To most businesses, the concept of risk management is confined to financial aspects such as liquidity, interest rate and foreign exchange movements and credit risk.
But the risk game is fast changing, with operational risk--covering anything from a computer meltdown to a terrorist attack--assuming much more importance.
This increased awareness has not happened by accident, even if a big mishap does tend to focus the mind of any manager. Behind the change in thinking is the relatively new Australian risk management standard AS4360 and the drafting of the global Basel Accord, which will require banks to hold capital for operational risk management purposes.
To bankers, risk management has often been related to the financial performance of customers and the banks themselves. But in recent years, banks have taken a broader view of operational risk management.
The level of awareness has been promoted by the well-known cases of significant off balance sheet fraud at Barings Bank and Royal Allied Irish, which resulted in substantial losses to those financial institutions.
In addition, the drafting of revised capital adequacy guidelines by the Bank for International Settlements (known as "Basel II") has forced the international banking industry to determine how to collect the data required to achieve compliance by 2005.
Raising the standard
The Australian risk management standard, a generic guideline, was first published in 1995 and revised in 1999. A subsequent revision is due to be published this year. It has gained international recognition by being adopted by the International Standards Association.
Consequently, this standard has been widely adopted across a range of industries worldwide, including banking and finance. It is highly relevant in that it provides a generic process to be followed.
To many professions and industries, operational risk management is the answer they have been looking for to encapsulate organisational learning in tight and competitive economic times.
The recent insurance crisis has encouraged customers to look to alternate means of controlling risk exposure. These options are clearly described in the Australian risk management standard.
Until now, managers have resisted risk management in its various guises as a management discipline. Its meaning and application is misunderstood by the public and at many levels of management in both the private and public sector.
What has tended to happen is that risk managers adopt their own stance on risk management according to their expertise. Across the board examples are financial markets, occupational health and safety, insurance, project management, technology and political risk management. All of these approaches are correct; it's just that their focus is limited and lacks an integrated framework.
Recognising such a common framework for all types of operational risks will substantially improve the acceptance of risk management as an effective management tool throughout organisations. The framework below has been developed by Monash University and adopted by Prudentia Pty Limited to satisfy this need. It is based on some of the ideas contained in the Australian risk management standard.
Obviously, each organisation's requirements will differ and this framework will need to be modified accordingly.
As with many other professions, risk management has evolved from a different beast. Originally risk management was an integral part of the insurance industry. Rather than employing insurance buyers in the 1950s, companies began to employ risk managers in recognition of the increasing cost of insurance.
Also, corporate insurance buyers succeeded in gaining better recognition and status by expanding their role to include property loss control, industrial safety, …