Operational risk and resilience

Risk

Resilience

The potential for an event to result in an unwanted/negative consequence

Combines both the extent of the unwanted consequence and the likelihood of it happening

An event that is likely to happen and have a large impact on the organisation is said to be a higher risk than a devastating event that is almost certain to never happen or an event that is certain to happen but have very little impact

The ability at an individual and organisational level to respond to and withstand unwanted events

Ideally an organisation will be able to avoid an unwanted event or minimise the impact of it, but where this is not possible organisations need to be able to cope with the consequences or recover from them

Hazards

Impact

Likelihood

Managing risk

According to the UK Health and Safety Executive (2017), ‘A
hazard is anything that may cause harm’

From the organisational point of view we can expand the term ‘harm’ to include any unwanted consequences for an organisation

A hazard is an event that has the potential to result in unwanted consequences

They can come from a broad range of places

Supply chain

Human capital

Technology

Customers

Organisational

Defective or incorrect components being delivered
by suppliers

Late or cancelled deliveries

Logistical failures resulting in lost, delayed or damaged deliveries to customers

Human errors or deliberate actions

Failures as a result of incorrect or incomplete training

Communications or computer systems failures

Failures of equipment during operation

Incorrect equipment specifications resulting in unexpected outcomes

Using a product or service in a way other than intended, perhaps as a result of a training or competence issue

The customer incorrectly stating the specification of product or service they desire, or their specification being misinterpreted

Failure of internal processes or procedures

Adverse cultural responses

When considering the potential impact of possible hazards, organisations need to consider different areas of the operation that may be affected

Most organisations usually create a detailed framework to bring a level of consistency to how risk is determined across the business

Often this involves using an impact matrix (See Illustrative impact matrix, Book 3 p88)

Can be categorized as

Very low

Low

Medium

High

Very high

Estimating the chance or likelihood that something will happen is difficult to do with any accuracy.

Personal experience, organisational history or industry figures can all be used as evidence to justify an assessment of the likelihood of something happening.

Organisations use a matrix to assess likelihood in order to standardise its evaluation across the business (See Book 3, p89)

Can be categorized as

Rare

Unlikely

Possible

Likely

Almost certain

Risk is an extremely complex issue, and accurate assessment of it forms the basis of the whole insurance industry.

Despite the complexity of accurately assessing risk there are only three broad approaches for managing it

Organisations can either reduce the impact of an event, reduce the likelihood of an event or plan to recover from an event (See Book 3, p90)