Home
Fit For Fraud Blog
About About Us
Our Services
Our Approach
Client Testimonials
Electronic Risk Management Electronic Risk
Computer Forensics
Cellphone Forensics
Anti-Forensics
Data Analytics
Fraud Risk Management Fraud Risk
Fraud Prevention
Fraud Detection
Operational Risk Management Operational Risk
Community Contact Us
Downloads
Stay In Touch
Anti Fraud Tribe
Exactech in the News
White Collar Crime

Operational Risk Management

"Every morning an Impala wakes up, it knows it must run faster than the fastest lion or it will be killed.

Every morning a Lion wakes up, it knows it must run faster than the slowest Impala or it will starve to death.

It doesn’t matter whether you are an Impala or a Lion, when the sun comes up, you better start running!"

African Proverb

What is Operational Risk Management?

According to Wikipedia, Operational Risk Management (ORM) is defined as:

“... a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational risk, including the risk of loss resulting from inadequate or failed internal processes and systems, human factors or from external events.”

Broken down further, Operational Risk is defined as:

“...a risk arising from execution of a company's business functions. As such, it is a very broad concept including e.g. fraud risks, legal risks, physical or environmental risks, etc.”

Although ORM is more commonly used in the Financial Services / Banking spheres under the Basel II Accord, the reference to the seven operational/event type categories all have merit for any business to look at, should they be serious about the ‘risk in their operations’, namely:

1. Internal Fraud – Misappropriation of Assets, Tax Evasion, Intentional Mismaking of Positions, Bribery

2. External Fraud – Theft of Information, Hacking Damage, Third-Party Theft and Forgery

3. Employment Practices and Workplace Safety – Discrimination, Workers Compensation, Employee Health and Safety

4. Clients, Products and Business Practices – Market Manipulation, Anti-Trust, Improper Trade, Product Defects, Fiduciary Breaches, Account Churning

5. Damage to Physical Assets – Natural Disaster, Terrorism, Vandalism

6. Business Disruption and System Failures – Utility Disruptions, Software Failures, Hardware Failures

7. Execution, Delivery and Process Management – Data Entry Errors, Accounting Errors, Failed Mandatory Reporting, Negligent Loss of Client Assets

"The first duty of business is to survive, and the guiding principles of business economics is not the maximising of profits, it is the avoidance of losses"

- Peter Drucker

How does this ‘fit in’ with Exactech’s Services?

In the success of any business - irrespective of size - the manner in which the management of that business has viewed their B.R.T. (Business Risk Tolerance) determines to a very large and certain degree the profits that they make against a backdrop of a risk/reward acceptance. Additionally, it will also determine the extent of fraud that is perpetrated against that organisation – depending on various internal and external factors that are at play within that organisation.

In the introduction of a holistic Fraud Risk Management Intervention or Strategy, the true understanding of how an organisation manages (or not) its risk, will determine the success of whatever aspect of Exactech’s services you may request from us.

As a business, if you truly have identified, recorded and placed an action plan in place to mitigate or reduce these risks to an acceptable level, then you would be aiming to at least create a ‘no surprise risk environment’. Often because of a lack of understanding of how fraud can and does affect your organisation, people are surprised when fraud happens.

If you are lacking in an approach regarding the Governance, Risk Management and Compliance (GRC) of your organisation, then to introduce a holistic Fraud Risk Management Strategy will be problematic.

So how can we help you from an Operational Risk Management perspective?

At Exactech, we are fortunate that one of our Directors has spent the last 3 years and 3 months implementing the Operational Risk Management framework at a Financial Services company. With this specific operational risk management experience, amongst the total experience of 16 years spent across the internal audit, fraud risk management, business continuity management and even security risk management space, this enables us to view your business better.

You know your business, we know ours.

Until everybody within your organization understands that risk management is everybody’s responsibility and not just a select few, the role of a risk manager will remain that of a ‘fire fighter’, never really solving the fire, just putting out the flame for today! At the best, you will find pockets of excellence amongst the various business divisions or departments or teams, whilst most see risk management as a time-consuming exercise of little to no value.

At Exactech, we do not come with a new risk management standard or approach – just a fresh perspective on risk - as we believe that you are there to run your business and manage the risks that come with it. Our role is to enable the true creation of value in the risk management role by doing the following:

• Understanding your world – environment, culture, protocol, frameworks

• Determining your level of risk readiness – business lifecycle, risk maturity, control environment, risk appetite, risk reporting, risk treatment, risk monitoring

• Providing you with a ‘X-ray’ of your risk universe as we see it from the four corners of People, Process, Data and Technology (our approach)



Return from Operational Risk Management to Exactech Home Page


Copyright 2008-2011 Exactech-fraud-solutions.com