Home

The two top categories of operational risk are Internal and External Fraud, but what IS “operational risk” exactly?

The best definition of operational risk comes from Basel II, which defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

Although originally designed for the banking system where regulatory safeguards are designed to  protect against large scale failure of the banking system and the economy; a systematic approach to operational risk management is important for any kind of organization

Basel II defines 6 categories of operational risk and  excludes, for example, strategic risk - the risk of damage to the business from a poor strategic business decision.

1. Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, corruption and bribery
2. External Fraud- theft of information, hacking damage, third-party theft (including data loss) and forgery
3. Employment practices and Workplace Safety - discrimination, workers compensation, employee health and safety Clients, Products, & Business Practice- market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning
4. Damage to Physical Assets - natural disasters, terrorism, vandalism Business Disruption &
5. Systems Failures - utility disruptions, software failures, hardware failures
6. Execution, Delivery, & Process Management - data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets

Make no mistake:

• Today’s most devastating attacks on a business are launched from inside the organization. Competitors and criminals exploit systems and employees in order to access and manipulate customer data, financials, marketing plans and intellectual property.

• Security focus remains on outsiders, despite the fact that insider fraud and data theft are the leading white-collar crimes worldwide. Most firms lack the capability to detect, monitor, quantify and prevent fraudulent events inside their organization.

• Fraud and data theft can be committed through many methods, including mobile phones and the Internet. The difficulty of validating online identity, the speed with which hackers can exploit IT vulnerabilities, the international dimensions of the Web and ease with which users can hide their identity, all contribute to making the Internet the fastest growing area of fraud and data theft.