Today, effective Risk Management is vital for any organization, owing to several factors including, changing regulatory, and legal requirements, ever-evolving technology, globalization, governance, expensive insurance costs, and the attitude of stakeholders. Operational risk, in the context of risk management, has become more significant now, than ever before. The need of the hour is for organizations to embed an effective Operational Risk Management (ORM) system in an ERM framework.
According to Risk Management Association (RMA):
So, how do we define operational risk? According to Basel IIi, it is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. It includes legal risks, but excludes strategic and reputation risk.
Now, what is Enterprise Risk Management (ERM)ii? ERM is the process of planning, organizing, leading and controlling the activities of an organization to minimize the effort of risk on the organization's capital and earnings. By identifying and addressing risks and opportunities, organizations can protect and create value for stakeholders. ERM also equips management to effectively deal with potential future events that create uncertainty.
The Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Enterprise Risk Management-Integrated Framework iii published in 2004 defines ERM as a "process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." The COSO ERM Integrated Framework discusses key ERM principles and concepts, helps unify the ERM language across the organization, and provides clear direction and guidance for ERM.
Five Steps to Risk Control Self Assessment (RCSA)