Challenges in Operational Risk

Some of the key challenges which the risk managers come across as far as operational risk is concerned are:

Early identification of risk exposures
With the ever increasing complexity, irrespective of the sector an industry is catering to, it is always a challenge to detect the potential operational risks in the system. While not all have robust systems or processes which will raise an alarm as soon as an operational factor goes wrong and it is very evident that not all the professionals would want to willingly share the mistakes they did in this highly pink-slip driven world, lays the challenges for the Operational Risk Manager. Many a times there are no second chances to be able to fix the risk from recurring!

Proper categorization of risks
Wondering what further categorization in the Operational risk category? Yes, it is true that there are specific categories within the Operational risk domain, which are based on risk events namely ‘internal events risk’, ‘external event risk’ and ‘business event risk’.

The name itself suggests the meaning of each of these risk characteristics but what is normally overseen is that a risk which is resultant of an external event might eventually turn in to a business event risk and similarly an internal event risk might potentially cause a wide spread external risk which might impact a particular business segment or multiple segments in very high impact cases. Thus, an Operational risk manager needs to be smart and quick in understanding the movements or intentions so to say of any such event risks and take appropriate control measures to prevent it. The word ‘mitigation’ sounds very much embossed on the Operational risk framework, but the best risk manager is one who controllers the risk exposures in a manner which will not lead to the scenario where one has to take mitigating steps.

Methods used for data collection and analysis
This particular challenge is experienced by the operational risk managers in both large scale and small scale organizations in different fashions. The logic is similar to the one between the rich and poor. Like the rich has too much money, and often struggles to find the best use of it the large scale companies too have too much data and at times have too many different sources or methods or tools of collating data that a lot of times they spend developing systems which will integrate all the complex and diverse process divided not just functionally but also in geographies. In case of the small scale industries, like the poor, has to struggle to get relevant data or information to process and perform the necessary assessment. Thus, an operational risk manager, irrespective of the strength of his / her organization, constantly faces the challenge of getting relevant information using which they can understand the risk exposures in their true colours.

Being a ‘Devils Advocate’
It is unfortunate but true that all or many of the risk managers are looked upon as the devils advocate and in some scenarios as actual devils for not approving a lucrative project or for making the busy employees fill a series of check lists and certify their work! It is often a key challenge for an operational risk manager to put forward his point in a forum of senior executives who too are equally keen in the development of their organization, only in a different angle. Many times the operational risk manager’s act based on the treatment he / she will receive for being the devils advocate.

Spreading Operational Risk awareness
It is often said that the operational risk manager has to do so and so things to assess and identify the potential risks. While this is true, the most important factor which proves to be very helpful is the operations team involved in the delivery of their respective products or services to their internal or external clients. As many in operations management feel that their performance is directly proportional to their performance appraisal, it is one of the most common and I believe one of the unavoidable challenges an operational risk manager has to face.

So has all the above inspired you to be an ‘Operational Risk Manager’? If not, I hope the article would have at least helped you in providing the perspective of the Operational Risk Managers in a different light… Happy working!

Nature of 'Operational Risk'

Operational Risk as a process follows a cyclic fashion which revolves around risk identification, risk assessment, determining mitigating actions and setting controls to avoid or minimise the effect of the risk exposures arising out of the business operations. If we have to categorize risks in to two broad categories as ‘financial’ and ‘non-financial’, the loss can result due to human errors, external or internal events, the manner in which the systems or processes operate in a business. Operational risk covers all the above aspects of risk exposure. Does this mean that ‘Operational Risk Control’ is all that is required to save an organization or business from doom? The answer is ‘No’; it is certainly not the only process contributing towards risk management, as Market Risk & Credit Risk too has its due share. But the key differentiator between the other risk management process from that of Operational risk is the nature of its application in the business environment. To further simplify, there are pre-defined models to manage Credit / Market risks, whereas there is no specific model or application to bank on, as far as Operational risk is concerned. It is hence considered more dynamic in nature compared to other risk segments.

As represented in the pictographic representation of the Operational Risk Framework, the core of the Operations risk governance model of Assessing the risk exposures or incidents, placing controls, monitoring the performance of those controls and initiating necessary actions as required are carried out by scheduling appropriate set of processes, technology and of course the human resource. All the above comes together to ensure ‘Confidentiality’, ‘Integrity’ and ‘Availability’ of the assets of any organization.

Risk in Service Sector

Quality and timeliness with an optimum efficiency levels are the key factors affecting the delivery in service sectors. While this holds true even now, with the insertion of frequent market turmoil affecting the various line of services, many of which are linked to each other have turned the focus lights towards risk related considerations taken by the companies who strive to guard the interests of their existing customers, shareholders and employees on one end and to enhance their brand and goodwill to develop new clients.

The fashion in which Operations Management and Quality Management systems addresses the areas of improvement in the service delivery performance and customer delight, the processes and systems used to control and manage the various forms of risks like operational risks, credit risk, liquidity risk, market risk, IT risk etc., too have gained better momentum. Standards in the areas like information security, business continuity are changing the structure of operations models in the service sector.

Of all the service sectors, one industry which has been in the limelight for quite some time now and in fact, the industry which happens to respond most to this volatility in the market is the financial services industry. Based on the past experiences and future assumptions, it is expected that the financial markets will continue to experience some amount of volatility in the next few years. Even though various regulations like Basel II, Solvency II for insurers, UCITS 3 for Asset Managers and Sarbanes Oxley (SOX) for everything else are being prescribed, events wiping out major financial services giant like Lehman Brothers are promoting new sets of stringent regulations.

While it is very crucial from the risk management perspective to understand the appetite of the company to digest these new regulations and churn out positive outcomes for energising the overall financial system, it is more important to understand the gaps in the existing systems and regulations which resulted in such a large scale financial crises. Thus, finding realistic solutions which precisely lies in the basics of risk management needs to be looked afresh.