This document discusses operations risk in three parts. The first part outlines the four steps of operations risk management: assess the situation, balance resources, communicate risks and intentions, and debrief. The second part describes key features an operations risk management software should have like risk tracking and reporting. The third part discusses characteristics of operations risk for banks, including how risks arise from human error and technology changes. It emphasizes the importance of internal controls and risk education for mitigating operations risk.

1. Operations Risk

8. • 1. Assess the situation: The three conditions of the
Assess step are task loading, additive conditions, and
human factors.
• - Task loading refers to the negative effect of
increased tasking on performance of the tasks.
• - An additive factor refers to having a situational
awareness of the cumulative effect of variables
(conditions, etc.).
• - A human factor refers to the limitations of the
ability of the human body and mind to adapt to the
work environment (e.g. stress, fatigue, and
impairment, lapses of attention, confusion, and will
full violations of regulations).

9. • 2. Balance your resources: This refers to balancing
resources in three different ways:
• - Balancing resources and options available. This
means evaluating and leveraging all the
informational, labor, equipment, and material
resources available.
• - Balancing Resources verses hazards. This means
estimating how well prepared you are to safely
accomplish a task and making a judgment call.
• - Balancing individual verses team effort. This means
observing individual risk warning signs

10. • 3. Communicate risks and intentions:
• - Communicate hazards and intentions.
• - Communicate to the right people.
• - Use the right communication style. Asking
questions is a technique to opening the lines
of communication. A direct and forceful style
of communication gets a specific result from a
specific situation.

11. • 4. Do and debrief. (Take action and monitor
for change.) - This is accomplished in three
different phases:
• - Mission Completion is a point where the
exercise can be evaluated and reviewed in full.
• - Execute and Gauge Risk involves managing
change and risk while an exercise is in
progress.
• - Future Performance Improvements refers to
preparing a "lessons learned" for the next
team that plans or executes a task.

15. • Features of ORM Software / Requirements: Here are
a few features that should necessarily be a part of
your operational risk management solutions:
• A. A risk tracking process: An automated risk
identifying, assessing and measuring program is ideal
in an operational risk management software
technology. Consistent and organized monitoring of
events is requisite to detect risk exposure at
individual and enterprise levels. ORMS should help
you conduct a quantitative and qualitative analysis of
the identified risk. Risk levels and risk mapping easily
allow you to spot and prioritize hazards.

16. • B. Identifying the instigating events and capturing the
root causes your operational risk management
software should be equipped to expose the events and
root causes that led to a risk origination. This is the
lead towards mitigating risks, avoiding loss and
evaluating loss expectancy. ORMS should be designed
to oversee the event time charts and cycles to trace
the risk causes.
• C. Prompt risk notifications: ORMS should have its key
risk indicators in place, coupled with relevant risks
from the repository. Automated notifications should
be delivered to indicate the breach of risk thresholds
in a timely manner. Providing a heat map at earlier
stages that signifies risk position even before they
approach is a commendable software solution.

17. • D. Report generation catered to stakeholders:
An ORMS should function to deliver heat
maps and reports customized to each
stakeholder's needs.
• The reported information should be sufficient
and timely in order to allow optimum decision
making.
• Timely reporting is a process in which
operational risk management data will be
integrated across different functions and
updated on a real-time basis, prior to report
generation.

21. Characteristics of Operations Risk:
• it's useful to first understand the unique characteristics of operational, or "op" risks
and their implications on modelling methods.
Characteristic of Op Risks Implication
1. Op risks are endogenous, i.e., specific to the
facts and circumstances of each company. They
are shaped by the technology, processes,
organization, personnel, and culture of the
company.
Need to gather company-specific data.
However, most companies don't have a long
history of relevant data. In banking, industry
wide data is being gathered, but it may not be
representative.
2. Op risks are dynamic, continuously changing
with business strategy, processes, technology,
competition, etc.
Even a company's own historical data may not
be representative of current and future risks.
3. The most cost-effective strategies for
mitigating op risks involve changes to business
processes, technology, organization, and
personnel
Need a modelling approach that can measure
the impact of operational decisions. For
example, "how will op risks change if the
company starts selling and servicing products
over the Internet, or if a key function is
outsourced?"

