Organisations are met with operational risk wherever they turn. On the one hand, they encounter risks relating to employee behaviour, third parties, statistics and controls. On the other, equally important cultural, moral and ethical risks are also causing disruption. And everywhere they look, companies are faced with risks associated with ordinary evolution, as organisations continue to embrace innovative technologies like automation, robotics and artificial intelligence.
Operational risk is the risk of doing business, and managing this risk is an important feature in modern financial markets. ORM has become one of the biggest anxieties organisations have been faced with in the last ten years, with regulators of financial companies demanding a greater level of understanding about the risks they manage and the usefulness of the controls they have in place to mitigate such risks. Operational risks include any kind of disruption to normal processes that may cause a loss of consumers or profits, and while organisations cannot prepare for every possible outcome, they can concentrate on getting the level of risk down to a tolerable level.
Operational concerns in the current business landscape include issues like IT disruption, regulatory risk, data compromise, fraud and outsourcing, amongst others, and successful business leaders understand that implementing an achievable ORM plan can help deal with these uncertainties quickly and efficiently. Following a well thought out and compelling ORM process can help businesses navigate these risks, turning them into opportunities, which will add huge sustainable value to any organisation. A company that incorporates certain ORM steps into its organisational objectives will also see viable financial results, with a reduction in operating and auditing costs, an increase in consumer and staff satisfaction and an optimisation in insurance coverage and premiums. In short, companies that wish to achieve a profitable business long-term need to focus on building a suitable framework using ORM templates to help manage operational risk in 2018 and beyond.
Analysts claim that poor management of operational risk was the fundamental reason for the collapse of global markets and the subsequent financial crisis in 2008. Since then banks and their regulators have become increasingly mindful of the need to manage risk, and risk-based planning has become a familiar concept in most modern companies. Banks now have access to the latest systems and technology to control financial risk - helping them avoid a similar catastrophe - but they have been unable to deal as successfully with operational risk, as mediocre processes, inept hardware and failing systems in today’s climate can cripple operations. Poor ORM can hurt an organisation's reputation and cause lasting financial damage.
The financial crisis, the rise of cyber criminality and the emerging tech and data revolution have all played a pivotal role in rewriting the rules of risk management. Financial intuitions and companies must now respond by reshaping and improving their current ORM practice and develop a practical and sustainable ORM process. Perceptions about risk are constantly changing, and ORM is acquiring new credibility as a roadmap to add tangible value to business. Efficient ORM implementation is garnering attention from regulators and key stakeholders, driving real business benefit.
It is clear that well-informed planning and application is an indispensable tool to guide strategic, day-to-day business decisions, and adhering to certain ORM steps and processes when implementing an ORM framework can help ensure its success and longevity. However, it is key to choose the correct technique for your business, as not all ORM approaches are the same, nor should they be. Organisations have different needs, depending on size, industry and structure, and certainly the types of risk businesses face also varies, so fortunately there are numerous ORM templates available that businesses can simply adjust and amend to meet their specific requirements.
Risk is assessed by evaluating the potential for incidents along with the degree of impact they could have on an organisation should they occur. This means that enterprises face a wide spectrum of potential risks, ranging from high frequency/low severity risks to low frequency/high severity risks, and everything in between. As every organisation is different it is important to evaluate risk culture and make necessary adjustments to shape it over time in response to change. Therefore, there isn’t any ‘one size fits all’ approach, and organisations should develop a strategy that matches their own business model and operations, but preparing a risk management plan involves a common process. In short, there are seven ORM steps to success, which can help cultivate a culture of shared responsibility, allowing organisations to develop and implement a successful ORM process. To be effective, it is necessary that these steps are consistently applied and integrated into business processes, and become systematically embedded into the culture of the company.
1) Gain approval and leadership at the corporate level. An ORM programme will only be truly effective and operative if it is supported at the very top of the organisation. Without demonstration of top down leadership, the implementation of ORM in any organisation will most certainly fail. Once approved, firms should identity the relevant operational risks inherent in their activities, processes, products and systems through techniques such as Business Process Mapping. Other techniques for identifying risk include critical self-assessment, actuarial models, scenario analysis, external data collection and comparative analysis.
2) View risk as an enterprise wide challenge and measure the hazards accordingly. Staff should be trained to integrate risk-based rationale into their daily undertakings and be answerable for risks within their immediate area of control. A strong risk culture depends equally on a strong risk management framework and staff awareness, attitude and conduct.
3) Encourage risk awareness in the company and agree to time-appropriate risk assessments. Risk assessments can help protect companies by consistently keeping risk management a top priority. Staying on top of risk assessments will also help organisations remain briefed on any new regulations or requirements.
4) Collaborate on, quantify and prioritise risks. Working together across different organisational levels encourages different perspectives, which helps to ensure risk is managed from all angles, offering a broader and more comprehensive view. Allow different parts of the organisation to work together cohesively with an integrated framework. Risks can firstly be measured in line with their likelihood and severity. They can then be considered in terms of the costs and benefits of mitigating a risk as opposed to allowing the risk to remain as is.
5) Produce appropriate metrics and key performance indicators to monitor and measure performance. This will encourage a sense of shared accountability and help inform staff where they need to improve. While some KPIs (like cost of goods sold) will be suitable for many companies, the majority of KPIs should be bespoke, and specifically tailored for the company. Also, establish advanced risk management capabilities, such as predictive analytics and automated control monitoring.
6) Consider the risk control measures and agree on consistent and cost-effective controls. Getting the right controls at the right cost should limit a company’s exposure to the risks and the potential damage caused by them. Establishing effective internal controls should be high on the boardroom agenda; as controlled businesses tend to make more money. An effective ORM plan should contain a timetable for reviewing controls along with relevant risk owners responsible for implementation. A meaningful ORM process should include features like role-based dashboards, control diagrams and scorecards that provide visibility into the ongoing risk management weaknesses and bring high-risk areas into focus.
7) Manage and review: Reinforce the importance of risk management through regular communications, monitoring and reviewing. Keeping ORM a topic of conversation in the business will encourage growth in this age of innovation. In addition, any ORM plan must have something in place for the ongoing monitoring and reporting of risks, if only to demonstrate how effective the plan has been.
Globalisation, technological improvements and increasing regulations have raised the profile of risk management among stakeholders, and operational risk is one of the biggest challenges facing modern financial institutions. Digitisation, automation and outsourcing are increasingly more important in the world of financial services, driving organisations to continuously assess their changing risk profile. While we may not be there quite yet, it won’t be long until traders, asset managers and risk managers will actively resort to AI based platforms to monitor counterparty credit risk and operational risk of the entities that they are dealing with.
A robust ORM framework leads to proactive and informed decisions, creating a competitive advantage and allowing companies to grow and thrive in today’s economic marketplace. Looking into 2019 and beyond, ORM must develop and carry more weight within organisations, and with ORM budgets set to increase next year, there hasn’t been a better time to invest and improve.
A clear and comprehensive ORM process can inspire businesses to resolve current challenges and seize future opportunities.