Operational Risk Management: Models & Criteria

The Meaning of Risk to Organization

Nowadays, many companies operate in the constantly changing business environment where different risks determine the level of uncertainty. Consequently, many organizations tend to face various risks such as safety, liquidity, operational, financial, and credit ones (Kaplan and Mikes 1). One of the most critical aspects of the company’s performance is financial risk since the ability to manage it defines the attractiveness of the enterprise to national and international investments. Consequently, if the associated risks are high, this fact will discourage investors from financing the firm. Along with the financial risks, the role of credit one cannot be underestimated, as, not taking into account this incident will lead to the increase in debt and potential bankruptcy. Not being able to consider liquidity risk may also cause bankruptcy and loss of the revenues since the company will not have enough liquid assets to cover unexpected expenses.

Speaking of operational one, this risk pertains to the internal functioning of the company including the development of the products and managing human resources and policies (Leech 14). In this instance, this risk will question the company’s competitive advantage, as the enterprise will be managed inadequately. This matter will cause a decrease in the market share and company’s competitiveness. Lastly, safety and health risks are related to not provisioning the changes in ISO standards (Leech 18). Meanwhile, not complying with them may lead to negative health consequences for workers and customers and occurrence of natural disasters. This aspect will damage the company’s reputation and brand image. Based on the factors highlighted above, it could be concluded that the types of the risks mentioned previously have a tendency to have adverse consequences not only on the development of the financial performance of the organization and its competitive advantage but also on health and safety of the society. Consequently, managing and forecasting risks cannot be underestimated since it helps minimize the frequency of manmade disasters and develop the company’s competitive advantage.

Responsibilities of Risk Management

When trying to define and mitigate risks, the management has to evaluate the components such as the actual risk, its probability, and its consequences. In the first place, the management has to determine the types of risks that exist (Leech 46). Thus, understanding their probability and consequences can help design the most appropriate strategies to minimize losses (Leech 46). Evaluating them will help distribute the duties and responsibilities among the employees and managers, as missing this step will have a negative effect on the quality of the delivered products and may decrease customer’s satisfaction. At the same time, this aspect may create difficulties with the product delivery, as the insufficient distribution of the tasks may cause miscommunication with suppliers. Taking into account these aspects and evaluating opportunities simultaneously will have a positive impact on the organizational capacity and prosperity while being able to satisfy the needs of different types of stakeholders such as employees, customers, management, and shareholders. Nonetheless, not being able to consider these concepts may lead to the opposite results such as the need for layoff and loss of productivity.

A Risk Management Model

Living in the continuously changing environment requires the companies to adapt to the changes in technology while being flexible to risks at the same time. Nowadays, to survive in the highly intensified competition, the firms have to change their attitudes towards risks and their development in the global arena (Kot and Dragon 102). In this case, the effective ERM model has to pay attention to the processes such as identifying risk and its consequences, distributing the responsibilities, designating a specialist responsible for managing the risk, increasing the awareness of the shareholders, and applying the sufficient risk assessment strategy (Kot and Dragon 102). Describing these concepts helps evaluate the conditions of the international environment and discovers different components at the same time. This model defines the steps to be taken to optimize organizational performance and address these aspects in time. Thus, this type of organizations specializing in manufacturing mostly categorize the risks into strategic, financial, and operational ones, as these threats are usually faced by various companies operating at both national and international levels (Kot and Dragon 102). In this case, to optimize the overall performance, FMEA model has to be used to understand the risks and rank them according to the frequency of incidents and their impact on the financial performance (Leech 46).

