Operational risk management

Operational risk management
See also: Risk management

The term Operational Risk Management (ORM) is defined as a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational risk, including the risk of loss resulting from inadequate or failed internal processes and systems; human factors; or external events.

Contents

Four Principles of ORM

The U.S. Department of Defense summarizes the principles of ORM as follows:[1]

  • Accept risk when benefits outweigh the cost.
  • Accept no unnecessary risk.
  • Anticipate and manage risk by planning.
  • Make risk decisions at the right level.

Three Levels of ORM

In Depth
In depth risk management is used before a project is implemented, when there is plenty of time to plan and prepare. Examples of in depth methods include training, drafting instructions and requirements, and acquiring personal protective equipment.
Deliberate
Deliberate risk management is used at routine periods through the implementation of a project or process. Examples include quality assurance, on-the-job training, safety briefs, performance reviews, and safety checks.
Time Critical
Time critical risk management is used during operational exercises or execution of tasks. It is defined as the effective use of all available resources by individuals, crews, and teams to safely and effectively accomplish the mission or task using risk management concepts when time and resources are limited. Examples of tools used includes execution check-lists and change management. This requires a high degree of situational awareness.[1]

ORM Process

In Depth

The International Organization for Standardization defines the risk management process in a four-step model:[2]

  1. Establish context
  2. Risk assessment
    • Risk identification
    • Risk analysis
    • Risk evaluation
  3. Risk treatment
  4. Monitor and review

This process is cyclic as any changes to the situation (such as operating environment or needs of the unit) requires re-evaluation per step one.

Deliberate

Link between deliberate and time critical ORM process

The U.S. Department of Defense summarizes the deliberate level of ORM process in a five-step model:[1]

  1. Identify hazards
  2. Assess hazards
  3. Make risk decisions
  4. Implement controls
  5. Supervise (and watch for changes)

Time Critical

The U.S. Navy summarizes the time critical risk management process in a four-step model:[3]

1. Assess the situation.

The three conditions of the Assess step are task loading, additive conditions, and human factors.

  • Task loading refers to the negative effect of increased tasking on performance of the tasks.
  • Additive factors refers to having a situational awareness of the cumulative effect of variables (conditions, etc.).
  • Human factors refers to the limitations of the ability of the human body and mind to adapt to the work environment (e.g. stress, fatigue, impairment, lapses of attention, confusion, and willful violations of regulations).
2. Balance your resources.

This refers to balancing resources in three different ways:

  • Balancing resources and options available. This means evaluating and leveraging all the informational, labor, equipment, and material resources available.
  • Balancing Resources verses hazards. This means estimating how well prepared you are to safely accomplish a task and making a judgement call.
  • Balancing individual verses team effort. This means observing individual risk warning signs. It also means observing how well the team is communicating, knows the roles that each member is supposed to play, and the stress level and participation level of each team member.
3. Communicate risks and intentions.
  • Communicate hazards and intentions.
  • Communicate to the right people.
  • Use the right communication style. Asking questions is a technique to opening the lines of communication. A direct and forceful style of communication gets a specific result from a specific situation.
4. Do and debrief. (Take action and monitor for change.)

This is accomplished in three different phases:

  • Mission Completion is a point where the exercise can be evaluated and reviewed in full.
  • Execute and Gauge Risk involves managing change and risk while an exercise is in progess.
  • Future Performance Improvements refers to preparing a "lessons learned" for the next team that plans or executes a task.

Benefits of ORM

  1. Reduction of operational loss.
  2. Lower compliance/auditing costs.
  3. Early detection of unlawful activities.
  4. Reduced exposure to future risks.

Chief Operational Risk Officer

The role of the Chief Operational Risk Officer (CORO) continues to evolve and gain importance. In addition to being responsible for setting up a robust Operational Risk Management function at companies, the role also plays an important part in increasing awareness of the benefits of sound operational risk management.

Most complex financial institutions have a Chief Operational Risk Officer. The position is also required for Banks that fall into the Basel II Advanced Measurement Approach "mandatory" category.

ORM Software

The impact of the Enron failure and the implementation of the Sarbanes-Oxley Act has caused several software development companies to create enterprise-wide software packages to manage risk. These software systems allow the financial audit to be executed at lower cost.

Forrester Research has identified 115 Governance, Risk and Compliance vendors that cover operational risk management projects. Active Agenda is an open source project dedicated to operational risk management.

See also

References

General

Cited

  1. ^ a b c "Naval Safety Center ORM". http://www.safetycenter.navy.mil/orm/index.asp. Retrieved November 4, 2008. [dead link]
  2. ^ "Committee Draft of ISO 31000 Risk management". International Organization for Standardization. 2007-06-15. http://www.nsai.ie/uploads/file/N047_Committee_Draft_of_ISO_31000.pdf. 
  3. ^ "Operational Risk Management - Time-Critical Risk Management". U.S. Navy. https://ile-deers.nko.navy.mil/ELIAAS/logon/Welcome.jsf. Retrieved 12 July 2009. 

External links

  • The Institute of Operational Risk The institute provides professional recognition and enables members to maintain competency in the discipline of operational risk.
v · d · eFinancial risk and financial risk management
Categories
Operational risk management · Legal risk · Political risk · Reputational risk
Settlement risk · Profit risk · Systemic risk
Financial risk modeling
Market portfolio · Risk-free rate · Modern portfolio theory · Risk parity · RAROC · Value at risk · Sharpe ratio
Basic concepts
Diversification · Systematic risk · Hedge · Risk pool · Expected return · Hazard · Risk

Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Operational risk — Categories of financial risk Credit risk Concentration risk Market risk Interest rate risk Currency risk Equity risk Commodity risk Liquidity risk Refinancing risk …   Wikipedia

  • Risk management — For non business risks, see risk, and the disambiguation page risk analysis Example of risk management: A NASA model showing areas at high risk from impact for the International Space Station. Risk management is the identification, assessment,… …   Wikipedia

  • Enterprise risk management — In business, enterprise risk management (ERM) includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which… …   Wikipedia

  • risk management — The assessment, evaluation, and monitoring of *risks in an activity or organization, with the undertaking of necessary corrective actions. Risk management is a comprehensive process that aims to create a disciplined environment for the… …   Auditor's dictionary

  • Governance, Risk Management, and Compliance — Governance, Risk, and Compliance or GRC is an increasingly recognized term that reflects a new way in which organizations can adopt an integrated approach to these three areas. However, this term is often positioned as a single business activity …   Wikipedia

  • Standardized approach (operational risk) — In the context of operational risk, the standardized approach or standardised approach is a set of operational risk measurement techniques proposed under Basel II capital adequacy rules for banking institutions.Basel II requires all banking… …   Wikipedia

  • Financial risk management — is the practice of creating economic value in a firm by using financial instruments to manage exposure to risk, particularly Credit risk and market risk. Other types include Foreign exchange, Shape, Volatility, Sector, Liquidity, Inflation risks …   Wikipedia

  • risk management — The process of identifying, assessing, and controlling risks arising from operational factors and making decisions that balance risk cost with mission benefits. Also called RM. See also risk …   Military dictionary

  • Risk — takers redirects here. For the Canadian television program, see Risk Takers. For other uses, see Risk (disambiguation). Risk is the potential that a chosen action or activity (including the choice of inaction) will lead to a loss (an undesirable… …   Wikipedia

  • Operational due diligence (alternative investments) — The phrase Operational Due Diligence (ODD), in the context of alternative investments such as hedge funds (or private equity, infrastructure, real estate, commodities and so on), means different things to different people. As the words themselves …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”