What is Operational Risk?

Operational Risk

Operational risks arise from inadequate or failed internal processes, people and systems, or from external events [1]. They include: fraud, security failure, legal breaches, physical (e.g. infrastructure failure) or environmental risks. Operational risks affect client satisfaction, an organisation’s reputation and its relationship with its stakeholders, and shareholder value. It increases volatility of operating costs and earnings. Unlike credit and market risks, operational risks are usually not willingly incurred nor are they revenue driven, and are notoriously difficult to pin down and to quantify or measure reliably.

Categorising “operational” risks helps. It makes sense of the potential harm and helps creating the model structure and analytical framework necessary to assist addressing the risks and – importantly prioritise management time. Operational risks fall broadly into either internal or external event risks;

Internal risks include;

  • Systems & Process – including regulatory and legal compliance
  • Health & Safety
  • Environmental
  • Fraud & Reputation
  • Strategic Risk

External event risks include;

  • Accidental – Industrial accidents such as fires and explosions
  • Intentional – Terrorism and sabotage
  • Disease – Human (e.g. Pandemic Flu) or Animal (e.g. Foot & Mouth)
  • Geological – Volcanoes, Earthquakes and Tsunamis
  • Weather and environmental – Flooding, storms, drought, and heat-wave

Mitigation and risk tolerance

Operational risk is a broad discipline. Key risk mitigation includes good governance and high ethical standards, effective reporting, strategic planning and quality management techniques.

However, many operational risks cannot be avoided, contracted away or insured. So as long as people, systems and processes remain imperfect, operational risk cannot be fully eliminated.

Operational risk is, nonetheless, manageable, if;

  1. Make sure you have processes in place that identify and report them, and
  2. Know your “risk tolerance” – and keep the potential for losses within it.

What we do;

We put in place effective mitigations to operational risk, helping you identify and prioritise your operational risks. We will;

    • Establish risk reporting procedures,
    • Carry out strategic risk assessments,
    • Deliver quantified risk analysis ,
    • Undertake business process mapping ,
    • Provide Independent analysis and project risk appraisal,
    • Operational risk management training.

In addition we provide support for resilience planning, including the developing responses toolkits, and highlighting in advance those hidden dependencies that reveal themselves in a crisis, We develop and implement Business Continuity policies and plans.Jersey Coloured in

We have specific expertise advising and supporting on energy security and resilience, working for the States of Jersey and the Maltese electricity grid operator.


[1] Bank for International Settlements, Basel Committee – Operational Risk