Page 16 - Risk Management Bulletin Jan- Mar 2022
P. 16
RMAI BULLETIN JANUARY - MARCH 2022
Potential causes of project failure may not The detection of any event that potentially
always be the fault of the vendor, the firm triggers a material-business-impact, or which
may also have gaps in operation readiness for represents a risk-profile modification, must be
IT outsourcing, for example the firm may not done as-early-as-possible and could be
have proper process capabilities in place to initiated by - key Risk Indicator breaches, new
support an external team and so assessing the regulatory requirement, offshore audit
organization readiness for outsourcing is an finding, new product or project.
essential step to managing risks that originate
b) Risk Measurement:
with outsourcing activities.
Once risks are identified then it can be
The firm may need to outline the reason for measured using impact and likelihood scale.
outsourcing that are justified, ensure how the
c) Risk Reporting:
outsourcing will fit the firm’s overall business
This helps to enhance senior management
strategy, set goals and expectation, set
awareness of any lingering risks.
escalation and intervention forum,
micromanage the capacity needs and d) Risk Monitoring & Mitigation:
determine areas that the firm expects the Monitoring - While some activities or
vendor to bring value to. processes can be monitored on real-time or
daily basis some may have to be monitored
d) Strong Practice to Monitor Delivery:
at less frequent intervals. This frequency
Risk management in outsourcing often
should reflect the frequency of occurrences of
focuses heavily on the planning and contract
operational-risk failures and severity of losses
stages. But proper assessment needs to
– For example scope governance of a
continue throughout outsourcing project
requirement being developed will have to be
lifecycle. It can be achieved by setting forth
monitored ones in a month and monitoring of
relevant performance metrics and KPIs.
critical bugs is required daily.
Organizational Risk Management Mitigation - This is the last but most important
step in operational risk management. There
Framework: may not be one standardized way to mitigate
operational risks. The guiding principle would
be to know where the operational risk is
coming from and accordingly mitigation
measures can be used. The mitigation
procedures should be well documented and
should be reviewed from time to time. Some
of the outsourcing operational risk mitigation
measures can be – For example if the master
code is erased during deployment then such
losses can be mitigated by ensuring that
adequate back-ups are maintained, and tight
approval protocols are established. Proper
training and string internal audit procedures
as well as proper monitoring will help mitigate
operational risks that arise due to people
related issues.
Stages in Developing an ORM
Figure 1: ORM Framework
framework:
a) Risk Identification: a) Governance & Organization: ORM function
14
