Damage Control: Best Practices for Operational Risk Management


Most companies know there will be some internal problems due to worker errors, system failures, fraud and other problems that disrupt business. As scary as that sounds, there are specific ways to handle operational risks, or even prevent them to minimize the damage to the reputation of your business.

According to, Riliance Software Limited, operational risk is due to a company’s own internal activities. The risks can also include inadequate or procedural risks, as well as system or policy failure risks. They recommend creating an operational risk management (ORM) plan starting by evaluating your risks. Once you know what they are, you can then go ahead with your ORM plan.

    1. Navigating Your Risks: Mapping a Strategy

The first step in risk identification is to list all possible risks that your business may encounter. The scope of your ORM framework will help you do this, so expect it to grow as you work on the ORM plan. Some risks come from the following:

    • Vendors
    • Internet Technology
    • Compliance
    • Financial Reporting
    • Processes and Systems

ORM planning means thinking about disaster recovery, business cohesion, compliance and data security. Produce a risk map that clearly outlines every scenario your company may face. Keep in mind that most operational risks are due to the following factors:

    • Human Error
    • Criminal Activity
    • Internal System Failure
    • Weather or Other Disruptive Events

Look at each of these factors and then create a strategy to handle all possibilities. Collect all the risks and list how they relate to each other, such as:

    • Regulations
    • Controls
    • Policies
    • Procedures
    • Tests and Indicators
    1. Create the Foundation for a Rock Solid ORM Plan

The second step is to create a solid foundation that includes:

    • Risk & Control Self-Assessment – RCSA determines the main operational risks to your business, so you will be able to target which have the most impact on your business.
    • Key Risk Indicators – You can use KRIs to create the basic framework for reporting problems and measure operational risks consistently across your company. They should help you monitor issues, and even give you an early warning of problems or control issues that may be lurking just below the surface.
    • Loss Events – Loss events helps you identify and analyze your operational losses to minimize negative consequences. Use it to do root cause analysis and create complete reports to help identify even more risks and fixes in order improve your ORM plan over time.
    • Issue Management – This step is to record any issues that link to risk assessment, such as loss records, ad-hoc issues, key risk indicators and internal and compliance audits. It is also helpful for assigning tasks, prioritizing and set completion dates, as well as identifying and documenting all subsequent actions.
    1. Connect All ORM Procedures

The third step is to create reports for each operational risk that go to management to help them connect all ORM processes. This ongoing process will help indicate where the risk assessments fell short or the company experienced surprise losses after an event. They will assign the right team to each risk and solution, too.

    1. Setting the Scene: Key Risks

The fourth step targets the key risks and encourages collaboration between departments and managers. Scenario creation and capital calculation is also a part of this step. Identifying the causes of risks, what happens during a situation and how your staff reacts to each is key. Use the data from all your ORM processes, as well as the scenario process to determine your operational risk capital, too.

    1. Presentation Perfection

The fifth step is to present your reports on the key risks and scenarios to upper management to compare them to the risk appetite statement your board of directors or senior staff has compiled. Here is where your second step comes into play, which will focus the needs of your company better in your ORM plan.

Use this step to make the final adjustments and strategic changes to mitigate risks even further by linking the risk to the strategy, and then communicating all processes to your higher ups.

    1. Involving Your Business and Audit Teams

Your ORM plan should go under review by your audit and business teams from the beginning; however, once it is completed and ready to use, they need to give it a final read in this final step. They will make sure that all processes address their requirements, and that they will operate smoothly by making sure communications between all teams are effective.

In their report, “Update to Sound Practice Guidance – Risk Control Self Assessment,” the Institute of Operational Risk states, “There is no “one-size-fits-all” approach to the management of operational risk. However by drawing on the experience of practicing risk professionals, it is possible to identify examples of good practice.”  Once you finish your ORM plan, you can use it to balance the weight between risk and opportunity. This way you will know what steps to take to help your business continue to be a solid success in today’s marketplace.

Alana Aston is an operations manager at a busy auto parts supplier. In her spare time, she enjoys blogging about the things she learns on the job.

Share small business news, blogs and social media tips with Project Eve’s community of small business owners and entrepreneurs today. Our contributors come from a wide range of backgrounds; so whether you are a small business owner, social media strategist, financial adviser, serial entrepreneur, or write an amateur blog we urge you to contribute a blog to our 500,000+ community today. For more information, please refer to our Content Submissions Guidelines.

Add a Blog


  1. Just want to say your article is as amazing. The clarity in your post is simply great and i can assume
    you’re an expert on this subject. Well with your permission allow me to grab your
    feed to keep updated with forthcoming post. Thanks a million and
    please keep up the gratifying work.

  2. Hello there, I discovered your web site via Google even as looking for a related
    topic, your website came up, it appears great. I’ve bookmarked it in my google bookmarks.

    Hi there, just turned into aware of your weblog through Google, and found that it’s truly informative.

    I’m gonna watch out for brussels. I’ll be grateful should you continue this in future.
    Numerous other people will likely be benefited out of your writing.

  3. Great article! That is the type of information that are supposed to be shared around the
    web. Shame on Google for now not positioning this submit upper!

    Come on over and visit my web site . Thanks =)

  4. I really love your website.. Pleasant colors & theme.

    Did you develop this web site yourself? Please reply back as I’m looking to create my own personal blog and
    would like to find out where you got this from or just what the theme is called.

    Many thanks!

  5. Hi there! I could have sworn I’ve been to this blog before
    but after going through a few of the articles I realized it’s
    new to me. Anyways, I’m certainly happy I stumbled upon it
    and I’ll be book-marking it and checking back often!

  6. This is really interesting, You are a very skilled blogger.
    I’ve joined your feed and look ahead to seeking
    more of your great post. Also, I have shared your web site
    in my social networks

  7. you are truly a just right webmaster. The site
    loading velocity is amazing. It seems that you’re doing any unique trick.
    Furthermore, The contents are masterpiece. you have done a excellent task in this subject!

  8. Hello there, I discovered your website by means of Google whilst
    searching for a similar matter, your website got here up, it
    appears to be like good. I’ve bookmarked it in my google
    Hi there, simply became aware of your blog through Google,
    and located that it is truly informative. I’m going to watch
    out for brussels. I will appreciate in case you proceed this in future.
    Many people might be benefited out of your writing.

  9. Great beat ! I wish to apprentice whilst you amend your site, how can i subscribe for a weblog web site?

    The account helped me a acceptable deal. I have been a little bit acquainted of this your broadcast offered shiny clear idea


Please enter your comment!
Please enter your name here