Operational risk is the prospect of loss resulting from inadequate or failed procedures, systems or policies.
- Employee errors
- Systems failures
- Fraud or other criminal activity
- Any event that disrupts business processes
Most organizations accept that their people and processes will inherently incur errors and contribute to ineffective operations. In evaluating operational risk, practical remedial steps should be emphasized in order to eliminate exposures and ensure successful responses. Poor operational risk management can hurt an organization's reputation and cause financial damage. How much loss an organization is prepared to accept, combined with the cost of correcting those errors, determines the organization's risk appetite.
Operational risk can play a key role in developing overarching risk management programs that include business continuity and disaster recovery planning, and information security and compliance measures. A first step in developing an operational risk management strategy can be creating a risk map -- a plan that identifies, assesses, communicates and mitigates risk.