Operational RisksDefined with Examples & More

Adiste Mae
Last Updated: September 22, 2022
Date Published: September 22, 2022

What is Operational Risk?

There is no perfect operating system or perfect business organization.

They may face different kinds of risks when performing their day-to-day operations and the risks related to business operations as a whole can be caused by internal and external factors.

Some risks are inherent and inevitable.

The risk that causes a huge impact on a business is an operational risk, whereby the primary operations are being disrupted due to such risk.

Examples of these are employee errors, connivance between employees or with the higher official to do fraudulent activities, the complexity of the business process, etc.

These risks can cause inefficiency in the business operation in the long run which translates to monetary losses.

Using Risk Management practices may prevent this type of risk. And if some factors are inherent, there are steps or guidelines to minimize the effect of such risk.

What are the Causes of Operational Risk?

operational risks

The causes of Operational Risk can be due to internal and/or external factors, and can include the following:

  • Situations beyond man’s control like earthquakes, calamities, or wildfires
  • World health crises such as the COVID-19 pandemic
  • Disasters brought about by men like terrorism, cybercrime, cyberterrorism, and any other activities with a criminal intent
  • Internal Factors like employee embezzlement, negligence, an employer-employee feud that may affect the workplace, discrimination, and other related fraudulent activities
  • External Factors like unfair market competition, violations of regulatory requirements, failure to submit reportorial requirements, breach of contract, market manipulation, etc.
  • New regulatory requirements or laws
  • Improper implementation of work policies (Management POV); lack of sense of obedience to work policies (Employee POV)
  • Outdated Information Technology (IT) systems and software
  • Factors that affect the supply chain
  • Mishandling cloud usage
  • Work policies that cause unequal treatment and benefits
  • Illegal practices
  • Flawed manufactured products
  • Man-made mistakes such as missed deadlines or mistakes in data recording
  • Lack of plan in internal processes

What are Examples of Operational Risks?

The causes of operational risks mentioned above may result in the following:

  • Management failure
  • Mismanagement of data
  • Financial loss, bankruptcy, insurance claims denial
  • Safety risks
  • Reputational risk
  • Damage to the IT infrastructure
  • Customer and management misunderstandings
  •  Arise to a legal obligation, fines, and penalties (for internal factors)
  • Arise to a legal obligation, fines, and penalties (for external factors)
  • Market competition disadvantage

How is Operational Risk Measured?

Operational risks can be measured using two different indicators: Key Risk Indicators and Relative Data.

However, evaluating risk factors would be difficult if the company is unable to collect the relevant data needed.

Companies that do not have the necessary software might be unable to capture all the data needed and then analyze the same.

In today’s digital age, management should invest in advanced technology or software that could potentially prevent risk factors in the company’s general operations.

Tracking risks using Key Risk Indicators will depend on the business industry a company belongs.

For the Banking and Finance Industry, it follows the Basel Committee on Banking Supervision (BCBS) which requires banks to set aside a contingency fund-like amount to cover operational risk expenses.

Operational risks are measured by companies through the following methods:

  • Regular monitoring of key risk indicators
  • Follow relevant statistical techniques
  • Use Scorecards
  • Analyze different possible operational risk scenarios with the help of experts in business and risk management
  • Monitor and evaluate customer complaints
  • Know the implications in case of failure to submit any regulatory and reportorial requirements like fines and penalties
  • Reputation risk assessment caused by a data breach or customer data leak

Basel II Event Categories

operational risk

BCBS created three Basel accords in 2004.

Basel II is the second of the banking accords that regulate international banking standards, while Basel III regulates a proper direct response when a financial crisis comes.

Meanwhile, the seven categories of operational risk in Basel II are:

Internal Fraud.

When an employee repeatedly misappropriated assets, intentionally mismarks positions, practices bribery, or any other dishonest and fraudulent acts, or unauthorized activities.

External Fraud. This refers to criminal and dishonest practices of outside parties such as information theft, damages due to hacking, third-party theft, and forgery.

Employment Practices and Workplace Safety. Refers to discrimination at the workplace, compensation paid to workers, and the health and safety of employees.

Damage to Physical Assets. Arises from natural disasters, or man-made disasters like terrorism, and vandalism.

Business Disruption and Systems Failures. Utility disruptions, or failures related to software and hardware.

Clients, Products, and Business Practice. Often caused by the failure (negligence or unintentional) of businesses in meeting their obligations towards their clients.

It can include aggressive sales practices, money laundering, accounting churning, product defects, etc.

Execution, Delivery, and Process Management.

This results from the failure of process management in terms of supplier or vendor relations, or other trade counterparties.

This includes errors in data entry and accounting, failure of mandatory reporting, misperformance of other tasks, failure of delivery, etc.

Challenges with Assessing Operational Risk

Companies may face difficulty in the assessment and management of operational risks due to the following:

  • Difficulty in data compilation.
  • The complexity of the operation process.
  • Operational risk factors continue to increase.
  • The overlapping operational risk with other relevant risk factors causes the assessment of risk very challenging.
  • Others think of this method as a repetitive measure and do not feel the need to cooperate.
  • Employees complain that monitoring operational risk is a time-consuming process.

Steps in Operational Risk Management

Some companies invest in operational risk management while others do not take such preventive measures seriously.

Listed below are the steps in operational risk management:

  1. Invest in studying what operational risk management is, and what are its scope, purpose, and function. The operational risk definitions vary from one industry to another industry.
  2. Designate an employee for the successful execution of operational risk management functions.
  3. Proper introduction and definition of each risk management function are needed for a good working relationship environment.
  4. Design well-planned monitoring and measurement of operational risk.
  5. Analyze the existing functions if they are necessary for better execution of operational risk functions, or if any additional IT and security functions are needed.
  6. The assigned personnel must secure the relative data in operational risk management.
  7. Working with another risk measure will help the team to formulate an effective operational risk management strategy.
  8. Identify and evaluate the related risks to amplify the necessary preventive measures.
  9. Define the different risk categories.
  10. Design the steps or process.
  11. Describe key risk indicators.
  12. Each department and personnel involved in risk management must do their respective duties.
  13. Measure the level of impact of the risk to address issues with a proper response. Changes should be monitored and management must decide whether to scale up or down.
  14. Study and analyze the risk tolerance of the company.
  15. Proper implementation of control measures.
  16. A company must conduct proper information dissemination regarding operational risk and how it will affect the organization as a whole. Educate employees on their roles to achieve the company’s goal.
  17. Evaluate the operational changes in the company since the establishment of operational risk management.
  18. Regular monitoring of operational risks. The company may use comparative measurement using historical data, trends, etc.

FundsNet requires Contributors, Writers and Authors to use Primary Sources to source and cite their work. These Sources include White Papers, Government Information & Data, Original Reporting and Interviews from Industry Experts. Reputable Publishers are also sourced and cited where appropriate. Learn more about the standards we follow in producing Accurate, Unbiased and Researched Content in our editorial policy.

  1. Marquette University "WHAT IS RISK MANAGEMENT?" Page 1. September 22, 2022

  2. Harvard "Rethinking Operational Risk Capital Requirements" Page 1 - 42. September 22, 2022