Operational risk tries to identify and manage risks for people, processes, and systems; it is a discipline and behavior that needs to be put in place. As such, a framework to control the process is recommended. The framework is a set of integrated tools, processes, and mitigation strategies that assists a company in managing, measuring, and monitoring operational risk.
1. Governance,
2. Planning,
3. Execution,
4. Visibility, Optimization, and
5. Integration.
In this blog we will discuss the governance process.
Governance is the overall management approach through which senior executives direct and control the area of operational risk by using a combination of management information (e.g. KPI’s, reports, alerting mechanisms, etc.), and hierarchical management control structures. These activities ensure that critical information reaches the executive team and is sufficiently accurate, complete and timely to enable appropriate responses.
The UK Corporate Governance Code states that “good governance should facilitate efficient, effective, and entrepreneurial management that can deliver long term success for the company”
[1]
Thus, Risk Governance should not be just concerned with internal risk, but must include those risks to the business that are external to the company which
are integral to the company’s processes (e.g. suppliers, outsourcing partners, sub-contractor service providers, or other third party dependencies).
Not in the least, Risk Governance also includes the related risks that are truly outside of one’s control. How much risk is acceptable (and consequently the mitigation activities and costs) for natural events (hurricanes, earthquakes, floods, etc.)?
The consequences of the governance of operational risk should become integral in the day to day processes of operating, and everyone involved should be aware of their own risks, responsibilities, mitigation strategies, and accountabilities.
This posting is the sixth of a series of blogs discussing various factors of operational risk management as it pertains to manufacturing organizations. Please feel free to comment and discuss this series.
For those of you just joining this blog, here are links to the earlier postings:
[1] Financial Reporting Council, UK Corporate Governance Code, May 2010