Although traditionally stove-piped within an organization, different operational risks share many common elements, providing an opportunity to consolidate ORM into a single all-hazards approach, one that is holistic and systematic.
A key first step is for an organization to perform an ORM physical, enabling the identification of reasonably foreseeable risks, benchmarking the current status of the ORM program, revealing gaps where the organization is vulnerable, and developing cost-effective strategies to address these gaps.
Based on recent historical events and changing conditions in our world, bringing ORM to the forefront of an organization is more important now than ever before.
Operational Risk Management: A Definition and a Strategy
For the purpose of this discussion, Operational Risk Management (ORM) is considered to be the policies, methods, practices, and institutional culture that enable an enterprise to understand, prioritize, and control risks that threaten the well-being of the organization, its business partners, communities in which it operates, and society at large.
The cost of poor operational risk management can be excessive, considering that the occurrence of undesirable events can lead to fatalities and injuries; property loss; business interruption; clean-up, remediation and disposal; fines and penalties; future inspections; new regulations; long-term human health effects; environmental degradation; damaged investor, insurer, supplier, and customer relations; and loss of public confidence. By contrast, the cost of good operational risk management may be limited to investment in risk management benchmarking and needs assessment; resources allocated to control high-priority risks; and ongoing costs associated with ORM performance monitoring and evaluation.
The Need for an All-Hazards Approach
In many organizations, the approach to dealing with operational risks is stove-piped, with different entities having responsibility for different hazards. For example, environmental health and safety worries about toxicity exposure, legal is concerned with liability, human resources focuses on occupational health, executive management has its eye on business continuity, risk management addresses insurance, and research and development cares about design failure. As a result each group has its own priorities, separate resources are used to address each problem, and there is limited coordination. Yet, while each threat may seem quite different, when one takes a closer look at how these events evolve, there is remarkable similarity; that is, a pattern or “recipe” for disaster emerges. This situation begs for the adoption of a single “all-hazards” ORM approach, a process that is holistic and systematic in nature.
- Page 1 of 4
- Next section Risk Factors