澳洲幸运5官方开奖结果体彩网

Operational Risk: Overview, Importance, and Examples

By
澳洲幸运5官方开奖结果体彩网:Troy Segal
澳洲幸运5官方开奖结果体彩网:Full Bio
Troy Segal is an editor and writer. She has 20+ years of experience covering personal finance, wealth management, and business news.
Learn about our 澳洲幸运5官方开奖结果体彩网:editorial policies
Updated September 24, 2024
Reviewed by
Thomas J. Catalano
Thomas Catalano
Reviewed by Thomas J. Catalano
Full Bio

Thomas J Catalano is a CFP and Registered Investment Adviser with the state of South Carolina, where he launched his own financial advisory firm in 2018. Thomas' experience gives him expertise in a variety of areas including investments, retirement, insurance, and financial planning.

Learn about our 澳洲幸运5官方开奖结果体彩网:Financial Review Board
Fact checked by
Yarilet Perez
Yarilet Perez
Fact checked by Yarilet Perez
Full Bio
Yarilet Perez is an experienced multimedia journalist and fact-checker with a Master of Science in Journalism. She has worked in multiple cities covering breaking news, politics, education, and more. Her expertise is in personal finance and investing, and real estate.
Learn about our 澳洲幸运5官方开奖结果体彩网:editorial policies
Definition
Operational risk is the potential for loss resulting from inadequate or failed internal processes, people, systems, or external events that affect a company's day-to-day business activities.

What Is Operational Risk?

Operational risk summarizes a company's uncertainties and hazards when attempting to do its day-to-day business activities within a field or industry. A type of 澳洲幸运5官方开奖结果体彩网:business risk, it can result from breakdowns in internal procedures, people, and systems—as opposed to problems incurred from external forces, such as political or economic events, or inherent to the entire market or market segment, known as 澳洲幸运5官方开奖结果体彩网:systematic risk.

Operational risk management involves addressing potential weaknesses in an organization’s staff, systems, and internal controls to prevent disruptions and financial losses. This type of risk can also be classified as a variety of 澳洲幸运5官方开奖结果体彩网:unsystematic risks unique to a specific company or industry.

Key Takeaways

  • Operational risk summarizes the risks and uncertainties a company faces in conducting its daily business activities, procedures, and systems.
  • This type of risk is closely tied to human error, where mistakes or failures result from employee decisions or actions.
  • Companies assess operational risk by identifying key risk indicators (KRIs) and collecting data against these metrics.
  • Unlike systematic or financial risk, operational risk is a distinct category of business risk.
  • Companies can manage operational risk by anticipating risks before they arise, performing cost/benefit analysis, avoiding unnecessary risk, and delegating strategic planning to upper management.


Operational Risk

Investopedia / Dennis Madamba

Understanding Operational Risk

Operational risk focuses on how things are accomplished within an organization, not necessarily what is produced or inherent within an industry. These risks are often associated with active decisions relating to how the organization functions and whatꦑ it prioritizes. While these risks don’t always lead to failure, reduced production, or increased costs, their severity is influenc෴ed by internal management decisions.

Because it reflects man-made procedures and thinking processes, operational risk can be summarized as a human risk; it's the risk of business operations failing due to human error. It changes from industry to industry and is an important consideration when making potential investment decisions. Industries with lower human interaction are likely to have lower operational risk.

Managing these risks is crucial, particularly for financial institutions, where operational losses can be unpredictable and financially significant. While traditional methods involve internal audits, processes, and insurance, the banking sector has adopted more advanced operational risk management frameworks to address growing complexities.

Important

Operational risk is a type of business risk, alongside strategic risk (failing to operate according to a plan), compliance risk (not adhering to laws and industry regulations), and reputational risk (factors that could damage an organization’s image or public perception).

Causes of Operational Risk

Operational risk usually arises from four different sources: people, processes, systems, or external events. For many aspects of operational risk, companies must simply try to mitigate the r꧙isk within each category as best asꦆ possible with the understanding that some operational risk will likely always be present.

People

Operational risk caused by people can arise due to employee deficiencies or shortages. For example, a company may not have staff with the knowledge needed to tackle a specific 🎃problem, or it may not have an appropriate number of employees on hand to properly address peak season or the busier times of the year.

