LESSON 01: WHAT IS OPERATIONAL RISK?

Video Activity Text Additional reading and references

1.1 PURPOSE
Introducing and defining operational risk.

1.2 KEY CONCEPTS

Operational risk Management Sub-categories of operational risk
Cause and effect Measurement Operational risk management (ORM)
Framework Challenges Enterprise risk management (ERM)

1.3 LEARNING OUTCOMES

On completion of this lesson, you should be able to

 define operational risk and its sub-categories

 equate operational risk to enterprise risk management
 identify the overlap with other risks and the boundary issue
 state why operational risk is different from other risks
 follow the chain of causality (cause event effect)
 explain the requirements for measuring and managing operational risk
 explain the challenges of operational risk management
 structure an operational risk management framework

1.4 LEARNING MATERIAL

Chapter 1 of the prescribed book. What is operational risk?

1.4.1 The road to operational risk

Risk management is not a new concept. People have experienced events with negative consequences, referred to as risks,
since the beginning of time. The possibility that something can go wrong will always exist and that is why we need to manage
risk. Different types of risk require different approaches and it is important for a business to define its risks and to ensure the
consistent application of these definitions throughout the organisation.

Study “The road to operational risk” in chapter 1.

1.4.2 What do we mean by operational risk?

Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or
from external events. The sub-categories of operational risk therefore comprise processes, people, systems and external
events. Legal and regulatory risks may be included under external events. Strategic risk – that is, pursuing an unsuccessful
business plan or strategy – can also form part of operational risk. However, reputational or reputation risk is normally excluded
since it is usually the result and not the cause of an operational risk failure.

Study “What do we mean by operational risk?” in chapter 1.

1.4.3 The boundary issue

Risks are interrelated, meaning that from an operational risk perspective, risks overlap with other risks. Events also do not
materialise in isolation, but quite often in a sequence of events with multiple consequences. In addition, the analysis of events
and consequences could possibly identify more than one type of risk. Operational risk is ultimately about the failure or lack
of controls but crosses boundaries, and many losses ascribed to other classes of risk have an operational risk component.
Operational risk covers a very wide range of risks.

Study “The boundary issue” in chapter 1.

The case study below demonstrates how initially unrelated events, caused by different processes and conditions, had a
significant impact on the reputation and financial position of a company.

CASE STUDY: Comair

http://enterprisesystemsmedia.com/article/it-risk-and-consequences#sr=g&m=o&cp=or&ct=-
tmc&st=(opu%20qspwjefe)&ts=1557754876

1.4.4 Why operational risk is different from other risks

Even though operational risk covers a wide range of events and risks, it is in essence different from other risks.

SELF-REFLECTIVE ACTIVITY

In seven points, summarise why operational risk is different from other risks.

 ………………………………………………………………………….
 ………………………………………………………………………….
 ………………………………………………………………………….
 ………………………………………………………………………….
 ………………………………………………………………………….
 ………………………………………………………………………….
 ………………………………………………………………………….
 ………………………………………………………………………….

Study “Why is operational risk different from other risks” in chapter 1.

1.4.5 Cause and effect

It is important from an operational risk management perspective to understand the causes of an event and their
consequences. Quite often more than one cause is responsible for an event and more than one event is responsible for a
disaster.

Study “Cause and effect” in chapter 1.

Measurement and management of operational risk

The measurement of operational risk is problematic due to a lack of data, the human element and the nature of the risks it
covers – especially compared to credit and market risk.

Study “Measurement and management of operational risk” in chapter 1.

1.4.6 Challenges of operational risk management

The board and employees at all levels must assume operational risk management for it to be effective. The activities of
identifying, assessing, managing and mitigating risks are largely commonplace but must be structured in a coherent
framework to facilitate understanding, control and allocation of resources. Operational risk is about managing people and
circumstances that are constantly changing. Judgements are subjective and not necessarily based on numbers, making it
difficult to model (i.e. capture and aggregate data) the risk and report on operational risk. There is no standard instruction
manual on operational risk, and each organisation faces different risks and manages those risks according to specific guidelines
or within a certain framework.

Study “Challenges of operational risk management” in chapter 1.

1.4.7 Introducing the framework

Organisations are under increasing pressure to improve stakeholder value. Stakeholders (i.e. shareholders, regulators,
communities, unions and employees) are increasingly demanding and require organisations to be transparent and to
substantiate their decisions. Organisations therefore need to develop a risk management framework and process to deal with
these demands and the risks resulting from doing business. It is important to link business strategies to the risk management
process.

Study “Introducing the framework” in chapter 1.

1.5 ACTIVITY

Self-assessment questions: Go to the Online assessment tool to do 1.1

1.6 REFLECTION

Before you continue to the next lesson, reflect on the following personal questions:

a. Where, in your professional life, do you think you will be able to use the skills you have learnt in
this lesson?
b. What did you find difficult? Why do you think you found it difficult? Do you understand it now or
do you need more help? What are you going to do about it?
c. What did you find interesting in this lesson? Why?
d. How long did it take you to work through chapter 1 for this lesson? Are you still on schedule, or do
you need to adjust your study programme?
e. How do you feel now?
1.7 CONCLUSION

In this lesson we introduced you to the concept of operational risk management to help you understand it in the context of
global affairs. The chapter gave you a brief overview of what comprises operational risk management and the benefits of
introducing the operational risk framework to businesses.