Techniques for assessing operational risk have come a long way in the past 10 years. Today, many companies are going beyond the regulatory minimum to implement sophisticated models that contribute to better understanding and management of operational risk across the business.
One question that tends to push the limits of existing models, however, is identifying emerging operational risk before it produces a loss. Given that risk events are typically not entirely new but rather simply new combinations of known risks, an approach that enables us to analyze which risk drivers exhibit evolutionary change can identify which ones are most likely to create emergent risks. By borrowing a technique from biology—phylogenetics, the study of evolutionary relationships—we can understand how certain characteristics of risk drivers evolve over time to generate new risks. The success of such an approach is heavily dependent on the degree to which operational risk loss data is available, coherent, compatible, and comprehensive. A well-structured loss data collection (LDC) framework can be a key asset in attempting to understand and manage emergent risks.
Broadening the definition of operational risk
In the financial industry, where operational risk has been a significant target of regulators for more than a decade, operational risk is typically defined as “the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events.” However, this definition doesn’t consider all the productive inputs of an operation, and, more critically, does not account for the interaction between internal and external factors.
A broader, more useful definition is “the risk of loss resulting from inadequate or failed productive inputs used in an operational activity.” Operational risk includes a very broad range of occurrences, from fraud to human error to information technology failures. Different production factors can be more or less important among various industries and companies, and relationships among them—particularly where labor is concerned—are changing rapidly. To be effective as tools for managing operational risk day-to-day, models need to account for the specific risk characteristics of a given company as well as how those characteristics can change over time.
Examples of productive inputs relevant for operational risk
Type | Productive input | Description |
Natural resources | Land | The physical space used to carry out the production process that may be owned, rented, or otherwise utilized. |
Natural resources | Raw materials | Naturally occurring goods such as water, air, minerals, flora, and fauna. |
Labor | Physical labor | Physical work performed by people. |
Labor | Human capital | The value that employees provide through the application of their personal skills that are not owned by an organization. |
Labor | Intellectual capital | The supportive infrastructure, brand, patents, philosophies, processes, and databases that enable human capital to function. |
Labor | Social capital | The stock of trust, mutual understanding, shared values, and socially held knowledge, commonly transmitted throughout an organization as part of its culture. |
Capital | Working capital | The stock of intermediate goods and services used in the production process such as parts, machines, and buildings. |
Capital | Public capital | The stock of public goods and services used but not owned by the organizations such as roads and the Internet. |