Companies can simply look to markets to hire staff to mitigate these types of risks. However, this introduces new people-centric operational risks such as identifying the appropriate candidates to hire, training staff, and ensuring employee retention remains high. As each of these aspects is resource- and time-intensive, operational risks caused by people are heavily tied to financial repercussions.

Processes

Every company has its own processes. More complex manufacturing companies (e.g., a vehicle manufacturer) will have different processes than a service-only law firm. In either case, all companies have steps that must be 澳洲幸运5官方开奖结果体彩网:performed in sequential order, or else detrimental outcomes are possible.

In many cases, es💮pecially with companies that have experienced high turnover, companies may not have fully built out their processes or documented all the steps. In addition, some processes are also at risk of being taken advantage of through collusion and failed internal co🅷ntrols, putting the company at risk of losing money through theft.

Systems

More and more companies are relying on software and systems to operate their businesses. Operational risk includes the chance that these systems are outdated, inadequate, or not properly set up. There are also performance considerations, as operational risk consists of the possibility that one company's systems aren't as efficient as a competitor's.

There also are operational risks relating to a system's technical aspects. Systems may have bugs or technical deficiencies, leading to more exposure to 澳洲幸运5官方开奖结果体彩网:cybercrime. Systems also have capacity constraints, and a company maꦺy be increasing its risk by placing too heavy a load of expectations on what its systems can do.

External Events

In many cases, operational risk occurs outside the company. This can be anything from natural disasters that impede a company's shipping process to political changes that restrict the company's ability to operate. Some of these types of risk may be classified on their own (e.g., geopolitical risk). Others are simply a nature of business, such as a third-party defaulting on a contract agreement.

Fast Fact

Operational risk can never be 100% eliminated, and management must decide what level of operational risk it is comfortable accepting. While businesses often seek to reduce risk through contracts or agreements, external factors, such as supplier reliability, can still pose significant challenges.

The 7 Categories of Operational Risk

The four causes described above can be expanded and broken into seven main categories of operational risk. These seven primary categories include (in no par꧅ticular order)🐓:

  1. Internal fraud: Employees conspire and often collude to overtake internal controls and misappropriate company resources.
  2. External fraud: Independent parties outside the company attempt to bribe, thieve, forge, or cyberattack.
  3. Technology failures: Deficiencies exist in computer systems, hardware, software, or the interaction between any of their components.
  4. Execution, delivery, and process management: Management is unable to properly assess a situation and deploy the right strategy or fails to execute a correct strategy.
  5. Employee practices and workplace safety: There is a violation or risk of violation of workplace safety measures, whether physical, mental, or other.
  6. Natural disasters and damage to physical assets: Inclement weather, fire, or harsh winter conditions can put physical assets at risk and make it impossible for employees to perform their daily tasks.
  7. Clients, products, and business practices: These include operational activities that harm customers, misleading information, negligence, or accidentally not being in compliance with requirements.

How to Assess Operational Risk

Assessing o🍒perational risk involves key risk indicators (KRIs) and data.

KRIs are metrics a company may self-assign as risk benchmarks. They can help managers monitor risk levels, signal changes in exposure, assess the effectiveness of controls, and ensure that the organization operates within its set risk appetite. For example, if a company targets working only with highly creditworthy vendors, it may set a KRI that no more than three vendors default on a contract. Throughout the year, the company can assess whether this goal is being met, identify reasons if it’s not, and take stepꦯs to mitigate the risk.

KRIs are most often quantifiable; it's most useful to a company to have something they can actually track and measure. For this reason, the second key part of assessment is data. Without data, a company will never know whether its KRIs are on track or deficient. Companies may seek to build out robust information-gathering processes, whether through automation, third-party surveys, financial results, or industry data.

For some companies, the operational risk areas worth tracking may have been defined for them for KRIs and data. For example, banking standards may require banks to have certain processes in place, cash on hand, or systems operating in certain ways. In these cases, the benchmarks are set for the company, and it's much easier to assess operational risk.

