According to a recent McKinsey report, ORM will become a new differentiator in financial services that will drive better business decisions. According to the research, ORM should adopt new data sources and technology to enhance risk characterization, evaluation, and mitigation. Moreover, ORM should assist value generation and innovation by being in line with business strategy and culture.
The approach implies, however, that some level of operational risk is inevitable, even desirable if the returns are high. This draws attention to the problem of how companies may reconcile ORM’s cost and security considerations. How can companies make sure that their ORM procedures don’t endanger the health and safety of their staff, clients, stakeholders, and the environment? In the event of operational failures or incidents, how can they prevent reputational harm and legal liability?
A risk-informed decision-making process would consider the benefits and costs of different scenarios and countermeasures in order to arrive at the best decision. According to CISA, this process includes choosing and putting into action the most economical countermeasure suitable for addressing vulnerability, thereby lowering the risk to a manageable level. The justification and underlying presumptions for the risk decisions must also be communicated and documented as part of this process.
Another solution is to adhere to certain basic ethical principles for better ORM, which can direct behavior and decision-making in complex and uncertain situations. Some of these guidelines, according to Deloitte, are:
Reframe operational risk’s view from one of risk mitigation to one of planned risk facilitation
Integrate social principles into ORM procedures
Encourage a climate of openness, responsibility, and integrity
Boost risk escalation and accountability
Prioritize risks, comprehend them, and explain their importance.
It might be advantageous to consider using AHP for decision-making in risk management. The risk management objectives and actions example demonstrate how AHP may frame a decision-making challenge in the context of risk management, which in turn helps risk managers organize and deconstruct complicated issues for rational decision-making.
