Operational risk management

The term Operational Risk Management (ORM) is defined as a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational risk, including the risk of loss resulting from inadequate or failed internal processes and systems; human factors; or external events.

The U.S. Department of Defense summarizes the principles of ORM as follows:

The International Organization for Standardization defines the risk management process in a four-step model:

This process is cyclic as any changes to the situation (such as operating environment or needs of the unit) requires re-evaluation per step one.

The U.S. Department of Defense summarizes the deliberate level of ORM process in a five-step model:

The U.S. Navy summarizes the time-critical risk management process in a four-step model:

The three conditions of the Assess step are task loading, additive conditions, and human factors.

This refers to balancing resources in three different ways:

This is accomplished in three different phases:

The role of the Chief Operational Risk Officer (CORO) continues to evolve and gain importance. In addition to being responsible for setting up a robust Operational Risk Management function at companies, the role also plays an important part in increasing awareness of the benefits of sound operational risk management.

Most complex financial institutions have a Chief Operational Risk Officer. The position is also required for Banks that fall into the Basel II Advanced Measurement Approach "mandatory" category.

The impact of the Enron failure and the implementation of the Sarbanes–Oxley Act has caused several software development companies to create enterprise-wide software packages to manage risk. These software systems allow the financial audit to be executed at lower cost.

...
Wikipedia