What is Operational Risk?

Operational Risk

Operational risks arise from inadequate or failed internal processes, people and systems, or from external events [1]. They include: fraud, security failure, legal breaches, physical (e.g. infrastructure failure) or environmental risks. Operational risks affect client satisfaction, an organisation’s reputation and its relationship with its stakeholders, and shareholder value. It increases volatility of operating costs and earnings. Unlike credit and market risks, operational risks are usually not willingly incurred nor are they revenue driven, and are notoriously difficult to pin down and to quantify or measure reliably.

Categorising “operational” risks helps. It makes sense of the potential harm and helps creating the model structure and analytical framework necessary to assist addressing the risks and – importantly prioritise management time. Operational risks fall broadly into either internal or external event risks;

Internal risks include;

  • Systems & Process – including regulatory and legal compliance
  • Health & Safety
  • Environmental
  • Fraud & Reputation
  • Strategic Risk

External event risks include;

  • Accidental – Industrial accidents such as fires and explosions
  • Intentional – Terrorism and sabotage
  • Disease – Human (e.g. Pandemic Flu) or Animal (e.g. Foot & Mouth)
  • Geological – Volcanoes, Earthquakes and Tsunamis
  • Weather and environmental – Flooding, storms, drought, and heat-wave

Mitigation and risk tolerance

Operational risk is a broad discipline. Key risk mitigation includes good governance and high ethical standards, effective reporting, strategic planning and quality management techniques.

However, many operational risks cannot be avoided, contracted away or insured. So as long as people, systems and processes remain imperfect, operational risk cannot be fully eliminated.

Operational risk is, nonetheless, manageable, if;

  1. Make sure you have processes in place that identify and report them, and
  2. Know your “risk tolerance” – and keep the potential for losses within it.

What we do;

We help put in place effective mitigations to much operational risk. We help you identify and prioritise the operational risks you face by;

    • Establishing risk reporting procedures, we deliver a bespoke system development with our partner VuePoint Solutions
    • Carrying out strategic risk assessments,
    • Delivering quantified risk analysis using tools such as Palisade’s DecisionTools Suite,
    • Undertaking business process mapping using tools such as Microsoft Visio,
    • Providing Independent risk analysis and project appraisal, (RAMP, Third Edition)
    • Operational risk management training.


In addition we provide support for a range of energy resilience issues, including the planning of responses to an energy incident, in the process highlighting the often hidden inter-dependencies that exist, as well as the development and implementation of Business Continuity policies and plans.Jersey Coloured in

Furthermore we advise and support on the whole area of energy security and resilience, and in doing so ensuring that coverage of all the integrated aspects of this subjects provides greater value than the sum of its parts.


[1] Bank for International Settlements, Basel Committee – Operational Risk