Operational risk has been identified as one area of risk which is faced by all the organizations. Operational risk has been defined under BASEL-2 guidelines as,' The risk of loss resulting from inadequate or failed internal processes, people or systems or from external events'. Let us try and understand all the four components of operational risks as mentioned in the BASEL-2 definition.
What constitutes failure of internal processes? The failure of internal processes may arise from factors such as inadequate segregation of duties, organizational complexity, inadequate management supervision etc. Risks related to people would arise from factors such as negligence, incompetency or insufficient training to the employees. Third component of operational risk related to technology can arise if there is lack of automation in an organization, obsolete systems being used by an organization etc. Operational risks also arise from external causes which are outside the control of an organization. These could be events like natural disasters, operational failures of a third party etc.
Once the operational risks have been identified, the next step would be management of these risks. Why operational risks need to be managed? The need for management of operations risks arise from the fact that these risks can create liabilities for an organsation and also result into regulatory issues. Hence, a robust operational risk management should be in place.
BASEL-2 has set prescribed certain practices for operational risk management. These practices are documented and are called as,' Sound Practices for the Management of Operational Risks'. Some of the important practices are as follows:
1. The Board of Directors should be aware of the fact that operational risks are distinct risk that needs to be managed separately. Also the BOD should approve and periodically review the operational risk.
2. It is the responsibility of BOD to ensure that operational risk management should be audited internally by operationally independent and competent staff.
3. Senior management should have the responsibility for implementing operational risk management framework.
4. There should be business continuity plans in place to ensure smooth functioning of an oganisation
5. There should be policies, processes and procedures to control/mitigate operational risks.
As per BASEL-2 guidelines, following aspects should be part of operational risk management:
a) Operational risk management structure
b) Role and responsibilities
c) Operational risk management processes
d) Operational risk assessment/measurement methodologies
Operational risk management is very critical for an organsation and it can be successfully implemented by developing risk management as a part of culture of an organization.
About Author / Additional Info: