There are variety of ways to define operational risk. One can find different definitions in different books and over internet. I will quote some of the most common and authentic definitions here for you to have a better understanding. In simple terms "An operational risk is defined as a risk incurred by an organization's internal activities".
From an academic point of view "A form of risk that summarizes the risks a company or firm undertakes when it attempts to operate within a given field or industry. Operational risk is the risk that is not inherent in financial, systematic or market-wide risk. It is the risk remaining after determining financing and systematic risk, and includes risks resulting from breakdowns in internal procedures, people and systems. "
A most famous and widely used definition of operational risk is the one written in the Basel II regulations. Basel II is the second of the Basel Accords, (now extended and effectively superseded by Basel III), which include recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. The Basel II Committee defines operational risk as "The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events." However, for internal purposes organizations are permitted to adopt their own definition but they should have a minimum set of elements from the Committee's definition.
Basel II divides operational risk into seven different event type categories which are as follow:
- Internal Fraud: Bribery, intentional mis-marking of positions, tax evasion and mishandling of assets
- External Fraud Hacking damage, theft of information, forgery and third-party theft
- Employment Practices and Workplace Safety: Workers compensation, discrimination, employee health and safety
- Clients, Products and Business Practice: Account churning, fiduciary breaches, product defects, improper trade, antitrust and market manipulation
- Damage to Physical Assets: Natural disasters, terrorism and vandalism
- Business Disruption and Systems Failures: Hardware failures, software failures and Utility disruptions
- Execution, Delivery and Process Management: Negligent loss of client assets, data entry errors, failed mandatory reporting and accounting errors
Today's class is over dear readers :). Now you can sit back and relax. I will discuss methods of operational risk management in the very next post. Stay in touch and keep visiting the Microcom IT's blog.