Operational Risk
An organization's "operational risk" is not something that can be avoided. It arises simply because the organization is in operation (i.e. doing business). Despite the fact that the risk cannot be removed, there are ways in which it can be minimized or mitigated (Alexander & Sheedy, 2005). These ways generally come from establishing controls that work well with the organization and its operations. The key is to avoid being too restrictive while still ensuring that the most important areas of the organization are protected and cared for properly (Alexander & Sheedy, 2005). One of the best ways to mitigate risk is through a good plan for business continuity. There are so many different types of operations risks that a business continuity plan must be very comprehensive. It should consider fraud, legal risks, environmental risks, and physical risks (Gorrod, 2004). By addressing all of them, the plan will be more likely to actually protect the company from harm if there is a breach of security or if the organization encounters a problem which could otherwise bring down its entire business or structure and harm its long-term prospects.
Because operational risk can come about from external events but also from failed internal processes, systems, and people, the way it is managed is different from the way other risks are handled (Alexander & Sheedy, 2005; Gorrod, 2004). Many risks can be addressed on only one level or in only one area of the organization. Operational risks, however, are all-encompassing in that they require more insight into the overall workings of the organization instead of only a specific area (Gorrod, 2004). The goal then becomes to determine how much operational risk a company is taking and whether that risk will require a specific type of continuity plan that is tailored toward mitigation of a particular kind of risk. Overall, business continuity plans should be prepared to handle almost anything. However, there are many types of plans that can help a business continue when a crisis has occurred. Some plans naturally lend themselves more toward specific types of operational incidents, and those should be carefully considered.
Another aspect of operational risk is how much risk a company is prepared to accept when it comes to its objectives (Gorrod, 2004). All companies and organizations have objectives they want to meet. With those objectives come a certain level of risk. That leaves the organization to decide if it wants to take the risk that comes with its objectives, or if it wants to change its objectives so that its risk will be lessened. Either way can be acceptable depending on what the organization needs to accomplish, but one way may be significantly more beneficial to the organization than another way. If the organization does not have a good business continuity plan, the level of operational risk it takes should be lower (Gorrod, 2004). Organizations with better continuity plans can consider more risk, because they have the backups in place to handle things if something should go wrong at a later date.
You’re 75% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.