Risks that can potentially affect the overall performance of an organisation are a major concern for business leaders. So, when you take into account that there is an element of risk in practically every single work environment, you can appreciate how vital it is to have adequate an operational risk management framework.

Operational risk management (ORM) provides a blueprint to minimising the impact of certain workplace practices. This is highly advantageous for most industries due to high costs of failure or where “getting it right” is imperative.

In an operational risk management context, “human error” or oversight can be catastrophic; affecting not only business output but also the health & well-being of staff and the wider public.

What is Operational Risk Management?

Operational Risk management is a continuous process of assessing risks, decision making and implementation of responses (i.e. risk controls; avoid, mitigate, accept).

ORM analyses the risk due to ‘human error’, that a company may be exposed to when operating in their chosen industry and excludes financial or market-wide risks.

Operational Risk Examples Include:

Human risks – employee errors, fraud or other criminal activity
Business risks – failed business processes
Systems risks – technology failures, server and database failures
External event risks – any event that disrupts business processes, e.g. weather

There will generally a lower operational risk in a highly automated industry where minimal human interaction required.

Benefits of Operational Risk Management are:

• Lower operating loss
• Reduced compliance & auditing costs
• Early detection of issues
• Reduced exposure to risks

Developing a Risk Management Framework

Operational Risk Management like other forms of risk management firstly involves planning, followed by risk identification and analyses. After risk controls have been formulated and applied, you will have developed a framework for your ‘risk management strategy’, for the relevant business environment.

Identifying Operational Risks

Business process mapping is a common approach for identifying operational risks, involving the investigation of business processes and listing any potential risk sources.

Experienced staff members in the relevant department should be utilised in the identification process as they will have a deeper understanding of the business processes that they implement.

Analysis

Both qualitative (using likelihood and impact) and quantitative approaches to analysing risks are suitable, although quantitative is only useful if there will be a direct financial loss due to the risk occurring.

For qualitative analysis, you need to estimate the likelihood that the risk will occur and decide on the level of impact this will have on the business.

During the planning phase, developing likelihood and impact rating charts along with a risk matrix can assist decision making in this step. The alternative approach is to use a theoretical calculation to determine a likelihood probability and impact rating which can be multiplied to determine a risk rating. Likelihood(%) x Impact = Risk Rating

Risk Response

Operational risk management controls fall under the categories of avoiding, mitigate and accept. There are many methods available for reducing unavoidable risks

Risk Reduction Strategies:

• Procedures & policies
• Quality assurance
• Training
• Safety checks
• Security measures
• Reviewing performance
• Engaging staff and stakeholders

Monitoring & Improvement

Each stage of the risk management strategy should be periodically reviewed and includes reviewing the risk management plan as well.

During the risk response step, it is common to nominate how often, and when, individual risks should be reviewed. Mitigation responses should always be adjusted and improved to cater for changes in the business and industry environments.

Crisis Management

A related topic to operational risk management is crisis management. Even after a careful and thoughtful risk management strategy has been developed, there will still remain unknown risks.

Unknown risks that eventuate can lead to a crisis event which can cause serious disruption to business operations, leading to potential business closures if they are not handled quickly and effectively (i.e. think about the banking sector during the GFC).

To handle the scenario’s it is essential that business implement a crisis response plan and train their staff adequately so everyone in the company understands their role in the event of a crisis.

Minimise Your Operational Risk!

An operational risk management strategy is a necessary ingredient to minimising the impact of human error and system failures.

By implementing appropriate risk response initiatives, businesses will ensure they can properly identify and address the impact of risky practices, and in turn devise policies to mitigate them.

Businesses that develop a sound risk management strategy – like the one mentioned above – as part of a risk management business solution will also rest assured that their business interests and their assets are well protected from harm and/or exposure.

Put simply, there’s an immense amount of business value that can be obtained from a risk-free workplace, and it starts from making smart risk management decisions!