Operational risk management
From Wikipedia, the free encyclopedia
In business, the term Operational Risk Management (ORM) is the oversight of many forms of day-to-day operational risk including the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk does not include market risk or credit risk.
Contents |
[edit] Benefits of ORM
- Reduction of operational loss.
- Lower compliance/auditing costs.
- Early detection of unlawful activities.
- Reduced exposure to future risks.
[edit] Categories of Risk
The Basel Committee on Banking Supervision breaks down loss events into seven general categories:
[edit] Internal Fraud
Loss due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity, discrimination events, which involves at least one internal party.
[edit] External Fraud
Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party. These activities include theft, robbery, hacking or phishing attacks.
[edit] Employment Practices and Workplace Safety
Losses arising from acts inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity / discrimination.
[edit] Clients, Products & Business Practice
Losses arising from unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature of design of a product.
[edit] Damage to Physical Assets
Losses arising from loss or damage to physical assets from natural disaster or other events. See disaster recovery or business continuity planning.
[edit] Business Disruption & Systems Failures
Losses arising from disruption of business or system failures. This includes loss of due to failure of computer hardware, computer software, telecommunications failure or utility outage and disruptions. See disaster recovery or business continuity planning.
[edit] Execution, Delivery & Process Management
Losses from failed transaction processing or process management, from relations with trade suppliers and vendors. This includes Transaction Capture, Execution & Maintenance Miscommunication, Data entry, maintenance or loading error Missed deadline or responsibility, Model / system misoperation Accounting error, entity attribution error, Delivery failure, Collateral management failure Reference data maintenance, Monitoring & Reporting Failed mandatory reporting obligation, Inaccurate external report (loss incurred), Customer Intake & Documentation Client permissions / disclaimers missed Legal documents missing / incomplete, Customer / Client Account Management Unapproved access given to accounts, Incorrect client records (loss incurred), Negligent loss or damage of client assets, Trade partners, non-client vendor misperformance and vendor disputes.
[edit] ORM Software
The impact of the Enron failure and the implementation of the Sarbanes-Oxley Act has caused several software development companies to create enterprise-wide software packages to manage risk. These software systems allow the financial audit to be executed at lower cost.
Forrester Research has identified 115 Governance, Risk and Compliance vendors that cover operational risk management projects.
[edit] See also
- Benefit risk
- Cost risk
- Operational risk
- Optimism bias
- Audit
- Bribery
- Political corruption
- Insurance
- Fraud
- Risk
- Risk management
- Basel II
- Key Risk Indicators