Risk management

Operational risk


Operational risk is the possibility of business operations failing due to inefficiencies or breakdown in your internal processes, people and systems. Human error and external events (such as regulatory changes) are a few of the common sources of such risk.

Types of operational risk

Operational risk focuses on how you accomplish things in your business. It is typically associated with how your business functions internally and broadly covers the following categories:

  • fraud - eg bribery, misuse of assets and tax evasion
  • other criminal activity - eg data theft, hacking, etc
  • workplace policies and safety - eg discrimination, staff health and safety
  • products and business practice - eg product defects or market manipulation
  • physical assets - eg vandalism, natural disasters, equipment maintenance, etc
  • business disruption - eg utility downtimes, IT system failures, etc
  • process management - eg accounting errors, data entry errors, non-reporting

These risks present varying levels of threat to business - from minor inconvenience to potentially putting its very existence in jeopardy. You should not underestimate the potential impact of operational risk.

Impact of operational risk

If operational risks materialise, they can cause significant damage to your business, including:

  • outright loss - eg costs of dealing with system failure or processing error
  • regulatory overhead - eg costs of audits or mandated investigations
  • reputational damage - eg as a consequence of fraudulent activity or unfair practices

Contrary to other types of business risks, operational risks are not typically revenue-driven or willingly incurred. Some organisations accept them as an unavoidable cost of doing business. However, you can reduce risk exposure and your operating costs by developing an operational risk management strategy for your business.

What is operational risk management?

Operational risk management is a continual process of assessing risks and implementing relevant controls that lead to either acceptance, mitigation or avoidance of risk. To manage operational risk, you must first understand the nature of your business and the particular risks associated with it. This understanding will help you to identify, assess, monitor and adequately control or mitigate the risks.

Effective operational risk management can also help to:

  • prevent unexpected operational loss
  • cut compliance or auditing costs
  • detect unlawful activities
  • minimise exposure to future risks

Find out how to evaluate business risks and structure your risk management process.

You can insure against certain operational risks to help provide additional protection against the cost of operational events. Find out more about business risk insurance.