Operational Risk Management
For this assignment, you should read chapters 1, 2 and 7 in Essentials of Risk Management.
Bauer, T., & Erdogan, B. (2012), Organizational behavior (1.1 ed.). Nyack, NY: Flat World Knowledge.
This paper will focus on operational risk management. After reading chapters 1, 2 and 7 in Essentials of
Risk Management, you should have a basic understanding of what is involved in managing risks within a
corporation. I would like you to focus on the operational considerations that were mentioned in chapter 7
(a list can be found on page 155). Most of these considerations involve the employees in some way. I
would like you to find an example of a company that failed to use risk management properly and explain
how it could have helped them to avoid their problems.
The best way to begin this paper is to think of companies that you have heard of in the headlines in a
negative way, or companies that have gone out of business in the last several years. Once you decide on
a company, you should be able provide an explanation of the problem as well as your thoughts on how
this could have been avoided using risk management. Another alternative is to use a company that you
OPERATIONAL RISK MANAGEMENT 2
currently or previously worked for. If you choose the latter, please make sure that you can provide the
This paper should include 3-5 pages of content with an additional cover and reference page. This is a
total of 5-7 pages.
Your paper should be written in proper APA format. This link will take you to the section of the APUS
library that can assist you with your formatting apus.campusguides.com/content.php.
Operational Risk Management
Every risk in a business organization has got its own costs associated with it. Risk
management is among the very basics and essentials of an organization. Poor risk management
will cost the organization highly in terms of finances or even the public image. Proper and
effective risk management will help the organization tackle issues in a very effective and
efficient manner, which is less costly as compared to addressing the risk after it has occurred.
Risks can result out of employees, technicalities in operations, and poor management strategies
(Risk Center, 2013). In order to manage risks effectively, the organization needs to identify the
risks and categorize them into strategic and operational risks. The former are those risks that
OPERATIONAL RISK MANAGEMENT 3
come up due to the decisions that are made by the management, which affect the business
adversely or negatively. A single operational risk may not affect the organization so much but
occurrence of the same, for instance, more than twice will affect the organization greatly. For
instance, occurrence of a single burglary in an organization may not affect it so much but its
repetition will affect the organization greatly in terms of financial loss. This risk indicates a gap
in the security systems of the organization and if not addressed effectively, then the entity is
likely to suffer a great financial loss (Youngn& Coleman, 2009).
In the year 2007, the United Kingdom Government taxation authority, HM Revenue &
Customs (HMRC) incurred a very great operational risk. In this case, personal details of 25
million people that were stored in two CDs were lost in the internal mails. The fallout from the
loss of these CDs included the resignation of the HMRC chairman Paul Gray due to the
organization’s substantial operational failure. This is a very good example of an operational risk,
which has got a very great financial loss for the country.
The operational risk management board cannot be able to mange risks by itself;
however, it is responsible for formulation and implementation of control systems that can deal
with the problem appropriately. The board can establish a risk committee that is to monitor
exposure, actions taken, and the risks that have materialized. The risk committee will be tasked
with the responsibility of assessing the operational risks in an aggregate over the whole
organization. They make a decision on which risks are the most significant and the appropriate
actions to be taken in order to counter them. In order to achieve this effectively, the risk
committee needs to set priorities for the control systems and liaise with the internal audit through
the auditor to ensure that these risks are covered (Bauer & Erdogan, 2012).
OPERATIONAL RISK MANAGEMENT 4
This risk committee can be supported by a risk management function, which shall be
responsible for establishing a risk management framework and the appropriate policies and
regulation in regard to effecting or the use of the framework. The risk management function
should also promote risk management by providing the appropriate information and training of
the employees regarding how they can manage the risks that are available within their
department or area of specialization. Apart from ensuring specific risks are dealt with
appropriately, managers will be concerned with their local working environment and will deal
with conditions that may cause risks to materialize (Bauer & Erdogan, 2012). For instance, they
shall have to assess whether the employees are working excessively long hours and are more
likely to make mistakes due to overworking. The managers shall also supply information to
senior managers to enable them in assessing the risk position over the whole organization. In
essence, the employees are held responsible of taking the appropriate steps to manage the risk
and preventing risks from occurring. The senior management and the risk management
committee are held responsible for ensuring that the employees have the appropriate knowledge
and skills of dealing with the risks.
After the operational risk analysis by the operations committee, the organization can
classify operational risks into two broader categories, which include low probability high impact
risks and high probability low impact risks. The management of low probability but high impact
risks can involve insuring the risks in question so that when they occur the organization can
recover quickly to avoid much financial loss (White, 2014).
For the other risks, they can choose to use a contingency plan. A contingency plan serves
to replace or replicate the efforts of other systems. This is commonly used by having generators
or other sources of energy standby so that when there is a blackout, the production process can
OPERATIONAL RISK MANAGEMENT 5
continue. The contingency plan can also be applied in information systems. In the above case of
the United Kingdom taxation authority, replication of information materials could have helped
manage the risks. In the current world there are several methods and means of storing digital
information, this include cloud computing. Had the management used other alternative methods
of storing the data, they could have recovered easily from the loss (White, 2014).
Managing operational risks is very essential in every organization. Clear analysis of the
likely risk should be done, and then the appropriate measures to manage the risk are identified.
The information is availed to the relevant people on how to manage the risk; this can involve
training of the employees and equipping them if necessary. Poor risk management strategies
result in large financial losses for the organization.
Bauer, T., & Erdogan, B. (2012), Organizational behavior (1.1 ed.). Nyack, NY: Flat World
Risk Center, (2013). Operational Risk: Operational Risk Regulation and Assessment.