The term Operational Risk Management (ORM) is not new. It has been tossed about in businesses across North America for the last several years. ORM and the oft associated term Enterprise Risk Management (ERM) have generally been used as corporate buzzwords, business culture idioms referenced in board meetings and articulated during presentations. Recent developments, such as the creation of the Sarbanes-Oxley (SOX) Act in 2002 in response to growing financial scandals in the U.S., have brought Operational Risk Management, Enterprise Risk Management and related concepts from the backrooms to the forefront of corporate America.
The inescapable reality is that every single day businesses incur losses and experience operational disruptions due to failures by employees, incorrect implementation of processes and technologies as well as willful disobedience to internal controls. These losses may be manifest in the form of uncollectible receivables from disappointed clients, lost sales due to call center failures or unproductive employee downtime when computer systems are unavailable, or a host of other potential problems. While most businesses have developed ad hoc methods of dealing with such losses in the past, legislation (such as SOX and the Basel Accord) has made standardized compliance procedures much more complex. Thankfully, just as these new rules have given rise to increased awareness of ORM/ERM, new tools (including Risk Management software) have been developed to aid compliance efforts.
The new regime of Sarbanes-Oxley, under the direction of the Public Company Accounting Oversight Board (PCAOB) which is in turn accountable to the Security and Exchange Commission (SEC), has undoubtedly benefited the business world by providing a foundation from which to decrease corporate fraud. However, the complexity and associated technical, labor and administrative costs posed to business is also considerable. The realities of both individually large and collectively mundane errors resulting in loss, as well as the newly regulated reporting of those losses, affect virtually all areas of every business each and every day. Therefore, it is in each company's best interest to simultaneously find ways to cut losses while keeping regulatory compliance costs down. Hence the rebirth of Operational Risk Management/Enterprise Risk Management and the new demand for Risk Management software solutions.
Here is a 7 step method of the salient points to look at:
There are four principles that one should know. Accept risks when benefits outweigh costs. Accept no unnecessary risk. Anticipate and manage risk by planning. Make risk decisions at the right level.