343
11
Modeling Operational Risk
11.1 Introduction
Operational risk is the risk arising from an organization’s business or
operating functions. It covers people, processes, and systems that
together or individually cause risk, whether these are external or internal
to the organization.
Because operational risk is relevant to so many different sectors, dif-
ferent terminologies for the same underlying risk concepts have evolved
in different key domains as shown in Table11.1. In this chapter we will
be discussing operational risk in all these domains and will use the ter-
minology relevant to the domain.
The analysis of operational risk recognizes that risk events are not
solely to be blamed on human fallibility but are supported by organi-
zational features that fail to defend against all-too-human mistakes,
slips, and (in the case of fraud or terrorism) malicious acts. Human
error might be seen as an onset of a catastrophic risk event, but with-
out latent weaknesses within the organization the event would not reach
catastrophic proportions. From this we conclude that operational risk
prediction is inextricably entwined with good management practices and
that measurement of operational risk can only meaningfully be done if
the effectiveness of organizational-specic risk management and control
processes is regularly assessed and included in the modeling.
In this chapter we take a systems perspective to modeling risk and
broadly consider a system to be a series of interconnected, interacting
parts that together deliver some desired outcome, but which can also
lead to unintended consequences. Thus, we do not consider systems to
be solely hardware based but also consider people, process, culture, and
environment to be crucial to understanding, explaining, and modeling
risk. We can consider these systems to be soft to contrast with hard engi-
neering-based or mechanistic systems where the focus is often strictly on
the machine. This perspective is very helpful to frame the situations we
wish to model, in terms of interfaces between processes, components,
and organizations so that we can identify the boundary of our system
and how it might affect other systems. Doing this also helps counter the
potential bias of framing the problem so narrowly that we miss impor-
tant aspects and underestimate (or overestimate) risk.
The term operational risk is pri-
marily used to describe the nan-
cial or reputational risks faced by
nancial institutions, such as banks
and insurance companies where the
consequences are typically credit
risk, market risk, and counterparty
default risk. But operational risk
problems are faced by all organi-
zations. Situations involving high
stakes, such as in the safety domain
(including oil and gas, transport, and
the nuclear sectors), are especially
important candidates for operational
risk analysis because some risk
events may be catastrophic, involv-
ing harm, loss of life, or danger to
the environment.
Visit www.bayesianrisk.com for your free Bayesian network software and models in
this chapter
Get Risk Assessment and Decision Analysis with Bayesian Networks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
