People get into business for all sorts of reasons: whether it’s a simple need to earn more money or a desire to make things better, to solve a problem that needs solving or to share a burning passion with the world. Trouble is, you can’t open the door to all that exciting stuff without inviting a host of unsavoury other elements to the party too.
Whether you’re a team of window cleaners bouncing your way down the side of The Shard in the City of London, a mountain-biking nut leading tours through forest trails, or simply a lone wolf sat crunching through company accounts from the relative safety of an office, you’re going to encounter operational risk.
Operational risk is the risk of loss that results from problems with internal processes, people and systems, or from external events, in the course of conducting your business. In other words, it’s the risk that comes with doing the very things your organisation was built to do.
Examples of operational risk range from the Hollywood-style – hurricanes, computer hacking and fraud – to the far more prosaic: like the failure to adhere to internal health and safety policies. Every workplace, from the oil rig way out in the North Sea to the sweet shop at the heart of the neighbourhood, breeds operational risks of some kind. It’s just the frequency and the degree of severity that changes.
One component of operational risk that’s common to all organisations is human error. Research by DuPont found that 82% of workplace incidents come down to poor decision-making. It’s unavoidable: it’s people who make a business tick. And people make mistakes.
But whether the problem arises from human error or an unexpected act of God, how well you handle that risk will come down to how well your company has been primed to deal with it in the first place.
Operational risk management (ORM) is the art of working out just what the potential for such incidents is, as well as establishing the degree of damage they’d cause if they did crop up.
But it’s also about controlling that risk – managing it in a way that’s proportionate and appropriate, so your business has the freedom to operate and to grow while sensibly minimising the fallout from any nasty surprises.
The ORM strategy you adopt will be shaped by your business. To develop it you need a solid understanding of the specific risks you face, as well as the people you employ and the culture you operate.