More people now appreciate the reach and impact of risk, and the complexity and interdependence among strategies, operations, the environment and the risks that can result from these factors. The consequences of predictable or unanticipated incidents or insufficient preparation and response can immediately cascade through the enterprise value chain. The financial impact of these risks – if left unaddressed – can be devastating because they threaten operations across the entire footprint of the organization and its supply chain. Developing the sustainable internal capacity to assure operational resiliency has become a critical boardroom issue for many organizations.
Risk assessment and mitigation is a complicated operating landscape that can no longer be addressed through a single risk management, IT, security, compliance or safety function that may lack the budget, operational perspective or organizational support to comprehensively and effectively manage the scope or complexity of the task.
Operational risk management addresses the impact to processes, systems, information, people and physical assets of organizations throughout the lifecycle of disruptive crises – from marquis events like regional catastrophes to mundane occurrences like labor stoppages. It should provide critical qualitative and quantitative information to risk and IT managers, information security executives, CIOs, CFOs, CEOs, compliance officers and the board – supporting their capacity to meet the requirements and standards imposed by policy, partners, regulators, legislators, insurers and the courts.