Operational risk management

From Wikipedia, the free encyclopedia

In business, the term Operational Risk Management (ORM) is the oversight of many forms of day-to-day operational risk including the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk does not include market risk or credit risk.

Contents 1 Benefits of ORM 2 Categories of Risk 2.1 Internal Fraud 2.2 External Fraud 2.3 Employment Practices and Workplace Safety 2.4 Clients, Products & Business Practice 2.5 Damage to Physical Assets 2.6 Business Disruption & Systems Failures 2.7 Execution, Delivery & Process Management 3 ORM Software 4 See also 5 References

[edit] Benefits of ORM

1. Reduction of operational loss.
2. Lower compliance/auditing costs.
3. Early detection of unlawful activities.
4. Reduced exposure to future risks.

[edit] Categories of Risk

The Basel Committee on Banking Supervision breaks down loss events into seven general categories:

[edit] Internal Fraud

Loss due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity, discrimination events, which involves at least one internal party.

[edit] External Fraud

Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party. These activities include theft, robbery, hacking or phishing attacks.

[edit] Employment Practices and Workplace Safety

Losses arising from acts inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity / discrimination.

[edit] Clients, Products & Business Practice

Losses arising from unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature of design of a product.

[edit] Damage to Physical Assets

Losses arising from loss or damage to physical assets from natural disaster or other events. See disaster recovery or business continuity planning.

[edit] Business Disruption & Systems Failures

Losses arising from disruption of business or system failures. This includes loss of due to failure of computer hardware, computer software, telecommunications failure or utility outage and disruptions. See disaster recovery or business continuity planning.

[edit] Execution, Delivery & Process Management

Losses from failed transaction processing or process management, from relations with trade suppliers and vendors. This includes Transaction Capture, Execution & Maintenance Miscommunication, Data entry, maintenance or loading error Missed deadline or responsibility, Model / system misoperation Accounting error, entity attribution error, Delivery failure, Collateral management failure Reference data maintenance, Monitoring & Reporting Failed mandatory reporting obligation, Inaccurate external report (loss incurred), Customer Intake & Documentation Client permissions / disclaimers missed Legal documents missing / incomplete, Customer / Client Account Management Unapproved access given to accounts, Incorrect client records (loss incurred), Negligent loss or damage of client assets, Trade partners, non-client vendor misperformance and vendor disputes.

[edit] ORM Software

The impact of the Enron failure and the implementation of the Sarbanes-Oxley Act has caused several software development companies to create enterprise-wide software packages to manage risk. These software systems allow the financial audit to be executed at lower cost.

Forrester Research has identified 115 Governance, Risk and Compliance vendors that cover operational risk management projects.

[edit] See also

• Benefit risk
• Cost risk
• Operational risk
• Optimism bias
• Audit
• Bribery
• Political corruption
• Insurance
• Fraud
• Risk
• Risk management
• Basel II
• Key Risk Indicators

[edit] References

• Defining Risk by Glyn Holton