Operational Risk: The Umbrella Function
- 2 August 2018
If you picture operational risk as an umbrella, what does it cover? Does it include compliance, IT security, conduct risk, cyber, fraud or change management? More than these, or none of them?
At ORX, we're exploring this concept of operational risk as an umbrella function.
We're currently surveying some of our member firms who have already made this shift. Following this, we're conducting interviews to gain a deeper understanding of what the umbrella is, what it covers, and how it is done. We will publish a paper in October, which firms can use to support them as they expand the footprint of operational risk and move towards the next level of maturity.
The umbrella function
The development of operational risk into an 'umbrella function' was a key observation in The future of operational risk study.
The term umbrella refers to how operational risk is:
- Moving to provide an overarching framework, creating consistency across specialist areas of operational and other non-financial risk
- Combining with compliance teams to provide an integrated approach to non-financial risk management
About the study
Our objective is to understand the scope of the umbrella, how it works in practice, and the efficiencies it brings.
Just what the umbrella risk function is, though, remains unclear. What does it cover and how does it vary across the industry? These are just some of the questions we are asking the study participants.
We are working with a range of firms who are already adopting this approach towards operational risk management. We've created a focused survey for them to complete, are holding interviews, and collecting case studies.
From the results, we'll publish a short paper, which will act as a thought-piece to prompt discussion on the role of operational risk as an umbrella function.