Aligning Operational Risk Management Frameworks to Appetites

Michael Grimwade

“You don’t get any credit for disaster averted.”

Hank Paulson, Secretary of the US Treasury, 2006–9

Operational risk is categorised by Basel II into a series of events. These events are synonymous with risk, as a risk is the potential for an event to occur that has the potential for an adverse impact.11“Risk can be defined as the combination of the probability of an event and its consequences” (ISO/IEC Guide). There are a range of causes that increase the likelihood of an event, and also a variety of financial and nonfinancial impacts.

Operational risk managers have developed a portfolio of tools to manage operational risk that are focused on understanding the firm’s profile, ie, causes, preventative, detective and mitigating controls, events/risks, and financial and nonfinancial impacts. This is illustrated in the “butterfly” diagram in Figure 11.1.

Figure 11.1

Tailoring these tools in line with a firm’s appetite for operational risk is very challenging because of the near-infinite complexity of the relationship between causes, controls and risks. Consequently, it has to be based on experience and judgement, and requires board-level engagement and approval of an operational risk

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: