Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Operational risk management
open-in-new
<h2 id="four-principles">Four principles</h2> <p>The <a href="/facts/U.S._Department_of_Defense/dWAvf7e3">U.S. Department of Defense</a> summarizes the principles of ORM as follows:<a class="footnote-ref" id="fnref:2" href="#fn:2"><sup>2</sup></a> </p> <ul><li>Accept risk when benefits outweigh the cost.</li> <li>Accept no unnecessary risk.</li> <li>Anticipate and manage risk by planning.</li> <li>Make risk decisions in the right time at the right level.</li></ul> <h2 id="three-levels">Three levels</h2> In Depth In depth risk management is used before a project is implemented, when there is plenty of time to plan and prepare. Examples of in depth methods include training, drafting instructions and requirements, and acquiring personal protective equipment. Deliberate Deliberate risk management is used at routine periods through the implementation of a project or process. Examples include quality assurance, on-the-job training, safety briefs, performance reviews, and safety checks. Time Critical Time critical risk management is used during operational exercises or execution of tasks. It is defined as the effective use of all available resources by individuals, crews, and teams to safely and effectively accomplish the mission or task using risk management concepts when time and resources are limited. Examples of tools used includes execution check-lists and <a href="/facts/Change_management/lqReblGf">change management</a>. This requires a high degree of <a href="/facts/Situational_awareness/0EMpWgTa">situational awareness</a>.<a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a> <h2 id="process">Process</h2> <p>The <a href="/facts/International_Organization_for_Standardization/IacYR7Yg">International Organization for Standardization</a> defines the risk management process in a four-step model:<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a> </p> <ol><li>Establish context</li> <li>Risk assessment <ul><li>Risk identification</li> <li>Risk analysis</li> <li>Risk evaluation</li></ul></li> <li>Risk treatment</li> <li>Monitor and review</li></ol> <p>This process is cyclic as any changes to the situation (such as operating environment or needs of the unit) requires re-evaluation per step one. </p> <h3>Deliberate</h3> <p>The <a href="/facts/U.S._Department_of_Defense/dWAvf7e3">U.S. Department of Defense</a> summarizes the deliberate level of ORM process in a five-step model:<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> </p> <ol><li>Identify hazards</li> <li>Assess hazards</li> <li>Make risk decisions</li> <li>Implement controls</li> <li>Supervise (and watch for changes)</li></ol> <h3>Time critical</h3> <p>The <a href="/facts/U.S._Navy/xYK0fUou">U.S. Navy</a> summarizes the <a href="/facts/Time-critical/fSx8z7Ik">time-critical</a> risk management process in a four-step model:<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> </p> 1. Assess the situation. <p>The three conditions of the Assess step are <a href="/facts/Task_loading/SPm8dEIc">task loading</a>, additive conditions, and <a href="/facts/Human_factors/prAcGtDW">human factors</a>. </p> <ul><li>Task loading refers to the negative effect of increased tasking on performance of the tasks.</li> <li>Additive factors refers to having a <a href="/facts/Situational_awareness/0EMpWgTa">situational awareness</a> of the cumulative effect of variables (conditions, etc.).</li> <li>Human factors refers to the limitations of the ability of the human body and mind to adapt to the work environment (e.g. stress, fatigue, impairment, lapses of attention, confusion, and willful violations of regulations).</li></ul> 2. Balance your resources. <p>This refers to balancing resources in three different ways: </p> <ul><li>Balancing resources and options available. This means evaluating and leveraging all the informational, labor, equipment, and material resources available.</li> <li>Balancing Resources versus hazards. This means estimating how well prepared you are to safely accomplish a task and making a judgement call.</li> <li>Balancing individual versus team effort. This means observing individual risk warning signs. It also means observing how well the team is communicating, knows the roles that each member is supposed to play, and the stress level and participation level of each team member.</li></ul> 3. Communicate risks and intentions. <ul><li>Communicate hazards and intentions.