Risk Management Criteria

Another important aspect when conducting risk assessment is establishing risk management criteria, as they will help evaluate a condition of the organization and its environment. In this case, the criteria are strongly relying on the FMEA model, as it helps assess the possibilities of failures, their impact on the organizational performance, and potential consequences (Lipol and Haq 49). In the first place, it is necessary to measure likelihood and probability (P) of the risks by referring to the past performance (Lipol and Haq 49). In this instance, the risk that has a high percentage of occurrence depicted previously has a high rate. Another aspect is severity (S), and it evaluates risk’s effect on health and safety (Lipol and Haq 49). In this instance, the highest score is associated with high mortality rates related to the incident. The last component of FMEA model is detecting failures (D) with the help monitoring and control systems. In this case, the ability to identify it at the beginning is characterized by a lower level of impact. All of these aspects are measured according to one to five scale, where five is the most severe or unacceptable condition. I have selected these criteria, as they describe a situation in the organization and reflect possible outcomes. Alternatively, paying attention to the aspects such as detection may help improve current prevention and control strategies. Thus, these criteria have to be used in a combination to assess the overall impact of the processes on safety and quality of the products.

Criteria to Specify Risks and Risk Interdependencies

Risk interdependency is the economic phenomenon that implies that the risks have a tendency to interfere and have an effect on the financial and operational functioning of the firm when incurring at the same time (Leech 46). Consequently, one cannot underestimate the fact that various strategies tend to exist to evaluate and specify risks. As it was mentioned earlier, FMEA risk assessment model is one of the most appropriate techniques that is used to assess risks and understand their level of impact on the financial prosperity of the organization (Leech 46). One of the major advantages of this framework is the fact that it offers a logically defined framework of the processes that helps improve the overall operational capacity and development of the firm. Its primary intention is to enhance the financial performance of the departments that do not comply with the current industrial benchmarks and are the central sources of risks. Thus, the main disadvantage of this model is the fact that its effectiveness is dependent on other processes, and it cannot be used by itself due to its limitations.

An alternative technique is the Delphi approach, and it collects information about the condition of the company with the help of questionnaires distributed among the experts (Leech 46). In this case, one of the advantages of this strategy is its ability to review the issues from dissimilar viewpoints. Apart from being flexible and not requiring a physical presence of the participants, the main disadvantage is the extended duration of the study. This characteristic makes this approach inappropriate when rapid decision-making is needed. Another alternative method is benchmarking, and its primary intentions refer to understanding whether the company complies with industrial standards (Leech 46). This strategy helps detect the sphere and departments that require improvement to remain competitive in the market. Thus, it can be depicted as a method to optimize the financial performance of the company while not being the most effective risk specification tool. Based on the factors highlighted above, it could be said that the proposed techniques have to be applied in a combination due to the interdependencies of risks. In this instance, FMEA will help identify and rank the risks effectively. Thus, benchmarking methodology and Delphi strategy can explain the results, industrial standards, and risks’ impact on the company’s performance.

A Risk Management Model to Quantify Risks

Apart from various evaluation techniques included in the risk assessment, there are some strategies that are used to quantify risks. In this instance, the most appropriate model is to create a matrix that shows a connection between the probability of the risk and its level of impact on the organizational performance (Lipol and Haq 49). In this case, according to the general principles, the consequences of risks are ranked from one to five, where one is minor, and five is severe. A similar concept is applied to the level of probability, where one stands for rare and five for certain (Lipol and Haq 49). Based on the factors depicted above, it could be said that this model (FMEA) is the most suitable approach for the risk assessment since it helps determine a correlation between two dependent variables. At the same time, it can be actively employed to understand what level of impact the risks have on the overall organizational prosperity and financial performance.

Evaluation of Risk against Pre-Established Criteria

The last but the most important part of risk assessment model is understanding and interpreting the scores. Based on the factors indicated above, it is possible to complete the risk evaluation at my workplace. The selected organization is a medium-sized firm that operates in the manufacturing sector at international level. Thus, the primary duties of our department are related to the quality control and safety of the operational procedures. In this instance, the most common risks that can have an adverse effect on health of workers are related to fire (2(P)*5(S)*2(D)=20), insufficient usage of the machinery (4(P)*5(S)*3(D)=60), issues with electricity (4(P)*5(S)*3(D)=60), and lack of knowledge when using the machinery (3(P)*4(S)*2(D)=24). These concepts are generalized, as there are the most common accidents that tend to take place at my workplace. In this instance, each of these risks was assessed by FMEA model, and the results are represented in brackets after each type. The presented scores were multiplied to determine the actual RPN rate. Overall, it could be said that the assessment went well, but it was necessary to generalize information to understand the risky aspects of the industry.

