The concept is so simple; so why are so many people, including shareholders, having such a hard time getting their heads around the phrase "operational risk" or "op risk" - the risk of loss from any operational failure at a company?
Not only are they having a hard time understanding it, the vast majority of stakeholders have never heard the term - even though a great a great number of finance specialists say extraordinarily poor management of operational risk (not other categories of risk, such as market, liquidity or credit) is exactly what led to the collapse of global financial markets starting in 2007. (Read about the financial crisis that struck in 2007 in The 2007-08 Financial Crisis In Review.)
That is exactly why investors and other stakeholders need to get up to snuff on operational risk as quickly as possible. If they don't, there's every reason to expect other financial implosions to follow.
The Impact Of Op Risk
What may surprise stakeholders is that a number of financial experts say poor operational risk management has been the underlying cause of every major financial services loss over the past two decades - including this past year's $180 billion-plus bailout of American Insurance Group (AIG) and well-publicized fiascoes such as those at Barings, Long Term Capital Management (LTCM), Allied Irish Bank-All First, Societe Generale, Bear Stearns and Lehman Brothers.
Even more surprisingly, the finger pointing doesn't stop there. Any number of additional significant upsets at "non-financial" companies - everything from Union Carbide's chemical leak in Bhopal, India years ago to JetBlue's massive ticketing and route scheduling failures to accounting-related fraud at Cendant and Bausch & Lomb - can be attributed to operational risk management failures.
"Until investors and all stakeholders - John Q. Taxpayer, corporate board members, 'C-suite' executives, shareholder activists, ratings agencies, analysts, regulators, even legislators - understand this risk and how to measure and manage it, there is no way to guarantee that we won't face future financial meltdowns as big as, or bigger, than the most recent one," says Ali Samad-Khan, founder and president of Stamford Risk Analysts (a recent rebranding of OpRisk Advisory) in Connecticut.
"Coming to terms now with operational risk must become a strategic imperative for organizations in all industries, not simply for financial services giants."
Bolstering the view that stakeholders must understand the importance of operational risk is a just-released study from the Society of Actuaries, the Casualty Actuary Society and the Canadian Institute of Actuaries called A New Approach for Managing Operational Risk: Addressing the Issues Underlying the 2008 Global Financial Crisis.
"Regulators and other key stakeholders (e.g., rating agencies) need to take an active role in calling for improved ORM practices," the report notes. "Historically, ORM has taken a back seat to the management of the other major risks, which are often defined as market, credit, insurance and strategic risk and sometimes include 'liquidity,' 'legal' and 'reputation' risk … This has not only caused operational risk to be underestimated, but has also obscured the underlying causes of many of the most significant financial losses."
Just What is "Operational risk"?
So how do we define operational risk? On its face, it sounds enormously simple: the risk of financial loss from any operational failure. But "operational failure" encompasses a dizzying array of possible events, actions and inactions - everything from inadvertent execution errors, system failures and acts of nature to conscious violations of policy, law and regulation. Of course, it also encompasses the greatest of all faux pas: direct and indirect acts of excessive risk-taking.
It's exactly this depth and breadth of issues and "cross-silo" concerns that has lead to ongoing confusion about exactly what is and isn't an operational risk - and continuing doubts about how to identify and manage it. For instance, too often op risk has been misdiagnosed as other, relatively newer areas of recognized exposures such as those involving IT security, supply chain and business interruptions.
As a result, some corporate managers argue that op risk simply doesn't exist - that it is nothing more than existing risks by a newly-invented name - or that, if in fact it is a legitimate, separate exposure, the amount of operational risk they face isn't significant enough to merit a specific and separate measurement and management system. Typically, executives at non-financial organizations advance these views - pointing out, for instance, that they don't run complex trading operations or have the related balance sheet concerns faced daily by the world's banking, energy and commodity firms.
Finally, that op risk has been recognized formally by the regulatory community as a legitimate issue only recently (and then, by financial services regulators exclusively), hasn't helped encourage active recognition or management of it. That acknowledgment came in 1999, when the Basel Committee on Banking Supervision, a global financial services firm, highlighted operational risks as a distinct potential bête noire..
Much Ado About Nothing?
