ABSTRACT
Many risk managers find it difficult to obtain the required level of buy-in and investment from the organisation. This lack of engagement may be organisation-wide or from only certain business areas and levels. The hurdle is mentioned as the largest amongst those attempting to implement operational risk management in a business. The key components of operational risk management have been addressed, being: risk and control self assessment and scenario analysis; key risk indicators; risk incident management and recording; external and internal compliance; treatment improvements; quantification; and reporting. In order to consider the benefits of an integrated systems approach to operational risk management it is useful to consider the shortcomings of a non-integrated approach. Such an approach involves no common registers, separate systems and databases for each risk function, separate Risk and Control Self Assessment, Key Risk Indicators and incident management systems, separate and multiple treatment improvement registers and separate compliance systems.
