It is difficult for companies to maintain perfect resilience given the complexity of emerging risks and the volatile nature of new catastrophic disruptions. However, organizations need to allocate resources to prepare, as best as possible, for incidents and impending crises – especially after learning how a disruption like COVID-19 can impact their business. Integrating operational risk management is vital to the health of an organization. At Fusion, we believe that to achieve a more impactful level of operational resilience, organizations should focus on a restored vision of operational risk and begin actively breaking down program silos.
The Basel Committee set forth the following definition for operational risk: the risk of impact, loss, or disruption resulting from inadequate or failed internal processes, people, and technology or from external events. In its simplest form, operational risk can be defined as the risk of doing business. Operational risk management aims to provide a risk-informed perspective in the way that the organization does business, navigates change, responds to compliance obligations, and operates internally. While there are often pieces of operational risk segmented or siloed into specific programs throughout the organization, operational risk management maintains enterprise-wide applicability and should be promoted as an integral function. After all, it encompasses processes, people, and technology – the majority of assets and entities that comprise the enterprise.
Operational risk impacts and influences the entire organization. As such, operational risk programs need to become more connected to the entire suite of risk and continuity perspectives. With operational risk, the organization should avoid viewing the program only from a compliance or regulatory perspective, focusing solely on “checking-the-box” or preparing for a situation when regulators or auditors examine your program. The myriad of organizational data and operational understanding that is maintained and collected by operational risk programs should be empowered to inform strategic business direction.
Beginning to integrate operational risk perspectives into third-party, business continuity, or incident management programs can change the perception of these functions as singular risk prevention gatekeepers to strong strategic partners that encourage better risk taking and accelerate competitive advantages. This is why operational risk management must focus on using cross-functional data and perspectives to create a program that can respond to the dynamic environment in which the business operates.
The mantra – when it comes to breaking down silos – is to think collectively and act collaboratively. Organizations should focus on creating a shared information foundation that expands across the entire organization, as well as connecting and integrating different programs including: operational risk, third-party risk, incident management, disaster recovery, and business continuity. Actively breaking down silos means that these programs communicate with each other, not only through technology and shared data, but through stakeholder conversations. Operational risk management can only be as impactful as required if it is meaningfully connected to these different programs.
Becoming more resilient as a business through operational risk management comes in three critical steps:
Find out how the Fusion Framework® System™ helps organizations create a shared information foundation, powering their operational risk management program.