4 operational risk factors

In this article we tell you what the main operational risk factors are so that you can take them into account and avoid them in your organization. 

Operational risk is the possibility of losses occurring as a result of a failure, deficiency or inadequacy of internal processes, people, systems or external events.

This definition of operational risk includes legal risk, which is the risk caused by any failure in the contracts signed by the institution and the penalties or indemnities resulting from damages to third parties.

Although there are different types of operational risk, they can all be triggered by similar factors. We will tell you what they are below.

Operational risk factors 

There are some operational risk factors that should be considered by organizations:

1. Human resources 

One of the operational risk factors is the activities carried out by individuals, whether due to the competence, ethical conduct or attributions of an employee.

When an employee has access to transactions that are not his or her responsibility, he or she may be able to change sensitive information or have access to confidential customer or company data, which may result in fraud, theft, sabotage, etc. 

2. Lack of segregation of duties 

One of the principles of internal control of a company is the segregation of duties. This consists of separating activities so that the responsibilities of one or several areas of the company do not fall on a single person. In this way, no single official has to manage all the stages of a transaction.

When there is no segregation of duties, a user could access transactions to perform unauthorized or fraudulent actions. Therefore, it is an operational risk factor.

Many banks, such as JP Morgan Chase, Barings Bank or Société Générale Bank, have suffered heavy losses due to inadequate segregation of duties. 

3. User and password management 

A company's systems, infrastructure, storage availability and network processing are operational risk factors.

In this sense, if a user accesses information systems that are sensitive for the company or has access to users or passwords that are not his or her responsibility, the risk of loss of confidentiality or exposing data to unauthorized modifications may be increased. 

4. Process failures

Flows or stages of product or service development, as well as internal customer registration or transactions that have not been correctly entered into the system may give rise to a potential operational risk.

This same category of operational risk factors includes transactions that have been recorded incompletely, with inaccurate information or outside the corresponding accounting period. When data is entered in the wrong format or recorded without checking against existing data, it can seriously affect the accounting records.

To manage operational risk factors, as well as these types of risks, it is advisable to have a technological solution such as Pirani, which allows the identification, evaluation, control and constant and efficient monitoring of these risks that can have a negative impact on the organization. Likewise, a good practice is to design and establish key risk indicators.

Risk indicators help us to make tangible the measures that must be implemented to mitigate a possible risk or correct an event, thus optimizing the company's management and performance. They help us to set the context of what needs to be done and the specific activities that will help make it happen.