The definition of operational risk varies but generally covers the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. However, I want to take a fresh look at this general definition and present what I believe operational risk should reflect, taking into account all the cyber security related risks that are currently plaguing organizations.
We know that operational risk exists in every organization and size does not matter. What matters however are two critical areas that need to be included in the operational risk definition:
Internal controls
User awareness.
Internal controls
We often see organizations of all sizes that have experienced intrusion or losses due to lack of (or failed oversight of) internal controls. Although various certifications exist that verify that all is in place, organizations are dynamic in nature and internal controls and processes change rapidly.
More of the Continuity Central article from Adesh Rampat