4 operational risk factors
written by Juan Pablo Calle, On March 28, 2020
Here are the main operational risk factors to keep you alert and know how to avoid them.
Operational risk is the possibility of losses occurring as a result of a failure, deficiency or inadequacy of internal processes, people, systems or external events.
This definition of operational risk includes legal risk, which is the one caused by any failure in the contracts signed by the institution and the sanctions or compensation resulting from damages to third parties.
Although there are different types of operational risk, they can all be triggered by similar factors. Here are some of them.
Operational risk factors
There are some operational risk factors that must be considered by organizations:
One of the operational risk factors refers to the activities carried out by individuals, whether due to the competence, ethical conduct or attributions of a staff member.
When an employee has access to transactions that are not within his/her competence, he/she may change sensitive information or have confidential customer or company data at his/her disposal, which may result in fraud, theft, sabotage, etc.
Lack of segregation of functions
One of the principles of internal control of a company is the segregation of functions. This consists of separating the activities so that the responsibilities of one or several areas of the company do not fall on a single person. This way, no single staff member should manage all the stages of a transaction.
When functions are not segregated, a user could access transactions to perform unauthorized or fraudulent actions. That is why it is considered an operational risk factor.
Many banks, such as JP Morgan Chase, Barings Bank or Société Générale, have suffered heavy losses due to the inadequate segregation of functions.
User and password administration
A company's systems, infrastructure, storage availability and network processing are operational risk factors.
In this sense, if a user accesses information systems that are sensitive to the company or has access to users or passwords that are not under their responsibility, it may increase the risk of loss of confidentiality or expose the data to unauthorized changes.
Flows or development stages of products or services, as well as internal customer records or transactions that have not been entered correctly in the system can give rise to potential operational risk.
This same category of operational risk factors includes transactions that have been recorded incompletely, with inaccurate information or outside the corresponding accounting period. When incorrect data entry formats are used or recorded without prior comparison with existing data, accounting records can be seriously affected.
A good practice for managing operational risk factors and mitigating their impact is through the design and implementation of risk indicators. Click below and download our free KRI guide.