Operational Risk is the risk of not meeting business and regulatory demands effectively causing financial and/or reputational impact.
Years of experience in internal audit and controls experience taught us that one-size does not fit-all in addressing operational risk. As a consultant for 19+ years, I often provide various flavors of operational risk and control services for financial services companies and have distilled my lessons learned into a few components for smaller businesses.
The first one is an annual operational risk assessment and plan. As a growing business, being nimble to the ever-changing business environment requires that your operations can also be adaptable while mitigating risks that can ultimately cause financial or reputational distress. Operations means the processes, people, and systems supporting the business. For financial services, operations can be processing trader order and execution, and complying with trading requirements, regulatory reporting, performance, and client reporting requirements.
Another way to put this by a colleague and well-respected risk manager, John Raezer, “For an organization to be transformational, it demands agility. Agility is the speed at which an organization can change its systems and the competences of its human resources to ensure that its products and services remain relevant to the client.”
The initial operational risk assessment and planning is valuable in two important ways. First, this exercise provides a top down view of all areas and their associated risk ranking in a compact amount of time. This sets an important building block for planning for the rest of the year in term of a roadmap for implementation/action items to address the high-risk areas identified. Second, performing an operational risk assessment implies that the organization is taking a risk-based approach which emphasizes quality vs. quantity. This concept is also what the regulators champion as well. Best of all, this means savings to the bottom line in terms of hours and funds spent. In a small business, this also means relief to not do everything given the limited budget, but a focus on the right activities to enable business growth.
Given the above, the key ingredient for an effective operational risk and planning process is having an agreed upon risk methodology and planning tool.
Prior to beginning a risk assessment, the team should review and confirm the risk methodology and planning tool to be utilized for the exercise. Risk assessment and planning are often different from performing the actual implementation. So, it’s important that the team agrees on the risk categories, criteria for risk rankings, risk tolerance thresholds ahead of time.
For next time, we will discuss what are key components of a Risk Methodology and Planning tool?
In the meantime, for those of you who are interested in a free sample operational risk assessment, please email me at LShen@alliaconsulting.com.
Written by Laurie Shen, CEO and President
ALLIA Consulting LLC