Monday October 8, 2012

Expanding the Definition of Operational Risk

We finished the upgrade of ASA's website last month, and tweaked our logo as well.  These investments reflect our confidence that the work we do is valuable; and that the research and publications we make available on our website are being utilized.  We have always intended the website to be resource for risk professionals in the field as well as C-suite executives.

When we reviewed the website, we re- committed to the original 2009 menu of ASA consulting services and risk focus practice areas.  If you accept the 2004 Basel definition of operational risk – “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events” – then you can see that almost any type of assessment we undertake for a client falls into one of these four areas.   When you consider the additional losses to brand and to growth that can arise from the intersection of one or more of these areas, then reputational and legal risk become part of a broader definition.  We’ll keep re-examining operational risk.   Continuous research informs the consulting practice as we assist companies with potentially volatile situations.

I’m speaking next month on the topic “Ethical Misconduct: Is It Your Biggest Risk?” for the Pacific Northwest Enterprise Risk Forum conference.  You might well ask if ethical behavior is related to operational risk.  I found the answer to be a resounding yes, especially with its threats to corporate brand and stock price.

To create the presentation, I read or revisited a number of books on leadership and decision-making, including Mark Crowley’s Lead from the Heart and Betsy Myers’ Take the Lead, uplifting books that argue companies should build strong cultures where employees are engaged and committed.  Three other books make critical points:  John C. Maxwell’s 2003 classic, There’s No Such Thing as Business Ethics, The Arbinger Institute’s Leadership and Self-Deception and Daniel Kahneman’s Thinking Fast and Slow.  Since I’ll be speaking primarily to chief financial officers, internal auditors, chief executive officers), and chief risk officers, I reviewed a number of studies so I could provide an appropriate level of data, including the 2012 Report of Certified Fraud Examiners, the 2012 Labaton Sucharow Report, and the 2011 National Business Ethics Study.  I looked at the Security and Exchange Commission’s (SEC) whistleblower program, which has gained teeth with the passage of Dodd-Frank legislation.  [You can read more about changes to the whistleblower program in the research note written by Devin Luco this month, titled Whistleblowers and the Dodd-Frank Act.]

I’m hoping to refine my thinking even further this winter when I teach a course in policy and ethics to graduate students in the University of Washington’s Information School.  The course is designed to “provide the mid-career professional with a context for analyzing select legal and socio-political issues surrounding information….” Ethical conduct in the treatment of information will certainly be a recurring theme of our studies.  At the same time, I’ll be re-testing my current definition of operational risk when I teach the operational risk fundamentals course I designed and taught for the first time last spring.  The following quarter I’ll teach a second course on operational risk, this one looking at the differences in how operational risk is handled in the public and private sectors.

I hope this look at how we continue to expand our expertise and our services is of use.  Where it is possible to enrich a consulting practice by paying attention to the larger framework of the field through research and publications, then everyone benefits – the client, the practitioner, the student, the teacher and the executive.

back to top Back to top