How to Manage Operational Risk

There are severa𝐆l overarching strategies and♚ overarching principles when it comes to managing operational risk. Though every company can choose how it approaches operational risk, here are four primary ways companies manage risk.

Avoid Unnecessary Risk

It should go without saying, but companies should continually evaluate whether they're taking on risks with no real reward coming back to them. Consider the example above with vendors that may potentially default on contracts. Should there be equally good, if not better, vendors with better credit histories that a company could work with, it may be taking on risk by working with less-than-superior vendors.

As with all things in investing, there is usually a positive relationship between risk and returns. As 🅰companies take on more risk, they should be fairly compensated with greater returns. Therefore, companies can manage operational risk by eliminating processes 🅷that do not reward the company but instead solely incur unnecessary risk.

Do a Cost/Benefit Analysis

澳洲幸运5官方开奖结果体彩网:Cost/benefit analysis is a data-driven method used to evaluate whether the potential benefits of a business decision outweigh its associated costs. Similar to the concept above, companies must manage risk by ﷽comparing the r♒isks they take with the benefits they receive. Instead of focusing solely on risk, this step entails being mindful of the rewards a company may realize from taking a risk.

For example, a company may decide to expand into an international market. This move may involve tremendous operational risk. However, if the market is untapped and proper research has been conducted, the reward of expanding the business may far outweigh the operational risk. Sometimes, companies need to understand that ꦛrisk is necessary to manage risk.

Delegate Decisions to Upper Management

For companies to make the wisest decisions, it's usually best for upper management to decide how to approach operational risk. These team members often have the greatest insights into a company and know larger strategies that may work together.

Using the example above, a senior management team member should be assigned responsibility for the decision-making of the international expansion. That executive should work with members across all company teams to better understand the logistics, legal, procurement, and shipment risks. This type of responsibility isn't suitable for an individual contributor at a lower level.

Anticipate Risk

One of the most important aspects of managing risk is understanding ⛄when it is approaching and anticipating its outcomes. By so doing, companies can preemptively decide whether to accept, mitigate, or avoid risk.ꦏ

In the international expansion example above, a company can easily perform vast research to better understand geographical limitations, political risks, or consumer preference differences in this new market. The first step to accepting or managing🙈 risk is to understand what may happen in the future and have a plan to overcome꧃ it.

Operational Risk vs. Other Types of Risk

Operational Risk vs. Financial Risk

In a corporate context, 澳洲幸运5官方开奖结果体彩网:financial risk refers to the possibility that a company's cash flow will prove inadequate to meet its obligations—that is, its loan repayments and other debts. Although this inability could relate to or result from decisions made by management (especially company finance professionals), as well as the performance of the company products, financial risk is considered distinct from operational risk. It's most often related to the company's use of financial leverage and debt financing, rather than the day-to-day efforts of making the company a profitable enterprise.

Operational Risk vs. Market Risk

澳洲幸运5官方开奖结果体彩网:Market risk is usually referred to as the risk of price movements for a financial instrument. These changes in price are often based on investor disposition towards a stock and a compan༒y, interest rates, or economic factors. Whereas market risk is pr🔯imarily focused on investments and securities, operational risk is mostly focused on the internal operations of a company, its resources, and its people.

Operational Risk vs. Strategic Risk

These two types of risks may ꦐblend together in certain areas, though the greatest distinction is that strategic risk is usually long-term and may involve more external parties. A new competitor entering a market is a strategic risk, though how the company handles that on a day-to-day basis is an operational r😼isk. The competitor may have also decided to enter the market because they felt their level of operational risk could be less than that of other companies.

Examples of Operational Risk

One area that may involve operational risk is the maintenance of necessary systems and equipment. If two maintenance activities are required, but it is determined that only one can be afforded at the time, choosing to perfꦡorm one over the other alters the operational risk depending on which system is left in disrepair. If a system fails, the negative impact is associated directly with the operational risk.

