Operational risk is concerned with losses and other impacts occurring as a result of failures in people, business processes, IT systems and external events.

It covers all operational areas of a company so it is therefore vital to take a proportionate and fit-for-purpose approach. Understanding what really matters to a company, where the critical exposures are and where to direct limited resources means that an organisation-wide view of risks needs to be taken.

Experience shows that most significant losses and impacts are in areas which should have been predictable. Focusing on the areas that matter most is therefore crucial as the attention of any organisation cannot be spread too thinly.

Key risk indicators and key control frameworks need to be embedded in all areas of the company which are exposed to significant risk. Focusing on lesser areas of exposure can crowd out the core messages and lessen the effectiveness of risk reporting.

Luxon Risk Systems are experienced in achieving this balance and can implement effective and efficient risk frameworks without incurring unnecessary bureaucracy and administration.

Operational risk is defined as the the risk of loss, resulting from inadequate or failed internal processes, people and systems, or from external events. This may be direct financial loss or indirect loss as a result of reputational and other damage. Key risks include:

Execution, delivery and process management such as data entry errors, management failures, incomplete or inaccurate legal documentation, unapproved access given to client accounts, inadequate trade counterparty performance, and vendor disputes.

Clients, products and business practices. Fiduciary breaches, misuse of confidential customer information, improper trading activities, money laundering, and sale of unauthorised products.

Damage to physical assets including terrorism, vandalism, earthquakes, fires and floods.

Business disruption and system failures – hardware and software failures, telecommunication problems, and utility outages.

Internal fraud – intentional misreporting of financial data, employee theft, and insider trading.

External fraud – robbery, forgery, cheque fraud, and damage from computer hacking.

Employment practices and workplace safety – workers compensation claims, violation of employee health and safety rules, organised labour activities, discrimination claims, and general liability.