The 5 stages of the operational risk management process
Por Juan Pablo Calle, en March 31, 2020
Learn the stages that an organization goes through in the process of operational risk management.
It is clear that all organizations have different strategic objectives and that the level of risk exposure also varies from one company to another. However, the risk management process always has 5 basic stages that determine the level of maturity of risk management within the entity.
Stage one: traditional basis
At this stage there is no formal structure to address the risks. Thus, when considering that risks are always present, risk managers act independently.
To verify losses, the compliance area relies heavily on internal audit. Since at this stage the risk culture is not widespread at all levels of the company, there is a total dependence on the quality and integrity of employees and shareholders to maintain adequate control of events.
Stage two: raising awareness
This stage of the operational risk management process is reached by companies that establish a specific area to manage risks. They define policies, responsibilities and supporting tools.
The resources available for managers to manage risk at this phase include the mapping of processes to identify risks and formalize controls, structuring of the loss history database, and the design of efficiency and profitability indicators.
Stage three: monitoring
After all risks have been identified, it is important to interpret their impact on business processes. At this stage of the operational risk management process, the current level of risk and the effectiveness of risk management functions are monitored.
Risk indicators, both qualitative and quantitative, as well as the goals or limits, are established in order to monitor them. Risk exposure measures are consolidated in a balanced scorecard to measure business performance in relation to risks. In this phase, management is decentralized across all areas of the organization and the risk culture is strengthened. In addition, monitoring ceases to depend on the compliance area and leaders are assigned to analyze and monitor processes and activities.
Stage four: quantification
This is one of the stages of the operational risk management process in which the organization achieves greater maturity. In this phase, the institution has a better understanding of its condition in relation to operational risk exposure.
Managers already have the ability to focus on quantifying risks and predicting future events. Therefore, they use more analytical tools that are based on real data, since the Stage 2 loss database now has enough information to make decisions.
Stage five: integration
The importance of operational risk management is recognized by all areas of the business, which are concerned with fully integrating the quantification of all risks of the organization, and are not limited only to considering operational risks. In this sense, quantification is applied to strategic planning and the improvement of process quality.
At stage five, the company will have already guided the development process of operational risk management according to the guidelines of the control bodies and met the requirements established by the Basel Committee.
Now that you know the characteristics of each phase, in which of the stages is your company in terms of its operational risk management process? Give us your opinion in the comment box at the end of the article!