Operational risk is gaining an increasingly high profile. In the UK, the Turnbull report recommended that listed companies should manage their operational risk explicitly; and the FSA includes operational risk in its new ARROW framework for risk assessment.
Historically (though the history is admittedly rather short), operational risk has received most attention from the banking industry. This is still evident in much of the published literature; often the authors simply assume that the industry in question is banking, without explicitly saying so. This can be confusing.
Definition
The FSA, following Basel, defines operational risk:
Operational risk is the risk of loss, resulting from inadequate or failed internal processes, people and systems or from external events.
This definition gives a reasonable idea of operational risk, but is not detailed enough for operational use. For purposes of risk identification, assessment, control and mitigation the definition must be refined so that it is a clearcut decision as to which risks are included and which are not.
In addition, the final phrase or from external events must be interpreted appropriately for the organization in question. For example, for a general insurance company the losses due to paying out claims for an earthquake should not be counted as an operational loss, whereas the losses due to the destruction of head office by the same earthquake should.
Resources
The following external links are relevant:
- Operational Risk, by Jack L King
- Financial Services Authority
- Report on Enterprise Risk Management
- Risk Management, by Andrew Holmes
- Turnbull Report
- Mastering Risk Volume 1: Concepts
- Sound Practices for the Management and Supervision of Operational Risk
- Operational Risk Data Collection Exercise – 2002
- Operational Risk in General Insurance
- Managing Operational Risk, by Douglas G. Hoffman
- Risk Management, by Michel Crouhy, Dan Galai, Robert Mark
- Mastering Risk Volume 2: Applications
- Paul Embrechts
- Operational Risks in Financial Services
- Managing the operational risks of user-developed software
- CP 142: Operational risk systems and controls
- CP140: The Interim Prudential Sourcebooks for Insurers and Friendly Societies and the Lloyd’s Sourcebook: Guidance on Systems and Controls
- PS140: The Interim Prudential sourcebooks for Insurers and Friendly Societies and the Lloyd’s sourcebook: Guidance on Systems and controls – Feedback on CP140 and ‘made’ text
- CP97: Integrated Prudential Sourcebook
- Building a framework for operational risk management: the FSAs observations
- CP190: Enhanced capital requirements and individual capital assessments for non-life insurers
- CP195: Enhanced capital requirements and individual capital assessments for life insurers
- Operational Risk. Measurement or Bust!
- Quantifying operational risk in general insurance companies
- Restructuring of prudential and systems and controls material in the FSA Handbook
- PS142_2: Building a framework for operational risk management: the FSA’s observations – Feedback on industry practice as we prepare to implement CP142
- PS142: Operational risk systems and controls – Feedback on CP142
- PS04/16: Integrated Prudential sourcebook for insurers