Making Operational Risk Management (ORM) Work For You
Operational Risk Management (ORM) is a methodology for putting oversight and strategy into place, to effectively manage the risks which every business faces. Described as ‘the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events’, ORM covers all the risks that need to be managed for the business to sustain itself and its competitiveness. Businesses have had to transform rapidly in the past two years, and there is a general air of uncertainty in the environment. Companies have been able to achieve global outreach with the aid of technology, but this comes with a different set of problems.
Also, the supply chain – and its multiple, varied challenges – has become larger, more complex and extensive. Ideally, an organisation will want to achieve all the objectives it has set out in its mission and vision but the reality may differ somewhat. A good starting point will be the prioritisation of risks, and aligning these to the firm’s existing resources. Calculating a risk in terms of costs and benefits is one way of enabling the targeting of mitigation efforts. But to really put ORM in place effectively, the backing of the organisation’s top management and leadership is a must. This needs to be supported by an organisational risk culture, and employees who are trained in risk-based thinking.
Completely eliminating operational risk is not possible; the focus should therefore be on reduction and mitigation. ORM needs to be an ongoing activity because risks are constant and dynamic. Also, there may be repercussions that are difficult to quantify, such as disruptions to delivery schedules that annoy customers and damage the organisation’s reputation. Tools and techniques which work for one situation may not work for another. Hence the risks (and opportunities) that need mitigation have to be assessed based on the best information available at the material time. Stakeholders expect the best solutions. Thus, stringent documentation and regular communication are imperative.
Besides starting the process of developing an ORM strategy by cultivating an in-depth understanding of the organisation, valuable lessons can also be learned, for instance, from the chain of causality that resulted in the firm’s financial or reputational loss. Hence the need for proper, accurate, and complete documentation, as this kind of information supports decision-making. It also helps in identifying the right kind of controls to put in place for mitigation, and can indicate when accepting the risk may be more beneficial than bearing the cost. Ensuring ORM works for the firm means thorough planning, in addition to comprehensive understanding.
The benefits of ORM are extensive. It helps the organisation improve the reliability of business operations and the effectiveness of risk management, besides strengthening the decision-making process where risk is involved. It also has the ability to reduce losses caused by poorly managed or poorly-identified risks, and identify possible fraud and other unlawful activities. This ultimately results in lower compliance costs and reduction in potential damage from future risks. Best practices in ORM abound but it is ultimately up to the company itself to decide what will work for it, and how it will ensure that the right measures are put in place to keep it sustainable, growing and competitive.