Based on the assessment conducted above, it could be said that the most severe risks are issues with electricity and the insufficient usage of equipment at the manufacturing site. These incidents are difficult to detect in time, have a high negative impact on health and safety of the employees, and take place rather often. Alternatively, not being able to manage and mitigate these risks may lead to severe consequences such as fire. This incident is associated with high financial losses and mortality rates. Simultaneously, when applying the likelihood-consequence model, these results are considered as unacceptable. Overall, it could be said that both results and scoring method are relevant since they help determine the risks with severe outcomes. Nonetheless, using FMEA model in one department only does not allow discovering all risks that are present at different stages of product development. This gap has to be filled by adding other methods and expanding the scoring system to one to ten to quantify and assess risks effectively.

Activities to Eliminate, Mitigate, Deflect, or Accept Risk

The assessment of risks conducted above helps define the actions that have to be taken to change the likelihood of risks, propose prevention strategies, indicate sources of risks, and modify the associated consequences. The plan will be presented in the table format to understand the actions that have to be introduced to control and maintain risks (see Table 1). In this case, the prevention strategies stated here are expected to reduce likelihood (P=2) and consequences (S=2) of the mentioned risks while having a positive impact on the overall levels of safety and prosperity. Simultaneously, indicating the core reasons for the problems will help introduce effective quality control procedures to detect risks at the beginning (D=1). Thus, these strategies have to be constantly assessed (quarterly) and modified depending on the situation in the company.

Table 1. Strategies to eliminate and mitigate risks.

Risk Source Prevention Likelihood Consequences
Fire Lack of quality control systems and detection and the inadequate usage of machinery are the major sources of fire. Increasing awareness of the workers (educational sessions), updating alarm system, and constantly checking whether the equipment complies with the standards are the main prevention strategies. The likelihood is expected to decrease from two to one, as the actions of the workers will be monitored and restricted. The severity will decrease from five to two since the workers will be aware of the potential emergency plans and report the incident as early as possible.
Insufficient usage of the machinery The lack of training and competences are the major sources. Random checks and organizing training quarterly will reduce the likelihood and consequences of the incidents. The probability will decrease from four to two, as the workers will have well-developed skills and instructions of using the machinery. The severity will decrease from five to two since the random checks will help identify when the machinery is used in a wrong way and instruct the workers again.
Issues with electricity The absence of sufficient quality control procedures is the reason. Enhancing monitoring and control procedures is one of the prevention methods. The probability will decrease from four to two since any changes will be carefully monitored at every phase of product life cycle. The severity will decrease from five to two. The selected prevention strategies will minimize the consequences of incidents by monitoring that the workers follow safety guidelines and instructions.
Lack of knowledge when using equipment The sources are related to the absence of the well-developed training programs. Developing training programs is one of the key solutions. The probability will decrease from three to one since the programs will educate the workers while reports ensure that the instructions are followed. The severity will decrease from four to two. It is expected that only minor damages will take place since the workers will be aware of the working principles of the equipment and machinery.

A Process for Implementing and Managing a Disaster Recovery Plan

Disaster recovery plan can be defined as a documented set of procedures that can be used before, during, and after a disaster (Leech 84). In this case, this plan establishes a series of steps that will speed the recovery of IT systems and databases and physical facilities of the business (Leech 84).This document has to include different factors that have to be considered such as various types of risks, issues, and scenarios. In this case, this information can be collected by referring to historical data of the company, discovering the industrial trends, and the actions of the competitors. Applying this approach will help assess risks and define the priorities of procedures that will be implemented and managed in the case of the accident. A combination of these factors will ease the overall development of the disaster recovery plan and define the most effective techniques (Leech 86).

