls
and corporate governance; and
service delivery – the organization’s ability to perform busi-
ness processes on an ongoing basis.
2 Operational Risk and Resilience
Figure 1.1 Components of operational risk management
There may be many interdependencies between these two core
components – for example, a derivatives loss in a bank caused
by illegal trading in an environment with poor operational
controls may also be the result of poor human resource man-
They may also be considered separately. Operational integrity
generally encompasses the management of operational risks
stemming from inappropriate cultural environments, lack of
management supervision, errors, malice, fraud, poor health
and safety and environmental compliance failures, physical
disasters, and poor internal controls. Operational delivery
covers the management of risks in unexpected sources in
demand business operations, processes, failed projects change,
supplier relationships, delivery, personnel, IT, premises and
plant, and crises.
The evolution of risk management
Traditionally, there have been two strands to corporate
risk management: financial and insurance. These risks are
managed in different parts of an organization: insurance
matters are dealt with by the insurance or risk manager,
while the corporate treasurer or finance director has
responsibility for financial risk management.
Over the years, risk management has had to evolve with
the times. In the 1970s, risk managers started to pay more
attention to active risk control and risk management
started to become more proactive than in the past. On the
financial side, they saw a need to hedge against increasing
economic volatility in the shape of fluctuating currency
and commodity values. New financial derivatives markets
were born, and the discipline of financial risk manage-
ment took off in corporate treasury departments and
Risk management overview 3

Get Operational Risk and Resilience now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.