Operational risk management: Difference between revisions

In business, the term Operational Risk Management (ORM) is the oversight of many forms of day-to-day operational risk including the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk does not include market risk or credit risk. Celent predicts the operational risk and compliance market will grow to $1.16 billon by 2009. ^[1]

1. Reduction of operational loss.
2. Lower compliance/auditing costs.
3. Early detection of unlawful activities.
4. Reduced exposure to future risks.

The Basel Committee on Banking Supervision breaks down loss events into seven general categories:

Loss due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity, discrimination events, which involves at least one internal party.

Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party. These activities include theft, robbery, hacking or phishing attacks.

Losses arising from acts inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity / discrimination.

Losses arising from unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature of design of a product.

Losses arising from loss or damage to physical assets from natural disaster or other events. See disaster recovery or business continuity planning

Losses arising from disruption of business or system failures. This includes loss of due to failure of computer hardware, computer software, telecommunications failure or utility outage and disruptions.

Losses from failed transaction processing or process management, from relations with trade suppliers and vendors. This includes Transaction Capture, Execution & Maintenance Miscommunication, Data entry, maintenance or loading error Missed deadline or responsibility, Model / system misoperation Accounting error, entity attribution error, Delivery failure, Collateral management failure Reference data maintenance, Monitoring & Reporting Failed mandatory reporting obligation, Inaccurate external report (loss incurred), Customer Intake & Documentation Client permissions / disclaimers missed Legal documents missing / incomplete, Customer / Client Account Management Unapproved access given to accounts, Incorrect client records (loss incurred), Negligent loss or damage of client assets, Trade partners, non-client vendor misperformance and vendor disputes.

The impact of the Enron failure and the implementation of the Sarbanes-Oxley Act has caused several software development companies to create enterprise-wide software packages to manage risk. These software systems allow the financial audit to be executed at lower cost.

Up till now there is not much commercial software focusing on operational risk management. Only some consulting firm providing temporary solutions, such as Loss Event Management. Because operational management is very business oriented, it is closely related with each organization's structure and business, which makes it difficult to satisfy the customer requirements.

There is however an open source project, Active Agenda, which aims to build a widely scoped and very flexible and customizable web application for operational risk management.

• Operational risk
• Audit
• Bribery
• Corruption
• Insurance
• Fraud
• Risk
• Risk management
• Basel II
• Key Risk Indicators

• Definition of Operational Risk from RiskGlossary.com
• Defining Risk by Glyn Holton