The World without Bankruptcy Laws
Bankruptcy is one of the natural states which a company may find itself in. Entrepreneurship is primarily about taking risks. When companies take risks, some of them succeed, whereas others fail. Hence failure is a natural part of the business. However, many critics of bankruptcy laws believe that there isn’t a need for an elaborate […]
The Wirecard and Infosys Scandals are a Lesson on How NOT to Treat Whistleblowers
What is the Wirecard Scandal all about and Why it is a Wakeup Call for Whistleblowers Anyone who has been following financial and business news over the last couple of years would have heard about Wirecard, the embattled German payments firm that had to file for bankruptcy after serious and humungous frauds were uncovered leading […]
Why the Digital Age Demands Decision Makers to be Like Elite Marines and Zen Monks
How Modern Decision Makers Have to Confront Present Shock and Information Overload We live in times when Information Overload is getting the better of cognitive abilities to absorb and process the needed data and information to make informed decisions. In addition, the Digital Age has also engendered the Present Shock of Virality and Instant Gratification […]
Why Indian Firms Must Strive for Strategic Autonomy in Their Geoeconomic Strategies
Geopolitics, Economics, and Geoeconomics In the evolving global trading and economic system, firms and corporates are impacted as much by the economic policies of nations as they are by the geopolitical and foreign policies. In other words, any global firm wishing to do business in the international sphere has to be cognizant of both the […]
Why Government Should Not Invest Public Money in Sports Stadiums Used by Professional Franchises
In the previous article, we have already come across some of the reasons why the government should not encourage funding of stadiums that are to be used by private franchises. We have already seen that the entire mechanism of government funding ends up being a regressive tax on the citizens of a particular city who […]
The fundamental principle of operational risk management is to ensure that all operational risks have been considered and decisions have been taken about the best way to mitigate them. This is because experience has shown organizations that the worst outcomes come from risks that they have knowingly or unknowingly ignored.
It is therefore important to ensure that the organization tries to maintain an exhaustive list of all the operational risks that it faces. The reality is that the risk can never be exhaustive. However, the idea is to make the analysis as comprehensive as possible given the time constraints that the organization has.
It is also important to realize that the identification of operational risks is not a one-time process. Since the organization operates in a dynamic environment, it is important to periodically scan the environment in order to identify newer risks that may emerge and proactively manage them.
In this article, we will have a closer look at some of the best practices which are associated with the identification of operational risks.
Top-Down Approach Vs Bottoms Up Approach to Operational Risk Assessment
The identification of operational risks is one of the most crucial steps in managing risks. The failure to identify risks almost certainly means that the organization will not take any action to mitigate them. Hence, to identify risks, a thorough scan of the entire organization and its operating environment is necessary. This is the reason that companies often use a combination of a top-down approach as well as the bottom-up approach in their bid to identify operational risks.
The top-down level of risk identification starts with the actions of the senior management. This is because the data required to conduct the top-down analysis is not available to people working at lower levels.
Top-down risk identification is generally done by the senior management in seminars. The major process owners of the organization try to brainstorm about what could go wrong with their operations. These sessions include scenario generation exercises wherein the executives are supposed to come up with the probable scenarios that the external environment can bring up and the response that the organization would give in each case.
Generally, the top-down approach considers emerging technology and global risks in their meetings. This type of risk analysis happens quite infrequently. This is because the external environment does not change very often.
As the name suggests, the bottom-up approach to risk management is the opposite of the top-down approach. This is because the bottom-up approach is often undertaken by supervisors and mid-level management. However, they take their inputs from the lowest levels of workers.
Process mapping and interviews are some of the most common techniques which are used in bottoms-up management. This is because the idea is to map the entire process at a granular level.
Interviews help identify the most common threats to which the process is vulnerable. Also, it is the job of the management to conduct an operational risk analysis to identify key people and systems which can cause a systemic breakdown in the organization. This risk identification focuses on how technology and people can be deployed to provide optimum results for the company. However, there is an inherent issue with the bottoms up approach.
Many times, managers are too engrossed in finding their individual risks. Hence, the exercise is conducted on a very micro level. The end result of such an exercise is the identification of a series of disjointed risks. These risks may not have any pattern to them and maybe at a very low level.
Hence, formulating an organization-wide approach to mitigating these risks might become difficult in such an environment. The frequency of this process is quite high. Companies often conduct half-yearly or annual risk audits in order to identify the risks and create plans to mitigate them.
The problem with risk identification is that it is not a process-based approach. The methods used in the risk assessment exercise are qualitative. Hence, the outcomes of such methods are not consistent.
For instance, two different groups at the same organization may brainstorm in order to identify risks and both the groups may come up with entirely different outputs. Both the bottoms up and top-down approach relies on intuition and judgment instead of using the scientific method.
Even after the risks are identified the categorization of these risks is subject to a lot of human judgment. This creates a huge problem since if the person conducting the risk management exercise is not competent, the risk identification would be incomplete.
Tools like risk matrix have been created to help managers identify and prioritize risks. However, they too work based on the inputs given to them by the person identifying the risks.
The bottom line is that the identification of risks is an imperfect process. This is the reason that it needs to be done in an iterative manner. This is because it is possible that a risk that was missed the first time may be identified in the second or third attempt.
Your email address will not be published. Required fields are marked *
Why the Digital Age Demands Decision Makers to be Like Elite Marines and Zen Monks
February 7, 2025
Personal Grooming Tips for Women
February 7, 2025
Politics in Virtual Workplace
February 7, 2025
