Operational Risk

Operational Risk
Operational Risk


Managing the inherent risks of people, processes, and technology has become increasingly complex. To adapt, firms are expending significant time, money and resources to implement required changes and prioritize operational risk management.

As costs continue to increase, it is clear that the overly manual, reactive and siloed status quo is unsustainable and cannot continue. Operational risk capabilities today must be agile, flexible and nimble in order to be effective and efficient in responding to the changing environment. A better model is aligned, effective, technology-enabled and embedded into business processes.

Proactive organizations understand they must adopt more innovative risk management practices to better meet the challenges of today’s customers, shareholders, employees, and the risk and regulatory environment.

Key areas of sound operational risk management: 

  • Achieve Operational Excellence by successfully executing business strategy supported by efficient processes, optimized technology and risk agility.
  • Align with the Organization through proactive collaboration and engagement. Converge business and risk processes, while enhancing risk and business acumen throughout the organization.
  • Enhance Customer Satisfaction by improving risk management and controls to drive consistent customer experiences and ensure the needs of customers are considered in the design of processes, products and services.

How we can help:

  • Operational Risk Management Program Assessment/Implementation: Protiviti assists several of our clients with program assessments and implementation efforts geared toward leading practices or regulatory guidance. Protiviti provides project management, advisory and implementation services as part of the ORM program implementations.
  • Risk Control Self-Assessment (RCSA) Support: The RCSA should be utilized as a method to actively manage risk to business strategies and the health of supporting processes. Protiviti is able to help our clients redesign RCSA methodologies, document initial content to begin an RCSA (Processes, risks and controls) and support with technology implementations such as a GRC platform.
  • Operational Risk Appetite, Measurement and Reporting Analysis and Implementation: Protiviti has the capabilities to design an innovative suite of risk indicators and reporting. We analyze hundreds of risk and performance metrics, ultimately refining and clearly linking metrics to strategy, objectives and hard to measure risks. We leverage comprehensive industry knowledge and benchmarking to define the risk appetite, then employ monitoring and management techniques which align to the risk appetite at the enterprise level down to lines of business.
  • Operational Loss and Scenario Analysis: Protiviti helps clients to build operational risk loss tracking and analysis programs both for internal losses and external losses. Protiviti also assists organizations in assessing their scenario analysis programs, linkages to emerging risk programs and stress testing and assessing and recommending detailed scenarios. We can provide support in integrating operational loss data and scenario analysis into the RCSA program and broader operational risk program to effectively utilize the output and data to make informed decisions.
  • Monitoring and Testing Support: Protiviti has the capabilities to support first and second lines of defense to design and implement monitoring and testing programs.  We can support creation of coverage plans, identifying automated techniques and assessing efficiencies in monitoring and testing operational risks across the organization.
  • Process, Risk and Control evaluations and support: Our operational risk management professionals can assess the completeness and quality of existing risks and controls to identify gaps and ensure consistency.  We help our clients re-write, rationalize and improve their risk and control environments.
  • Operational Risks Program Assessments and Support: Financial organization face a variety of operational risks such as third party , new product/service, change management, technology and cyber-security, human resources, data quality, business continuation and financial crime.  Protiviti has experience in assessing and implementing these programs and integrating them into the overall operational risk program.
  • GRC Tool Implementation/Transition: Protiviti helps clients with GRC software implementations and transitions – including process, risk and control taxonomy alignment and development, risk and control statement definition, data mapping of operational risk data and RCSAs to new structures, and migration of legacy data into new systems. Protiviti also facilitates change management and communication with regards to affected users and stakeholders by partnering with the organization and technology providers.

Protiviti Perspectives: