Nature of 'Operational Risk'

Operational Risk as a process follows a cyclic fashion which revolves around risk identification, risk assessment, determining mitigating actions and setting controls to avoid or minimise the effect of the risk exposures arising out of the business operations. If we have to categorize risks in to two broad categories as ‘financial’ and ‘non-financial’, the loss can result due to human errors, external or internal events, the manner in which the systems or processes operate in a business. Operational risk covers all the above aspects of risk exposure. Does this mean that ‘Operational Risk Control’ is all that is required to save an organization or business from doom? The answer is ‘No’; it is certainly not the only process contributing towards risk management, as Market Risk & Credit Risk too has its due share. But the key differentiator between the other risk management process from that of Operational risk is the nature of its application in the business environment. To further simplify, there are pre-defined models to manage Credit / Market risks, whereas there is no specific model or application to bank on, as far as Operational risk is concerned. It is hence considered more dynamic in nature compared to other risk segments.

As represented in the pictographic representation of the Operational Risk Framework, the core of the Operations risk governance model of Assessing the risk exposures or incidents, placing controls, monitoring the performance of those controls and initiating necessary actions as required are carried out by scheduling appropriate set of processes, technology and of course the human resource. All the above comes together to ensure ‘Confidentiality’, ‘Integrity’ and ‘Availability’ of the assets of any organization.