Many stakeholders might view discussions about whether op risk exists, what it is, how it differs from other exposures, and if and how it can be managed as academic. It's easy to dismiss the debate thinking that, whatever its merit, it has no bearing ultimately on shareholder value, reputation, governance or related concerns.
But op risk proponents say it's not so. Those who don't acknowledge their own op risks are simply setting themselves up for future devastating material failures and losses.
Indeed, they say, the seeming minutiae of operational issues can quickly spin out of control into a major balance sheet and stakeholder concern. One example comes from Norm Parkerson, executive director of advisory services at Grant Thornton in Atlanta, who points to a recent unanticipated op risk loss suffered by one of his own clients. In this case, a manufacturing company introduced a new product covered by a warranty reserve based on its own historical data. Unexpectedly, a manufacturing problem - an operationally-related risk - generated warranty claims far exceeding the warranty reserve booked on its balance sheet. The result: a loss of well over $100 million.
"This happened rapidly and the impact was far reaching," says Parkerson. "Not only was there an impact to the financial statement; there was an adverse impact on the manufacturing process, the quality assurance process, the procurement of raw materials, the ability or inability to fulfill customer orders, and the company's reputation."
Managing Op Risk
Unfortunately for stakeholders, no models exist where they can turn to management and boards and ask: "How effectively are you managing op risk - for instance, against X, Y or Z?"
In fact, banks and insurers acknowledge that they don't know if their op risk management endeavors to date have been successful.
The SOA's report says "Many financial firms have spent millions of dollars hoping to improve their management of operational risk, but those initiatives do not appear to have achieved their desired objectives. Developing an effective method of managing operational risk is proving to be a daunting task."
Meanwhile, stakeholders remain far more exposed than they realize.
"Organizations that choose to remain blissfully ignorant of the importance of operational risk will continue to operate under a false sense of security," says Samad-Khan. "They will remain 'under-controlled' in areas where they have the most risk and significantly 'over-controlled' in areas where they have the least risk. So without addressing op risk head on, recognizing and understanding it and acknowledging the crucial role it plays, we face the prospect another global financial crisis in the not too distant future."
The Bottom Line
Operational risk remains a controversial topic, but by whatever name you call it, the risk will not dissipate by being ignored. While managing op risk may be a daunting task, it is one of utmost importance to companies and shareholders alike. (For related information, take a look at The Evolution of Enterprise Risk Management.)
InvestingAfter October’s better-than-expected employment report, a December Federal Reserve (Fed) liftoff is looking more likely than it was earlier this fall.
InvestingWhile stocks have rallied since the economic recovery in 2009, many active portfolio managers have struggled to deliver investor returns in excess.
RetirementWe discuss the advantages of seeking professional help when it comes to managing our retirement account.
EconomicsAfter the Paris attacks investors are focusing on central bank policy and its potential for divergence: tightened by the Fed while the ECB pursues easing.
Chart AdvisorThere has been lots of hype around the IPO market lately. We'll take a look at whether now is the time to buy.
ProfessionalsLearn what a typical early morning to late evening workday for a hedge fund manager consists of and looks like from beginning to end.
Stock AnalysisLearn the biggest potential risks that may affect the price of Pfizer's stock, complete with a fundamental analysis and review of other external factors.
EntrepreneurshipLearn how a complete risk management plan can minimize or eliminate your financial exposure through insurance and prevention solutions.
Investing BasicsA diversified portfolio will protect you in a tough market. Get some solid tips here!
EntrepreneurshipThere are a lot of risks associated with running a business, but there are an equal number of ways to prepare for and manage them.
Secured loans are better for the borrower than unsecured loans because the loan terms are more agreeable. Often, the interest ... Read Full Answer >>
Out of the 2,800 mutual funds that Morningstar, Inc., the leading provider of independent investment research in North America, ... Read Full Answer >>
Mutual fund investors have numerous items to consider when selecting a fund, including investment style, sector focus, operating ... Read Full Answer >>
Financial advisors dislike target-date funds because these funds tend to charge high fees and have limited histories. It ... Read Full Answer >>
When a company has low working capital, it can mean one of two things. In most cases, low working capital means the business ... Read Full Answer >>
Nonprofit organizations continuously face debate over how much money they bring in that is kept in reserve. These financial ... Read Full Answer >>