Operational risk relates to losses resulting from inadequate or failed internal processes, people and systems, or external events. These may occur in an organisation’s day-to-day operations, and may involve internal resources and systems, procedures and the organisation’s employees. Operational risk may also result in data loss, equipment malfunction or high staff turnover. These could all impact negatively on the business, and, by extension, how the organisation is able to implement its strategy. Risks like these need to be reduced or mitigated so that the business will be impacted as little as possible, should they occur.
The firm’s internal practices, policies and systems may not adequately prevent losses, as environmental conditions are also in play. However, if operational risks are allowed to carry on unmitigated over a period of time, the firm may see substantial losses. For instance, occasional instances of pilferage may occur but staff may not report these due to oversight issues or the lack of controls. If these ‘small’ instances continue, they could snowball into big losses for the firm, and more serious impacts, such as reputational damage in the long term.
12 The IERP® Monthly Newsletter December 2021