Traditional Risk Management (RM) is often focused on downside risks stemming from physical or legal causes of an external nature for example, fire or lawsuits.
Section 644 of the 2005 International Convergence of Capital Measurement and Capital Standards, known as Basel II defines operational risk as:
“the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”.
Such losses are often more extensive than necessary as a result of business owners and managers failing to adequately develop a robust RM framework for the enterprise, incorporating appropriate risk strategies.
In 2002, The Institute of Risk Management (IRM) published “A Risk Management Standard” in which it defined risk as:
“the combination of the probability of an event and its consequences”.
The Standard addressed both the negative and positive aspects of risk noting that in all types of undertaking, there is the potential for events and consequences that constitute opportunities for benefit i.e. upside risks, or threats to success i.e. downside risks.
The IRM Standard went on to define RM as:
“the process whereby organisations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities”.
The Standard recognised that risks facing an organisation and its operations may emanate from internal as well as external sources. It also makes clear that RM can protect and add value to an organisation and its stakeholders through its support for corporate objectives. This is achieved by:
- Providing a framework to enable future business activity to take place in a consistent and controlled manner
- Improving decision making, planning and prioritisation
- Contributing to a more efficient use of capital and resources
- Protecting and enhancing assets and the company image
- Developing and supporting people and the organisations knowledge base
- Optimising operational efficiency
|