Tag Archives: Basel II

Operational risk is not a bad business decision

I was looking at the CSI 2008 security survey recently and noticed that the top three loss categories are fraud (number 1), viruses (number 2) and data loss (number 3).

I’m a little dubious about viruses landing up in the number 2 slot.  We haven’t even installed anti-virus software on our office workstations in the past 4 years and we haven’t had a single event.  It might be Symantec and McAfee gaming the numbers in order to prop up flagging anti-virus sales from people like me who use Google Applications and practice safe email and safe surfing.

However fraud and data loss are classic mainstream categories of operational risks.

I like the definitions in the Basel II regulation, which defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

Although originally designed for banks and protection of of the banking system and economy from large scale failure; a systematic approach to operational risk management is important for any kind of organization.  Operational risk is not about damage to the business from a bad strategic decision (like getting into a new market segment and losing your pants).

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this