Page 44 - Insurance Times March 2022
P. 44
Organizational Risk Management one standardized way to mitigate operational risks.
The guiding principle would be to know where the
Framework: operational risk is coming from and accordingly
mitigation measures can be used. The mitigation
procedures should be well documented and should
be reviewed from time to time. Some of the
outsourcing operational risk mitigation measures
can be – For example if the master code is erased
during deployment then such losses can be
mitigated by ensuring that adequate back-ups are
maintained, and tight approval protocols are
established. Proper training and string internal
audit procedures as well as proper monitoring will
help mitigate operational risks that arise due to
people related issues.
Stages in Developing an ORM framework:
a) Governance & Organization: ORM function design,
committee oversight, detailed roles and responsibilities,
resource requirements.
b) Strategy & Objectives: ORM goals, design ORM
Figure 1: ORM Framework framework, capabilities and skills, development
c) Policies: ORM policy design, integration with other
a) Risk Identification: policies and standards
Y The detection of any event that potentially triggers
d) ORM tools and Processes: Data loss governance,
a material-business-impact, or which represents a alignment with strategic planning and accounting
risk-profile modification, must be done as-early-as-
possible and could be initiated by - key Risk Indicator e) Supporting Systems: Business requirements, Vendor
breaches, new regulatory requirement, offshore selection, Change management
audit finding, new product or project. f) Measures and Reporting: KRI, Internal ORM reporting
b) Risk Measurement: flows, External ORM disclosure requirements
Y Once risks are identified then it can be measured
using impact and likelihood scale. Conclusion:
c) Risk Reporting: To Conclude, the way a firm manages its outsourcing
activities says a lot about their business. Having a good hold
Y This helps to enhance senior management on outsourcing is necessary to mitigate associated threats
awareness of any lingering risks.
and vulnerabilities ranging from the operational impact of
d) Risk Monitoring & Mitigation: third-party failures to the reputational impact of poor work
Y Monitoring - While some activities or processes can practices of third parties. But it also sets the standard by
be monitored on real-time or daily basis some may which third parties will perceive the organization and
have to be monitored at less frequent intervals. This managed effectively, could open the door to strategic
frequency should reflect the frequency of opportunities emanating from positive cost-reduction and
occurrences of operational-risk failures and severity innovation. Organizations that lose control of their
of losses – For example scope governance of a management of outsourcing face heightened regulatory
requirement being developed will have to be scrutiny, reputational damage and, ultimately, consumer
monitored ones in a month and monitoring of backlash.
critical bugs is required daily.
Y Mitigation - This is the last but most important step Reference:
in operational risk management. There may not be Various Sources. T
44 The Insurance Times, March 2022
