Operational risk managers need to grow up and think big

Operational risk (OR) might be 20 years old, but it’s showing little sign of maturity. The emergence of new OR risk specialist functions has resulted in confusion, duplication and discordance. Whilst in parallel, increasing automation, digitisation and product innovation mean greater operational risk, but less relevance of the general OR practitioner.

So, what skills and behaviours do today’s OR managers need to add real business value and safeguard their position?

The remit of OR can and does span every element of the business. Across all of these elements OR professionals aim to identify the operational risks, then quantify and manage them. Risk assessments and incident reports are undertaken and complicated OR classification language used, all in an attempt to collect and monitor key risk information.

In an ever-changing business landscape, it’s hard enough for executive management to comprehend what constitutes an operational risk. New disruptions and risk sources are appearing frequently, and often unpredictably. Combine this with OR’s time-consuming tick box exercises, confusing data intelligence and reactive management techniques and it’s no surprise that new specialist risk functions are springing up. All offering faster and better results.

Wanted: Dynamic Operational Risk self-starter who can …

Collaborate and Communicate

Operational risk has become a meeting place for a variety of risk areas; from fraud and processing, through to human resources and reputational damage. As a result, quasi-operational risk functions have emerged, lines of responsibility have blurred, and confusion reigns. As a case in point, I recently came across a global banking giant that has an “operations risk” function that sits alongside its “operational risk” function.

Perplexed? You’re not alone...

Another consequence of having disparate specialist teams is that companies don’t have a comprehensive view of operational risk. But there’s also an opportunity here; one for the OR professional to play a pivotal role. Leading cross-functional collaboration, developing a coordinated workflow and defining clear roles and responsibility for organisational risk across the organisation.

By coordinating risk efforts OR managers can ensure messages to the market and business are clear, accurate and consistent. They can take ownership of the elements that the specialist functions cannot, or do not want to, undertake. And not least, by knowing the business inside and out, they can talk to the business’ management on an equal footing.

Develop a common language

The existence of several risk functions can also result in an organisation’s risk dialect being so diverse that it prevents an effective understanding of risk.

Rapid response to new risk-related events requires the same risk language to be spoken throughout the organisation. This means shared definitions, a company-wide understanding of how risk issues relate to organisational goals, and a culture of risk awareness and accountability.

As well as coordinating functions, today’s OR managers need to ensure a common risk methodology, taxonomy and toolset exist across the organisation. This will simplify reporting and avoid the confusion and misinterpretation that comes from using subtly different definitions. In essence, the OR manager needs to develop a risk language (and foster a risk culture) that everyone in the organisation adopts and understands.

Make information accessible, engaging and useful

It’s often been said that OR intelligence is backwards-looking, not dynamic and inconsistent. The information provided can wade too deeply into the technicalities; with excessive description of risk assessment processes. And the way data is presented can make it hard to have a comparable view of risk across the organisation. Too much information can put the recipients into ‘information overload’.  

The effective OR manager will recognise the value in presenting data in a more accessible way. One that holds greater appeal to a wider business audience. They need to develop and support a common approach to the strategic and dynamic analysis of risk.

To be truly useful the OR professional needs to reduce detection and reaction time; where possible use automation to improve efficiency and deliver sound operational analytics to provide meaningful and comparable data. 

Embrace and harness technology

As advances in technology continue to emerge, OR practitioners need to keep pace with the transformational changes that are taking place within business. Driving stronger partnerships between OR and IT functions they can better understand how the organisation is implementing and adapting to new technologies and manage the risks posed.

Technology can transform OR risk management. And the power of Big Data can be harnessed for forward-looking analytics and predictive planning. OR can use technology to become as dynamic, targeted and responsive as possible, improve efficiencies with automation and minimise duplication of efforts. It’s also essential that data is not collected and used in a siloed approach but that the OR professional uses technology to tie it all together - to analyse and assess the links between and across different risk areas.

Guide and influence

The very nature of operational risk is closely linked to processes, systems and people. This can provide holistic experience and knowledge of how the firm works, and the reasons behind why it operates as it does now. And this experience and knowledge is an extremely valuable asset for organisations.

Not enough is being done to tackle the risk management challenges that lie ahead. But if OR management can go beyond box-ticking regulatory activities, its function in the future is likely to be far more influential and critical to driving business and product development. In short, action is needed now by OR professionals to reinvent the OR function for when firms need it most.

The OR practitioner’s future depends on having a wider skill set that is beyond being a technical expert. They need to be able to exert influence. They need to embed a thriving risk culture. And they need to provide businesses with an understanding of how to improve efficiencies, take decisions and manage risk. Now is the time for the OR professional to think big, be bold, and proactively carve out an exciting new role; for themselves and the discipline as a whole.