Managing operational risk still remains one of the struggles faced by management. The era of managing business risk function by function is long gone. In today’s dynamic and competitive environment, aligning business strategy with risk management is key to achieving improved business performance. Integrating operational risk management with the rest of the business units is the way forward for those organisations that aspire to be market leaders in their respective fields.
One of the mistakes made by many business leaders is allowing functional managers to concentrate only at those risks within their functions. For example, the marketing manager focuses only on risks specific to sales and marketing; the finance manager focuse only on financial risks; the IT manager focuses only on risks specific to IT investments. The problem with this approach is that, most of the risks involved are organisation-wide. They are interrelated and have an impact on the entire business as opposed to one business unit. Managing risks especially on this silo-based approach often results in duplication of effort and resources.
For an organisation to achieve its goals and targets, there is need to have minimal disruptions to the operations of the business. Operations are the oil that keep the organisation flowing smoothly towards its objectives and goals. However, in achieving the targets set, there will always be hurdles to overcome. Hurdles in the form of various risks. For example, a breakdown in the payments processing system, natural disasters, fire, fraud, employee strike or the departure of key employees can have far much damaging consequences on the business. A case in point is the Gulf of Mexico oil spill which has cost BP huge amounts of money as well as put the brand image of the company at risk. BP is being accused of not having acted properly before and after the spill to reduce the damage caused by the spill. Most analysts claim that BP failed on their operational risk management.
Another example, is the recent labour strikes at Honda at one of its production base in China, which resulted in the the company shutting down the affected base. In all this, there is no doubt that huge sums of money have been lost, which could have been used for other productive ventures. Thus, a firm’s ability to integrate risk management firmwide may mean survival in today’s and tomorrow’s more volatile and dynamic industry.
Organisations that are willing to integrate their operational risk management with the other business units should:
# Ensure that there is visibility and transparency when it comes to risk management. This means, they should be able to identify all the risks within the business and evaluate the potential consequences of those risks in the context of all risks faced by the business.
# View risk management as a business support function and not a rule-keeping business unit. True risk management is not a regulatory matter.
# Integrate technology, people and processes to achieve integrated risk management.
Operational risk management should be a seen as practice that unifies different business functions to achieve goals and take the organisation to the next level, rather than as a practice which meddles with the affairs of the other business units. Instead, operational risk management exposes the interdependencies between the different functions of the business, thereby allowing co-ordination towards the achievement of goals and targets.