92 Operational Risk and Resilience
Designing and implementing operational controls
E x p o s u re to operational risks can be reduced to acceptable levels
by the implementation of risk improvement measures and con-
t rols. Risk improvement measures are strategic or operational
c o n t rols applied to the business processes, based upon the impor-
tance of the process and associated data to the business and the
value of the actual impact loss. Most import a n t l y, contro l s
should be aligned with an org a n i z a t i o n ’s business objectives.
An additional constraint is likely to exist in reality, which is the
budget available to implement controls. The implementation
of risk improvement measures consists of the following activi-
ties, drawing on previous business and risk analysis phases
Business process criticality assessment: The key business
processes or functions are identiﬁed for which controls
must be implemented to improve risk exposure, based upon
the value attributed to the loss or disruption of each
process. Non-critical processes will therefore attract a lower
priority for controls.
Threat analysis: The likelihood and business impact of
threats are analysed to determine the value attributed to the
loss arising from each occurrence.
cross-industry processes and networks, and the adoption of a
framework to help transfer operational knowledge effectively.
Applying Lifetrack within a process operation to address knowl-
edge and other intangible factors reduces operational risk and pro-
vides tangible perf o rmance benefits. Such a framework
encapsulates key requirements for improved production practice
and risk management in the process industry.