24. • Operations Risk at Banks: Always banks live with the
risks arising out of human error, financial fraud and
natural disasters.
• The happenings such as WTC tragedy, Barings debacle
etc. has highlighted the potential losses on account of
operational risk.
• Exponential growth in the use of technology and increase
in global financial inter-linkages are the two primary
changes that contributed to such risks.
• Operational risk, though defined as any risk that is not
categorized as market or credit risk, is the risk of loss
arising from inadequate or failed internal processes,
people and systems or from external events.
• In order to mitigate this, internal control and internal
audit systems are used as the primary means.

25. • Risk education for familiarizing the complex
operations at all levels of staff can also reduce
operational risk. Insurance cover is one of the
important mitigators of operational risk.
• Operational risk events are associated with weak
links in internal control procedures.
• The key to management of operational risk lies in the
bank‘s ability to assess its process for vulnerability
and establish controls as well as safeguards while
providing for unanticipated worst-case scenarios.

27. • The 5-M Factors are a model called Man-Machine-Medium-
Mission-Management, and are used to examine the nature of
accidents in the transport industries.
• It was started by T.P. Wright's Man-Machine-Environment triad
at Cornell University.
• In each of the smaller circles "Man," "machine," and "medium"
are placed.
• The large circle is labelled "Management."
• The space in the middle where they all meet is called
"Mission," which is the objective the other four M's have in
common. I
• It can also be used in troubleshooting - 5 factors Man-Machine-
Materials-Method-Medium (or environment).

28. • The 5-M Model comprises of Man, Machine,
Medium, Mission and Management are five
core areas that failing factors of
accident/incident may appeared in.
• This model is one of the most common used
methods in aviation industry to examine
aviation accident/incident.
• It provides manager with a systematic way of
focusing and analyzing areas that errors
mostly occurred within the structure of
organization.

29. • Man: When an aircraft accident occurs many
questions are asked regarding the human
component that was operating the aircraft or
system at the time of the accident.
• Successful accident investigation therefore
requires the investigator to probe beyond the,
human failure‘, so as to be able to determine
the underlying factors that contributed or lead
to this failure.
• The question 'Why', arises a lot during
investigation of the operator at the time of
investigation. For example: -

30. • Was the individual mentally or physically capable
of responding properly? If not, why?
• Did this failure occur due to a self-induce state
such as alcohol intoxication or fatigue?
• Had the individual been properly trained in how
to cope with the situation that leads to the
accident?
• These are only a few of the questions that arise
during a human-factor investigation when trying
to establish what caused the accident.
• The answers to each of such questions are very
vital for the effective measures to be put in place
so as to prevent the accident from re-occurring.

31. • Machine: Due to technology, the machine
(aviation technology) has enabled great advances
to the aviation industry.
• Through automation, human mental work load
has been reduced significantly and productivity
increased. However when machine and computer
become more complicated and advances to
replace more jobs from human, it surface
occasional problems which are detected with
relation to human limitation in handling them.
• Therefore, modern aircraft designs are revise
through this problem detected to further reduce
the effect of any of these hazards.

32. • Medium: The medium (environment) in which
the aircraft operation takes place, equipment is
used and personnel work directly affects safety.
• From the point of view of accident prevention
the environment is considered to comprise of;
the natural environment and the artificial
environment.
• One example could be the unexpected weather
condition that form ice near the engine area
where ice is injected into the engine, or reduces
the air intake amount which resulted in engine
failure.

33. • Mission: The type of mission or the purpose
of the operation is also considered important
during the investigation process.
• This is because each risk is associated with
different types of operation which do vary.
• One example is the mission/procedure too
ambitious that could not be possibly achieve?
Each mission being different will have certain
intrinsic hazards that are accepted with the
type of mission

34. • Management: The training of proper safety
procedures is normally done by the management
team of the certain airline or aviation
organization.
• Therefore accident prevention rests on
management, as its only management in any
organization that controls the allocation of
resources.
• For example it is management that determines
the type of aircraft to purchase, what routes to
operate in, training and operational procedures to
be given, personnel who will maintain as well as
fly the aircraft and so forth.
• Management are thus the cornerstone for safety
and accident prevention techniques.

35. • Technology Risk: IT-related risk is any risk related to
information technology.
• While information has long been appreciated as a
valuable and important asset,
• The rise of the knowledge economy has led to
organizations becoming increasingly dependent on
information, information processing and especially IT.
• Various events or incidents that compromise IT in some
way can therefore cause adverse impacts on the
organization's business processes or mission, ranging
from inconsequential to catastrophic in scale.
• Assessing the probability of likelihood of various types
of event/incident with their predicted impacts or
consequences should they occur is a common way to
assess and measure IT risks.