Operational risk management requires disaster recovery plans.
An operational risk is a threat or danger of harm that is related to the day-to-day operations of an organization . These are contingencies capable of causing losses to the company.
The idea of risk refers to the possibility of harm. Operational , meanwhile, is that linked to operations: the execution of tasks or the development of processes.
When a company carries out its daily tasks, it may suffer mishaps, damages or problems generated by both internal factors and external causes. These probabilities of detriments are operational risks, also known as operational risks .
Characteristics of operational risks
Operational risks are potential losses due to inconveniences or errors that cause a violation of regulatory compliance, prevent the normal performance of the entity or affect business continuity. These may be system failures, human mistakes, accidents or fraud, for example.
In all companies, internal control and risk management are essential to minimize the possibility of operational loss. However, it is impossible to eliminate operational risks. In other words: zero risk does not exist .
Risks are inherent to all the procedures carried out by people and the operation of any system. What a company can do is an operational risk analysis to take appropriate measures regarding contingency prevention and adequate incident management to minimize their impact.
In this framework, the evaluation of key risk indicators (KRI) is important. There are computer programs that automate various actions and contribute to these tasks.
Among the internal operational risks is the risk of employee training.
Your management
It is interesting to note that the notion of operational risk as a specific category of risk emerged in the late 1990s . This establishment of the concept marked the beginning of a particular risk management model, with its own techniques and procedures.
It is usually indicated that reflections on operational risk began with the global financial crisis that broke out in the last years of the 20th century . Faced with the effects of this debacle, experts began to focus on those risks that, beyond their internal or external origin, can cause a company to stop operating as it had been doing.
In this context, the application of the usual risk management scheme to these operational risks was considered. The frequent procedure consists of several phases:
- Identification : It consists of the recognition of all threats that can potentially interrupt corporate operations or negatively impact them.
- Analysis : Focuses on the probability that the risk will materialize and the magnitude of its impact.
- Categorization : It involves classifying operational risks based on the results of the analysis, thus allowing priorities to be established.
- Control : With the operational risks already categorized, we proceed to the design of the control tools. These instruments, depending on the case, make it possible to eliminate or mitigate the risk and minimize its consequences.
- Supervision : Operational risk management demands monitoring the effectiveness of the established control. Indicators are generally used to quantify effectiveness.
- Review : Through the documentation of all the preceding steps, operational risk management can be reviewed by the company's top managers. This is also useful for an internal audit or an external audit and helps drive continuous improvement of risk management policies.
The violation of confidential data due to failures in information security poses an operational risk.
Types of operational risks
Operational risks can be classified in different ways. A common distinction differentiates between internal risks and external risks .
Internal operational risks have their origin in the company itself. Misuse of your resources, an unrealistic budget, a poor corporate strategy, and an error in accounting create this kind of threat.
External operational risks , on the other hand, arise from the environment and not from within the company. Social conflicts in the nation where the firm has operations, the arrival of more players in the market and problems in public services are part of the external risk. Political risk , environmental risk , pandemic risk , climate risk , natural disaster risk , inflation risk and exchange rate risk are some of them.
Another way to classify operational risks is by looking at the causes. Thus, there are operational risks derived from technology: technological risk includes vulnerabilities in cybersecurity (which favor phishing, DDoS attacks or the actions of ransomware), system incompatibility, poor digitalization and implementation inconveniences. of platforms. Technological obsolescence risk , hardware risk , and software risk also fall into this category.
Human risk , likewise, is a type of operational risk. They range from employee negligence to disputes over working conditions, including poor training, industrial espionage, sabotage and the risk of fraud .