Operational Risk Là Gì


What is operational risk?

Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business operations. Employee errors, criminal activity such as fraud, và physical events are among the factors that can trigger operational risk.

Bạn đang xem: Operational risk là gì

Most organizations accept that their people & processes will inherently incur errors và contribute to ineffective operations. In evaluating operational risk, practical remedial steps should be emphasized to eliminate exposures and ensure successful responses.

If left unaddressed, the incurrence of operational risk can cause monetary loss, competitive disadvantage, employee- or customer-related problems, and business failure.


What are the causes of operational risk?

The causes of operational risk can stem from people inside or outside the organization, technology, processes or even external events, including the following:

This article is part of

What is risk management and why is it important?

Which also includes:

Download this entire guide for free now!

natural disasters, such as earthquakes, hurricanes or wildfires; worldwide heath crises, such as the COVID-19 pandemic; man-made disasters, such as terrorism, cyberterrorism and cybercrime; embezzlement, insider trading, insider cybercrime, negligence & other workplace-related torts -- e.g., sexual harassment, hostile work environment, discrimination, etc.; regulatory compliance violations, breach of contract, antitrust, market manipulation và unfair trade practices; new laws or regulatory requirements -- e.g., California Consumer Privacy Act or General Data Protection Regulation; failure lớn adhere to lớn the company"s policies or procedures or, conversely, a failure khổng lồ enforce policies; outdated or unpatched information công nghệ (IT) systems và software; supply chain disruptions; inefficient cloud usage; unfair or inconsistent work policies; unsafe practices; sản phẩm defects; human errors, such as data entry errors or a missed deadline; & poorly conceived or inefficient internal processes.

People & decisions made by people (human error) tend lớn cause most operational risks.

What are examples of operational risks?

The above-mentioned causes of operational risks may result in one of more of the following outcomes:

enterprise-wide interruption, disruption or failure; loss of systems control or data; financial loss, including insurance claim denial; safety hazards; reputational damage; IT infrastructure damage; customer churn; employee churn; legal liability or regulatory fines for harm caused by employees intentionally or negligently; legal liability or regulatory fines for harm caused by external bad actors; and competitive disadvantage.

See also Basel II event categories below.

How is operational risk measured?

Two things are generally required lớn measure operational risk: key risk indicators (KRIs) and data. Measurement, however, can be especially challenging when organizations are unable lớn integrate all the diverse types of data required to lớn understand the organization"s operational risk. This might be due to the absence of software that enables the collection of data from different systems & the analysis of that data or to lớn data silos erected by organizational fiefdoms, among other factors.


As organizations become increasingly digital, thereby utilizing more data, operational risk managers should continually monitor & assess risks in real time lớn minimize their potential impact.

Xem thêm: Công Ty Tnhh Quoine Tuyển Dụng Mới Nhất Năm 2022, Công Ty Tnhh Quoine Việt Nam

What key risk indicators should businesses track? That depends on the industry in which they operate. For example, banks follow guidance from the Basel Committee on Banking Supervision (BCBS), which lays out approaches for measuring operational risk and requires banks lớn allocate a certain amount of capital to lớn cover losses from operational risk. Some of the ways companies can measure operational risk, not all of which are ideal, are the following:

monitoring key risk indicators; using statistical techniques; using scorecards; monitoring customer complaints; examining regulatory fines from intentionally -- or, more likely, inadvertently -- failing lớn report or violating a mandate; assessing brand reputational damage caused by the risk, such as a data leak or breach that exposed customer data lớn unauthorized parties.

Basel II sự kiện categories

Basel II, a phối of international banking regulations initially published in 2004, is the second of three Basel Accords created by BCBS -- Basel III, developed in direct response lớn the financial crisis, goes into effect in January 2023. Here are the seven categories of operational risk laid out in Basel II:

Internal fraud. Misappropriation of assets, tax evasion, intentional mismarking of positions and bribery. External fraud. Theft of information, hacking damage, third-party theft & forgery. Employment practices & workplace safety. Discrimination, workers" compensation, employee health & safety. Clients, products & business practice.Market manipulation, antitrust, improper trade, sản phẩm defects, fiduciary breaches and account churning. Damage khổng lồ physical assets. Natural disasters, terrorism và vandalism. Business disruption and systems failures.

Xem thêm: Kỹ Sư Bán Hàng Là Gì - Nó Khác Gì So Với Nhân Viên Kinh Doanh

Utility disruptions, software failures and hardware failures. Execution, delivery and process management. Data entry errors, accounting errors, failed mandatory reporting and negligent loss of client assets.

Challenges with assessing operational risk

Assessing và managing operational risk can be difficult given the following:

The data required is not readily available. Operational complexity is growing in enterprises. The universe of operational risk types expands. Operational risk overlaps with other risk functions -- a symptom of its broadening definition. Other risk functions feel threatened by what seems lượt thích duplicative risk function và don"t cooperate. Operations staff complain that monitoring và reporting take time away from their other responsibilities.

What are the steps in operational risk management?

Some organizations have a formal operational risk management function, while others don"t. Those that have them tend khổng lồ be at different stages of maturity. However, these are the steps companies follow:

Define roles that will be necessary for the function to lớn succeed, which may involve -- but does not necessarily require -- a chief operational risk officer. Define operational risk management"s relationship to other risk management functions cooperatively with those other functions. Decide the ways in which operational risk will be monitored and measured. Decide which tools will be necessary lớn enable a successful operational risk function, and determine whether those tools already exist in the organization or if additional tools are required. Procure what"s necessary with the help of IT & security to avoid introducing unnecessary risk into the tech stack or unknowingly creating security gaps. Identify the necessary data sources và their owners; secure access khổng lồ the data needed for operational risk management. Identify risks related to lớn processes, such as whether they can scale as necessary or whether the processes are adequate within the context in which they run. Define risk categories. Bản đồ processes in detail, along with their risks and controls. Define key risk indicators. Ensure that each part of the organization involved in a process has been identified. Understand what resources are required for a process. Monitor for changes, such as the need lớn scale up or down. Implement control measures. Educate the workforce about operational risks and what"s expected of them as individuals. Include liên hệ information so employees know whom to tương tác about a potential issue. Assess the impact of the operational risk management function on the business, & to the degree it involves change, ensure sound change management practices. Continuously measure và monitor operational risks. Use the historical data to lớn understand trends, weak spots, etc.
Related Termsclean desk policy (CDP)A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave ... SeecompletedefinitionISO date formatThe International Organization for Standardization (ISO) date and time format is a standard way to lớn express a numeric calendar ... SeecompletedefinitionMICR (magnetic ink character recognition)MICR (magnetic ink character recognition) is a technology invented in the 1950s that"s used to verify the legitimacy or ... Seecompletedefinition