DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 31, Issue 4

Full Contents Now Available!

Tuesday, 09 October 2018 14:22

Redefining the definition of operational risk

Adesh Rampat explains why he believes that the definition of operational risk needs updating to take into account the development of cyber security related risks, and including aspects of internal controls and user awareness.

The definition of operational risk varies but generally covers the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. However, I want to take a fresh look at this general definition and present what I believe operational risk should reflect, taking into account all the cyber security related risks that are currently plaguing organizations.

We know that operational risk exists in every organization and size does not matter. What matters however are two critical areas that need to be included in the operational risk definition: