Notes Old site

Operational Risk

Operational risk is gaining an increasingly high profile. In the UK, the Turnbull report recommended that listed companies should manage their operational risk explicitly; and the FSA includes operational risk in its new ARROW framework for risk assessment.

Historically (though the history is admittedly rather short), operational risk has received most attention from the banking industry. This is still evident in much of the published literature; often the authors simply assume that the industry in question is banking, without explicitly saying so. This can be confusing.


The FSA, following Basel, defines operational risk:

Operational risk is the risk of loss, resulting from inadequate or failed internal processes, people and systems or from external events.

This definition gives a reasonable idea of operational risk, but is not detailed enough for operational use. For purposes of risk identification, assessment, control and mitigation the definition must be refined so that it is a clearcut decision as to which risks are included and which are not.

In addition, the final phrase or from external events must be interpreted appropriately for the organization in question. For example, for a general insurance company the losses due to paying out claims for an earthquake should not be counted as an operational loss, whereas the losses due to the destruction of head office by the same earthquake should.


The following external links are relevant: