The COSO Framework for Internal Control
February 12, 2025
The structural functional approach to public administration is a term adapted from sociology and anthropology which interprets society as a structure with interrelated parts. This approach was developed by the celebrated anthropologist Malinowski and Radcliff Brown. So, according to them, a society has a structure and functions. These functions are norms, customs, traditions and institutions […]
What is Organization ? A common platform where individuals from different backgrounds, mentalities, educational qualifications, interests and attitudes come together to work towards a goal as well as earn bread and butter for themselves is called an organization. Every organization has a unique style of working often called its culture. Culture – The ideologies, beliefs […]
Nervous system protects our body from various dangers by following a sequence of interpretation and reaction to the stimuli. Endocrine system secretes chemicals called hormones throughout our body which influence our feelings, moods and behaviour. Endocrine system is composed of glands which is a group of cells that secrete hormones. Various glands perform various functions […]
Why Senior Leaders are Expected to be above Reproach and Role Models for Others Senior Leaders are supposed to be role models for the rest of the organization to follow and emulate. Moreover, they are the ones who articulate the organizational vision and actualize the mission for the Middle and Lower level employees and hence, […]
The basic laws of demand and supply work in the reinsurance market just as they work in other markets of the world. This means that when the price is lowered, the demand begins to rise and when the price is raised, the supply begins to rise. These laws are universal and also apply to reinsurance […]
There are several books that have been written about the steps that need to be undertaken in order to be able to be effectively able to implement operational risk management in an organization. However, a lot of companies fail in their endeavors. This is because very few studies have been conducted about mistakes that need to be avoided while implementing an operational risk management system. In this article, we have a closer look at some of the common mistakes which need to be avoided.
There are many companies around the world that are struggling with their risk management solutions. This is because of a simple reason that they consider risk management to be an activity independent of the operations and the overall strategy of the company. However, this is not true.
Companies that manage operational risk successfully consider this risk to be a part of their overall strategy. This is the reason that the balanced scorecard of these companies is often modified to include parameters about risk. The entire process is integrated with the overall management of the business and hence gets due attention from the top management.
The operational risk management mechanism is often designed to be reactive. This means that the operational risks are often identified or the data is reported only after the risk event has taken place. On the other hand, successful companies have a proactive approach. They do not wait for a risk event to occur before it is entered into the risk management system of a company.
They monitor the potential risks just as closely as they monitor actual loss events. The end result is that the organization becomes proactive. They can identify patterns and resolve issues before they become actual loss events
Studies into the success of operational risk management programs have shown that the more automated a process is, the more likely it is to succeed. Many times, while implementing the risk management program, the companies get intimidated by the costs involved.
Hence, they basically implement a stripped-down manual version of an operational risk management program. However, manual versions seldom work. This is because of the fact that in a manual process, the data is either collected in an ad-hoc manner or at periodic intervals.
On the other hand, in an automated process, the data is collected continuously. Since the quantum of data collected in more, better statistical analysis can be done and as a result, the whole implementation becomes more successful.
Also, if the monitoring is automated, the key risk indicators can be closely monitored. If it is observed that the key risk indicators deviate from the norm then an escalation process can also be set off immediately.
Having a clearly defined escalation process is vital to the success of any operational risk program. This means that firstly, the system should ensure that the escalations generated by the system are genuine escalations. There should not be any false positives being reported to the higher management.
Also, once the correct cases are identified, the escalation matrix should be clearly defined. The people working in risk management should know exactly which case needs to be escalated to whom. Also, the number of cases escalated to senior management as well as the manner in which these escalations were handled have to be monitored and reported.
The literature related to operational risk management is quite clear on one aspect. The aspect is that if you can’t measure a particular risk, odds are that you will not be able to manage it. This is because the inability to completely see a particular risk and to report it blindsides the organization.
The above adage is true. However, managers at many companies have been using this explanation to avoid work. They have not been trying to decode or manage risks that do not provide much data i.e. they are opaque.
Many times organizations cannot avoid such functions. Even though they are complicated and opaque, these functions often form an integral part of the overall business of such organizations. Hence, if the management does not find innovative ways to collect data and monitor the risk, odds are that the operational risk management system of such an organization will fail since it will not be able to manage the required risk.
The bottom line is that there are several steps that need to be taken correctly in order to ensure that an operational risk management system works effectively in a company. Over the years, several companies have tried to implement these systems. Some of them have failed.
The cumulative knowledge of the common causes that have led to these failures has been listed above so that other companies can learn from these mistakes and avoid them in the future.
Your email address will not be published. Required fields are marked *