Operational Risk and Resilience

To be effective, operational risk management needs to find expression in an organizational framework. Until now, managing operational risk in any systematic fashion has been very difficult. Although line managers may have been well intentioned in controlling risk in their separate functions, the absence of frameworks and all-round risk awareness from an enterprise-wide perspective has made it difficult to mitigate risk in any systematic sense.
There are two approaches to establishing effective operational risk management frameworks. The first considers the practical, basic reasons why frameworks are essential. For example, a framework should institutionalize a process where risk is managed consistently, rather than arbitrarily. It should direct people towards a common goal and understanding. And it should involve a clear division of labour and reporting lines.
These are all important objectives. There are very real dangers in not formalizing a framework. At worst, organizations remain far more vulnerable to the impact of one risk causing far more damage than it should. At best, poor integration of risk within an organization means key risk areas may be missed out. Integrated risk management requires a framework where a number of different factors can be appraised at the same time. These factors include strategy, policies, organization, culture, management processes, and supporting infrastructure.
Throughout the 1990s, the increasing influence of corporate governance issues has made the issue of internal control an essential business process. A number of well-publicized corporate failures - notably the collapses of BCCI and Polly Peck in the early 1990s in...