Operational Risk is the risk of not meeting business and regulatory demands effectively causing financial and/or reputational impact.
Years of experience in internal audit and controls experience taught us that one-size does not fit-all in addressing operational risk. As a consultant for 19+ years, I often provide a variety of operational risk and control services and have distilled my lessons learned for smaller businesses.
The first lesson is that companies should annually perform an operational risk assessment and plan. Growing businesses need to be able to respond to an ever-changing business environment; this requires they have adaptable operations, while mitigating risk of financial and/ or reputational loss. Operations means the processes, people, and systems supporting the business. For financial services, operations include processing trader order and execution, and complying with trading requirements, regulatory reporting, performance, and client reporting requirements.
Adaptability is critical according to well-respected risk manager, John Raezer, “For an organization to be transformational, it demands agility. Agility is the speed at which an organization can change its systems and the competences of its human resources to ensure that its products and services remain relevant to the client.”
The annual operational risk assessment and planning is valuable in two important ways. First, it provides a top down view of all areas and their associated risks in a compact amount of time. This create a roadmap for implementation/ action items to address the high-risk areas identified. Second, performing an operational risk assessment implies that the organization is taking a risk-based approach which emphasizes quality vs. quantity. Simply put, this adopts the pareto principle of 80% of the problem is solved by doing 20% of the work. The risk assessment approach is also what the regulators champion. Best of all, this means savings to the bottom line in terms of hours and funds spent on managing risk. For small businesses with limited budgets, this enables them to focus on the most impactful activities.
To effectively perform an annual operational risk assessment and plan, you must have an agreed-upon risk methodology and planning tool. This brings me to my second lesson. Prior to beginning a risk assessment, the team should review and confirm the risk methodology and planning tool to be utilized for the exercise. Risk assessment and planning are often different from performing the actual implementation. So, it’s important that the team agrees on the risk categories, criteria for risk rankings, risk tolerance thresholds ahead of time.
For next time, we will discuss what are the key components of a Risk Methodology and Planning tool.
In the meantime, for those of you who are interested and like to discuss this topic some more, please email me at LShen@alliaconsulting.com.
Written by Laurie Shen, CEO and Founder
ALLIA Consulting LLC