Welcome » IT Booklets » Management » II Risk Management » II.A Operational Risk
Operational risk is the risk of failure or loss resulting from
inadequate or failed processes, people, or systems. Operational
risks from IT are present not only in back-office operations and
transaction processing but also in areas such as customer service,
systems development and support, internal controls and processes,
and capacity planning. Operational risk may cross all lines of
business and can be caused by internal or external events.
Operational risk from IT primarily affects
reputation, strategic, and compliance risks, although other risks
may be affected.
Management should be aware of the implications of operational
risk from IT, including the following:
Management should have a comprehensive view of operations and
business processes that are supported by technology. IT management
should maintain an active role in institution strategic planning to
align IT with established business goals and strategies.
Additionally, management should ensure that effective IT controls
exist throughout the institution, either through direct oversight
or by holding lines of business accountable for IT-related
controls. From a control standpoint, management should participate
in the ITRM process to identify and measure risk from the use of
IT, support decisions on how to mitigate the risks, implement the
mitigation decisions, and monitor and report on the resulting