Page 42 - Insurance Times March 2022
P. 42

Operational Risk Management:                                the strategic functional and architectural
                                                                     requirements as the project progresses.
         Put simply, operational risk relates to the risk resulting from
         the execution of an organization’s business-functions. It  Y  Performance Risk: The risk that the service provided
         constitutes the risk of a firm’s business operations failing due  by the vendor does not meet local laws and
         to human error. Operational risk comprises of any event     regulations and issues with the operating method
         which disturbs the usual flow of business processes of an   to complete tasks thereby requiring extensive
         organization and which creates financial loss for the       micromanagement by clients.
         organization. Unlike other risks like market or credit risk,  Y  Client Relation Risk: The risk that the vendor fails to
         operational risks are generally not voluntarily incurred by  maintain desired level of co-ordination, communication,
         firms. They are also not diversifiable and can’t be laid off. If  and team management during the project.
         there are systems, people, and processes in place –and  c)  Release and Delivery Risk: Failure of vendor to meet
         which are indeed not perfect in the real world, it is   their agreement goal.
         impossible to fully mitigate the operational risks. However,  Y  Product Release Risk: Risk that the service and
         operational risk can be effectively managed to keep the     product provided by the vendor fails to meet the
         losses within certain risk tolerance levels.                standardized design and quality expectations.
                                                                 Y   Financial Risk: Risk that the sub-standard delivery
         Operational Risk management (ORM) is a continual cyclic-    and increase in not well-trained resources has led
         process that includes risk-identification, risk-assessment, risk-  to exceeding the set budget.
         decision-making, and implementation of operational-risk-
                                                                 Y   Coordination Risk: Risk having to manage complex
         controls, that result in the mitigation, acceptance, or     system of people, groups, processes, and
         avoidance of risk. The U.S. Department of Defense
                                                                     technologies.
         summarizes the principles of ORM as follows:
                                                              d) External Environment: Failure of vendor to deliver tasks
         a) Accept the risk when the benefits outweigh cost
                                                                 due to external hindrances.
         b) Accept no unnecessary risk                           Y   Environmental Risk: The risk caused by
         c)  Anticipate and manage risk through planning             environmental disaster like floods, storms,
                                                                     pandemic, or epidemic that forces the vendor to
         d) Make risk decisions at right level.
                                                                     restrict or stop the usual activities pertaining to
         Operational Risks Associated with IT                        project.
         Outsourcing:                                            Y   Political Risk: The risk that leads to impediments
                                                                     corporations may face owing to political decisions or
         Operational risk will exist during the lifecycle of outsourcing  any political change which changes the expected
         project, i.e., pre-sales, contract period and postdelivery.  value and outcome of a particular economic action,
         These risks can be categorized into 3 sections.             through change in the probability of attaining the
         a) Security Risk: Failure of vendor to secure client        business objectives. Political risk can also be defined
             confidential dat.                                       as the risk of financial, strategic, or personnel loss
             Y   Intellectual Property (IP) Risk: The risk that the  for a firm due to such non-market factors as the
                 vendor does not possess proper security strategies  macro-economic and social policies pertaining to
                 and is unfamiliar with the recent security threats  labor, or events related to the political instability
                 and practices to safeguard the firm’s products.     (riots, terrorism, civil war, coups, and insurrection)
                                                                     that may cause hurdles in daily functioning of vendor.
             Y   Data Breach Risk: The risk that the vendor is not
                 well versed with an array of protected information
                 and its handling measures while working on the  Effective Operational Risk Management
                 product.                                     in IT Outsourcing:

         b) Stakeholder Engagement Risk: Failure of vendor to  a) Service Level Agreement (SLA):
             meet client expectation of service.                 Y   SLA Risk Management at Proposal Phase – SLA risks
             Y   Requirement Risk: The risk that the product or      is managed at various stages of lifecycle, such as,
                 service delivered by the vendor does not align with  during proposal submission, during negotiation and

          42  The Insurance Times, March 2022
   37   38   39   40   41   42   43   44   45   46   47