Other areas that qualify as operational risk tend to involve the personnel within the organization. It is considered an operational risk, for example, if a sales-oriented business chooses to maintain a subpar sales staff due to its lower salary costs or another factor. The same can be said for failing to properly maintain a staff to avoid certain risks. In a manufacturing company, for example, choosing not to have a qualified mechanic on staff, and having to rely on 澳洲幸运5官方开奖结果体彩网:third parties for that work, can be classified as an operational risk. Not only does this impact the smooth functioning of a🦩 system, but it also involves additional time delays.

The willing participation of employees in fraudulent activity may also be seen as an operational risk. In this case, the risk involves the possibility of repercussions if the activity is uncovered. Since individuals make a decision to commit fraud, it is considered a risk relating to how the business operateꦇs.

What Are the 5 Levels of Risk?

Companies often gauge risk by determining whether it is highly likely, likely, possible, unlikely, or highly unlikely that an event wil𝔉l occur. Highly likely is often assigned a percentage of greater than 90%, while likely includes a range that is always above 50%. Management uses these percentages to determine the best course of action when evaluating the cost of mitigation against the cost of a detrimental outcome.

How Do You Identify Operational Risk?

Operational risk is identified by assessing what could go wrong in the day-to-day aspects of a company. Management often identifies operational risk by asking questions such as "what if a certain system breaks down?" or "what if a certain supplier is unable to deliver goods on time?" Management can come up countless areas of operational risk; it is up to that team to decide which aspects are most important to mitigate and which to accept.

What Are the 4 T's of Risk Management?

The four T's of risk management are:

  • Tolerate: Management decides it is okay with a certain operational risk and does not take action to stop it.
  • Terminate: Management is not okay with any level of risk associated with a certain activity and decides to stop that activity.
  • Treat: Management puts in place certain maneuvers that decrease the potential total risk.
  • Transfer: Management wants to perform an activity but seeks a third-party to incur the risk on its behalf (i.e., it buys insurance).

Who Is Responsible for Managing Operational Risk?

Senior management is often responsible for managing operational risk by being aware of what risks are in place and the strategies for overcoming them. Though lower-level field managers are more involved in a company's day-to-day aspects, senior management should oversee their activities to make sure the operational risk strategies are being properly carried out.

The Bottom Line

Operational risk is the risk of loss resulting from many normal aspects of business. This includes the risk of loss caused by failed processes, unskilled employees, inadequate systems, or external events. In many ways, operational risk can't be avoided as it is part of the daily business activity of a company. In other ways, companies can seek to reduce, mitigate, or accept operational risk.

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.

  1. The Open University. "."

  2. Federal Deposit Insurance Corporation. "."

  3. CompTIA Community. "."

  4. American Public University. ""

  5. Basel Committee on Banking Supervision. "."

  6. The Institute of Operational Risk. "."

  7. Harvard Business School Online. "."

Read more

Related Articles

Economies of Scope
Economies of Scope: Definition, Example, and Importan𒁏ce
Business workers in an office shaking hands while their coworkers look on
Reverse Triangular Merger: Overview and A༒dvantages
Paradigm Shift
Wha🦄t Is a Paradigm Shift? Definition, Example, and Meaning
Net Operating Profit After Tax (NOPAT)
Net Operating Profit After Tax (NOPAT) Definition🔯 and Formula
Perfect Competition
Perfect Competition: Examples and How It Works
Opportunity Cost Definition
Opportunity Cost: Definition, Formula,🅘 and Examples
Balanced Scorecard (BSC)
What Is a Balanced Scorecard (BSC)? Examp🐠les and Uses
Business man using calculator analyzing costs.
Are Marginal Costs Fixed or Variable Costs?
Receipt: Proof of a financial transaction or purchase.
What Is a Receipt?
Succession Planning
Why Succession Planning Matters
Vendor: Anyone who sells goods or services.
What Is a Vendor? Definition, Types, and Example
Mergers and Acquisitions (M&A)
Mergers and Acquisitions (M&🌟;A): Types, Structures🦂, and Valuations
Economies of Scale
Economies of Scale: What Are They and How Are꧋ They Used?
A business team discusses a business plan with diagrams, documents and digital devices in the office.
What Is a FIG at an Investment Bank?
Firm
Firms: Definition in Business, How Th🧔ey Work, and Types
Competitive Advantage
Competitive Advantage Definition With Typeꦇs and Examples