Thus, the selected procedures and approaches have to be constantly tested against expected scenarios to ensure their effectiveness and implementation. For example, the organization, where I am working as a middle manager leading a department, tends to consider the incidence of both manmade and natural disasters since living in the modern world requires to be prepared to the different types of hazards. After conducting the analysis, my firm indicated the steps such as information back-up and recovery and contacting insurance providers to speed the process of high importance.

Nonetheless, apart from the sequence of steps mentioned above, managing the plan is one of the most difficult parts, as continuous monitoring and evaluation of the activities is a requirement (Leech 86). This part of a disaster recovery plan ensures that the proposed policies comply with the present industrial environment. As it was mentioned earlier, testing against scenarios is highly important, and to understand the appropriateness of the proposed events, one has to introduce simulation tests (Kadlec and Shropshire 3). Simultaneously, it is essential to ensure the awareness of the employees and define the storage and backup processes. These concepts can be evaluated with the help of industrial benchmarks and company’s previous experience. My organization underlines the substantial significance of IT processes and tends to develop KPIs such as speed of recovery and percentage of losses associated with the disaster. If the company does not comply with the set goals, standards, and KPIs, it has to review the processes and identify the core of the problem. In this case, the speed of IT system recovery was slow, and changing the provider and rescheduling were the central solutions to this issue.

During the incident, the main stages will include identifying the disaster, warning different levels of subordination, moving personnel, equipment, and software to the selected locations, and restoring systems from the scheduled back-ups (Kadlec and Shropshire 5). After that, the effectiveness of the procedures can be evaluated with the help of various KPIs and financial losses. Reviewing these aspects will help optimize the existent techniques to increase the effectiveness of the present disaster recovery plan.

Works Cited

Kadlec, Christopher, and Jordan Shropshire. “Best Practices in IT Disaster Recovery Planning among U.S. Banks.” Journal of Internet Banking and Commerce, vol. 15, no. 1, 2011, pp. 1-25.

Kaplan, Robert, and Anette Mikes. “Managing Risks: A New Framework.” Harvard Business Review, vol. 90, no. 6, 2012, pp. 1-13.

Kot, Sebastian, and Przemyslav Dragon. “Business risk management in international corporations.” Procedia: Economics and Finance, vol. 27, no. 1, 2015, pp. 102-108.

Leech, Corinne. Pathways to Management and Leadership: Managing Team and Individual Performance. Chartered Management Institute, 2013.

Lipol, Lefayet, and Jahirul Haq. “Risk Analysis Method: FMEA/FMECA in the Organizations.” International Journal of Basic & Applied Sciences, vol. 11, no. 5, 2012, pp. 49-57.

Cite this paper

Select style


BusinessEssay. (2022, November 30). Operational Risk Management: Models & Criteria. Retrieved from https://business-essay.com/operational-risk-management-models-and-amp-criteria/


BusinessEssay. (2022, November 30). Operational Risk Management: Models & Criteria. https://business-essay.com/operational-risk-management-models-and-amp-criteria/

Work Cited

"Operational Risk Management: Models & Criteria." BusinessEssay, 30 Nov. 2022, business-essay.com/operational-risk-management-models-and-amp-criteria/.


BusinessEssay. (2022) 'Operational Risk Management: Models & Criteria'. 30 November.


BusinessEssay. 2022. "Operational Risk Management: Models & Criteria." November 30, 2022. https://business-essay.com/operational-risk-management-models-and-amp-criteria/.

1. BusinessEssay. "Operational Risk Management: Models & Criteria." November 30, 2022. https://business-essay.com/operational-risk-management-models-and-amp-criteria/.


BusinessEssay. "Operational Risk Management: Models & Criteria." November 30, 2022. https://business-essay.com/operational-risk-management-models-and-amp-criteria/.