By Alex Toews, Risk Solutions Manager, Fusion Risk Management:
It is difficult for companies to maintain perfect resilience given the complexity of emerging risks and the volatile nature of new catastrophic disruptions. However, organizations need to allocate resources to prepare, as best as possible, for incidents and impending crises – especially after learning how a disruption like COVID-19 can impact their business. Integrating operational risk management is vital to the health of an organization. At Fusion, we believe that to achieve a more impactful level of operational resilience, organizations should focus on a restored vision of operational risk and begin actively breaking down program silos.
What is operational risk and operational risk management?
The Basel Committee set forth the following definition for operational risk: the risk of impact, loss, or disruption resulting from inadequate or failed internal processes, people, and technology or from external events. In its simplest form, operational risk can be defined as the risk of doing business. Operational risk management aims to provide a risk-informed perspective in the way that the organization does business, navigates change, responds to compliance obligations, and operates internally. While there are often pieces of operational risk segmented or siloed into specific programs throughout the organization, operational risk management maintains enterprise-wide applicability and should be promoted as an integral function. After all, it encompasses processes, people, and technology – the majority of assets and entities that comprise the enterprise.
The importance of breaking down silos and program integration
Operational risk impacts and influences the entire organization. As such, operational risk programs need to become more connected to the entire suite of risk and continuity perspectives. With operational risk, the organization should avoid viewing the program only from a compliance or regulatory perspective, focusing solely on “checking-the-box” or preparing for a situation when regulators or auditors examine your program. The myriad of organizational data and operational understanding that is maintained and collected by operational risk programs should be empowered to inform strategic business direction.
Beginning to integrate operational risk perspectives into third-party, business continuity, or incident management programs can change the perception of these functions as singular risk prevention gatekeepers to strong strategic partners that encourage better risk taking and accelerate competitive advantages. This is why operational risk management must focus on using cross-functional data and perspectives to create a program that can respond to the dynamic environment in which the business operates.
The mantra – when it comes to breaking down silos – is to think collectively and act collaboratively. Organizations should focus on creating a shared information foundation that expands across the entire organization, as well as connecting and integrating different programs including: operational risk, third-party risk, incident management, disaster recovery, and business continuity. Actively breaking down silos means that these programs communicate with each other, not only through technology and shared data, but through stakeholder conversations. Operational risk management can only be as impactful as required if it is meaningfully connected to these different programs.
Three key steps to becoming more resilient
Becoming more resilient as a business through operational risk management comes in three critical steps:
- Break down silos – The organization must identify which data is pivotal to share. The integration of data from different risk and continuity programs is essential to becoming more resilient. It’s crucial that information is not segregated. By breaking down program silos, organizations will identify the data points, connections, and critical resources that enable your organization to deliver services or products consistently, competitively, and intelligently.
- Create a unified data set that is integrated across risk and continuity programs – From both a proactive and reactive risk management perspective, using a unified data set that is integrated across the organization is crucial. By creating a consistent language for how key risk data and metrics are defined, an organization can make informed decisions that consider proactive risk mitigation strategy while understanding their ability to respond to operational disruptions or events. Without this, an organization’s ability to make intelligent risk mitigation decisions or react to a severe disruption can be delayed.
- Gain powerful insights into operational performance and success metrics – Through breaking down silos and creating a unified data set, the organization will be able to more readily and accurately understand how, when, and what to change to continue doing business in the most efficient way possible while remaining agile and able to respond to unimaginable crises. This way, the organization is empowered to continue delivering products and services to clients and customers regardless of changes in the business environment.
Find out how the Fusion Framework® System™ helps organizations create a shared information foundation, powering their operational risk management program.