Operational risk management should focus on detecting and reporting risks of all types, and it should be expanded to include a second line that works in partnership with the first line to create an effective resiliency in operations and processes.
There are necessary tools that are needed to evaluate a business process and its resiliency, challenge business management as needed and manage priorities.
- Map processes and controls: Take the time to map out processes alongside the relevant risks and controls. Include their complexity in the map, each handoff along the process, and whether the management is automated or manual. The goal is to outline process ownership along the way while maximising productivity.
- Identify the necessary technology: Understand the points along the way that involve technology, and the type of technology that is needed.
- Monitor: Watch risks and controls while making mechanisms that can help track metrics in order to watch for unusual risk levels.
- Link resources: Connect resource planning to processes to form an understanding of associated processes and the process needs. Build capacity to scale based on the results that are found.
- Reinforce behaviour: Ensure that proper individual conduct is reinforced through training, incentives and performance management.
- Change management: Create systems of change management to make sure that the proper talent is in place. Work with processes and capacity and ensure that the proper guidance is given.
- Feedback: Set up constant feedback to flag issues, perform root-cause analyses and revise processes as the data is gathered.