</li> <li>Communicate to the right people.</li> <li>Use the right communication style. Asking questions is a technique to opening the lines of communication. A direct and forceful style of communication gets a specific result from a specific situation.</li></ul> 4. Do and debrief. (Take action and monitor for change.) <p>This is accomplished in three different phases: </p> <ul><li>Mission Completion is a point where the exercise can be evaluated and reviewed in full.</li> <li>Execute and Gauge Risk involves managing change and risk while an exercise is in progress.</li> <li>Future Performance Improvements refers to preparing a "lessons learned" for the next team that plans or executes a task.</li></ul> <h2 id="benefits">Benefits</h2> <p>Operational Risk Management (ORM) is not just a compliance requirement; it’s a foundation of business strategy that ensures long-term success. Implementing an effective operational risk management framework offers many benefits for businesses including, </p> <ul><li>Enhanced decision making,</li> <li>Improved regulatory compliance</li> <li>Increased operational efficiency</li> <li>Protection of reputation, and</li> <li>Financial stability<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a><a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a></li></ul> <p>The integration of operational risk management processes helps companies realize significant benefits, such as developing intellectual capital and management techniques that can be applied across various branches to mitigate crises and solve operational problems.<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> </p> <h2 id="chief-operational-risk-officer">Chief Operational Risk Officer</h2> <p>The role of the Chief Operational Risk Officer (CORO) continues to evolve and gain importance. In addition to being responsible for setting up a robust Operational Risk Management function at companies, the role also plays an important part in increasing awareness of the benefits of sound operational risk management. </p><p>Most complex financial institutions have a Chief Operational Risk Officer. The position is also required for Banks that fall into the Basel II Advanced Measurement Approach "mandatory" category. </p> <h2 id="software">Software</h2> <p>The impact of the <a href="/facts/Enron/NxH90ght">Enron</a> failure and the implementation of the <a href="/facts/Sarbanes%25E2%2580%2593Oxley_Act/pfYfkDD2">Sarbanes–Oxley Act</a> has caused several software development companies to create enterprise-wide software packages to manage risk. These software systems allow the <a href="/facts/Financial_audit/PXl6DBNs">financial audit</a> to be executed at lower cost. </p><p><a href="/facts/Forrester_Research/S443brSw">Forrester Research</a> has identified 115 Governance, Risk and Compliance vendors that cover operational risk management projects. <a href="/facts/Active_Agenda/2Kojvujj">Active Agenda</a> is an <a href="/facts/Open_source/7X9rCdz4">open source</a> project dedicated to operational risk management. </p> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/Basel_II/T4Sn0p1d">Basel II</a></li> <li><a href="/facts/Benefit_risk/zMKUQWeB">Benefit risk</a></li> <li><a href="/facts/Cost_risk/UIwGKBcY">Cost risk</a></li> <li><a href="/facts/Data_governance/nt0J5rgc">Data governance</a></li> <li><a href="/facts/Fuel_price_risk_management/YzbsUjJN">Fuel price risk management</a></li> <li><a href="/facts/Futures_techniques/7rmGLdXJ">Futures techniques</a></li> <li><a href="/facts/Key_risk_indicator/1F4IP6Kk">Key risk indicator</a> (KRI)</li> <li><a href="/facts/Operational_risk/71tURHLw">Operational risk</a></li> <li><a href="/facts/Optimism_bias/UTPq1gMQ">Optimism bias</a></li> <li><a href="/facts/Risk/tbBEDA0V">Risk</a></li> <li><a href="/facts/Risk_management/xGhxtxdp">Risk management</a></li> <li><a href="/facts/Risk_management_tools/K9gEA9VF">Risk management tools</a></li> <li><a href="/facts/Solvency_II/4HWPAm6k">Solvency II</a></li> <li><a href="/facts/Tactical_Risk_Management/xGhxtxdp">Tactical Risk Management</a></li> <li><a href="/facts/Three_lines_of_defence/lEEmUV49">Three lines of defence</a></li></ul> <h3>General</h3> <ul><li><a href="https://web.archive.org/web/20110929111016/http://doni.daps.dla.mil/Directives/03000%20Naval%20Operations%20and%20Readiness/03-500%20Training%20and%20Readiness%20Services/3500.39C.pdf">OPNAVINST 3500.39C OPERATIONAL RISK MANAGEMENT (ORM)</a></li> <li><a href="http://safetycenter.navy.mil/instructions/orm/MCO203500.27B.pdf">MARINE CORPS ORDER 3500.27B OPERATIONAL RISK MANAGEMENT (ORM)</a></li></ul> <h3>Cited</h3> <h2 id="external-links">External links</h2> Wikidata has data related to Operational risk management. <ul><li><a href="http://www.ior-institute.org/">The Institute of Operational Risk</a> The institute provides professional recognition and enables members to maintain competency in the discipline of operational risk.