Page 14 - Risk Management Bulletin Jan- Mar 2022
P. 14
RMAI BULLETIN JANUARY - MARCH 2022
external factors such as breakdown of infrastructure or Data Breach Risk: The risk that the vendor is
disaster. Such risks can be managed and mitigated by not well versed with an array of protected
effective operational risk management. information and its handling measures while
working on the product.
Operational Risk Management: b) Stakeholder Engagement Risk: Failure of vendor
Put simply, operational risk relates to the risk resulting to meet client expectation of service.
from the execution of an organization’s business- Requirement Risk: The risk that the product
functions. It constitutes the risk of a firm’s business or service delivered by the vendor does not
operations failing due to human error. Operational risk align with the strategic functional and
comprises of any event which disturbs the usual flow architectural requirements as the project
of business processes of an organization and which progresses.
creates financial loss for the organization. Unlike other Performance Risk: The risk that the service
risks like market or credit risk, operational risks are provided by the vendor does not meet local
generally not voluntarily incurred by firms. They are laws and regulations and issues with the
also not diversifiable and can’t be laid off. If there are operating method to complete tasks thereby
systems, people, and processes in place –and which requiring extensive micromanagement by
are indeed not perfect in the real world, it is impossible clients.
to fully mitigate the operational risks. However,
Client Relation Risk: The risk that the vendor fails
operational risk can be effectively managed to keep to maintain desired level of co-ordination,
the losses within certain risk tolerance levels. communication, and team management during
the project.
Operational Risk management (ORM) is a continual
c) Release and Delivery Risk: Failure of vendor to
cyclic-process that includes risk-identification, risk-
meet their agreement goal.
assessment, risk-decision-making, and implementation
Product Release Risk: Risk that the service and
of operational-risk-controls, that result in the
product provided by the vendor fails to meet
mitigation, acceptance, or avoidance of risk. The U.S.
the standardized design and quality
Department of Defense summarizes the principles of expectations.
ORM as follows:
Financial Risk: Risk that the sub-standard
a) Accept the risk when the benefits outweigh cost
delivery and increase in not well-trained
b) Accept no unnecessary risk resources has led to exceeding the set budget.
c) Anticipate and manage risk through planning Coordination Risk: Risk having to manage
complex system of people, groups, processes,
d) Make risk decisions at right level.
and technologies.
Operational Risks Associated with IT d) External Environment: Failure of vendor to deliver
tasks due to external hindrances.
Outsourcing:
Operational risk will exist during the lifecycle of
outsourcing project, i.e., pre-sales, contract period and
postdelivery. These risks can be categorized into 3
sections.
a) Security Risk: Failure of vendor to secure client
confidential dat.
Intellectual Property (IP) Risk: The risk that
the vendor does not possess proper security
strategies and is unfamiliar with the recent
security threats and practices to safeguard the
firm’s products.
12
