Operational Risk Management

Organizations must have command of operational risk to develop true enterprise risk management programs. Operational risk is loosely defined as errors and fraud associated with people, process, and technology resulting from the organization’s internal activities and its employees, service providers, actions directed against the organization by outsiders or as an unintended consequence of external events and acts of God.

The breadth of scenarios that manifest operational risk and the complexity of quantifying operational risk can appear daunting to risk managers tasked with the responsibility of an operational risk program. To effectively enable operational risk management, organizations must have the necessary commitment, tools, and processes in place.

RSA Archer Operational Risk Management allows organizations to document all risk in a central repository, establishing accountability for risk ownership and depicting the relationship of risks to losses and near misses, internal controls, business processes, organizational entities, IT assets, objectives, and key risk indicators. It allows them to perform qualitative and quantitative risk assessments of inherent and residual risk across multiple risk categories and integrate output from existing risk models.

With Operational Risk Management, organizations can document and manage loss events and near misses, import external loss data, capture event impact, loss category, detection source, control factors, root cause analyses, and remedial activities, and relate them to risks and insurance.

To manage specific operational risks, organizations can also use RSA Archer solutions such as RSA Archer Business Continuity Management, RSA Archer Vendor Management, and RSA Archer Threat Management.