</li> <li><a href="http://www.operationalriskinstitute.com/">Operational Risk Institute</a> An association of operational risk training professionals that renders key training on Op Risk related subjects including Business Continuity.</li> <li><a href="https://www.kpmg.com/BE/en/IssuesAndInsights/ArticlesPublications/Documents/ORM.pdf">Operational Risk Management of U.S. Insurers</a> How well do you understand operational Risk Management.</li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Yang, Shirley Ou; Hsu, Carol; Sarker, Suprateek; Lee, Allen S. (2017). "Enabling Effective Operational Risk Management in a Financial Institution: An Action Research Study". Journal of Management Information Systems. 34 (3): 727–753. doi:10.1080/07421222.2017.1373006. <a href="/wiki/Doi_(identifier)" target="_blank">/wiki/Doi_(identifier)</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"Naval Safety Center ORM". Archived from the original on October 11, 2008. Retrieved November 4, 2008. <a href="https://web.archive.org/web/20081011191438/http://safetycenter.navy.mil///ORM/index.asp" target="_blank">https://web.archive.org/web/20081011191438/http://safetycenter.navy.mil///ORM/index.asp</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"Naval Safety Center ORM". Archived from the original on October 11, 2008. Retrieved November 4, 2008. <a href="https://web.archive.org/web/20081011191438/http://safetycenter.navy.mil///ORM/index.asp" target="_blank">https://web.archive.org/web/20081011191438/http://safetycenter.navy.mil///ORM/index.asp</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>"Committee Draft of ISO 31000 Risk management" (PDF). International Organization for Standardization. 2007-06-15. Archived from the original (PDF) on 2009-03-25. <a href="https://web.archive.org/web/20090325160441/http://www.nsai.ie/uploads/file/N047_Committee_Draft_of_ISO_31000.pdf" target="_blank">https://web.archive.org/web/20090325160441/http://www.nsai.ie/uploads/file/N047_Committee_Draft_of_ISO_31000.pdf</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"Naval Safety Center ORM". Archived from the original on October 11, 2008. Retrieved November 4, 2008. <a href="https://web.archive.org/web/20081011191438/http://safetycenter.navy.mil///ORM/index.asp" target="_blank">https://web.archive.org/web/20081011191438/http://safetycenter.navy.mil///ORM/index.asp</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"Operational Risk Management - Time-Critical Risk Management". U.S. Navy. Retrieved 12 July 2009. <a href="https://ile-deers.nko.navy.mil/ELIAAS/logon/Welcome.jsf" target="_blank">https://ile-deers.nko.navy.mil/ELIAAS/logon/Welcome.jsf</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>Shukla, Narendra (2024-08-20). "What Is Operational Risk Management?". edwiseconsulting.com.au. Retrieved 2024-08-20. <a href="https://edwiseconsulting.com.au/operational-risk-management/" target="_blank">https://edwiseconsulting.com.au/operational-risk-management/</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>Shukla, Narendra (2024-08-20). "What Is Operational Risk Management?". Edwise Consulting. Retrieved 2024-08-20. <a href="https://edwiseconsulting.com.au/operational-risk-management/" target="_blank">https://edwiseconsulting.com.au/operational-risk-management/</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>Hemrit, Wael; Ben Arab, Mounira (2012). "The major sources of operational risk and the potential benefits of its management". The Journal of Operational Risk. 7 (4): 71–92. doi:10.21314/JOP.2012.115. <a href="http://www.risk.net/journal-of-operational-risk/technical-paper/2229517/the-major-sources-of-operational-risk-and-the-potential-benefits-of-its-management" target="_blank">http://www.risk.net/journal-of-operational-risk/technical-paper/2229517/the-major-sources-of-operational-risk-and-the-potential-benefits-of-its-management</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> </ol>