Definition and Drivers of Operational Risk
This chapter examines the definition of operational risk and its formal adoption in Basel II. The requirements to identify, assess, control, and mitigate operational risk are introduced, along with the four causes of operational risk—people, process, systems, and external events—and the seven risk types. The definition is tested against the 2012 London Olympics. The different roles of operational risk management and measurement are introduced, as well as the role of operational risk in an enterprise risk management framework.
THE DEFINITION OF OPERATIONAL RISK
What do we mean by operational risk?
Operational risk management had been defined in the past as all risk that is not captured in market and credit risk management programs. Early operational risk programs, therefore, took the view that if it was not market risk, and it was not credit risk, then it must be operational risk. However, today a more concrete definition has been established, and the most commonly used of the definitions can be found in the Basel II regulations. The Basel II definition of operational risk is:
. . . the risk of loss resulting from inadequate or failed processes, people and systems or from external events.
This definition includes legal risk, but excludes strategic and reputational risk.1
Let us break this definition down into its components. First, there must be a risk of loss. So for an operational risk to exist there must be an associated loss ...