By Tom Garrubba, Vice President & CISO, SFG/Shared Assessments
What for you are the benefits of attending a conference like the ‘New Generation Operational Risk Europe?
The top benefit of an in person event like New Generation Operational Risk is the opportunity for me to converse with industry peers on current trends in managing operational risk. Whether your work is in a regulated industry or in the private sector, I like to know how you are tackling challenges in operational risk.
Additionally, it’s important for me to hear from regulators to understand their views on what is important in organizations under their watch. I love networking with others to share successes, strategies and techniques.
How has the operational risk landscape evolved over the last twelve months?
The operational risk landscape is certainly getting more complicated! Industries are under pressure to ensure the continuity of their operations from boards of directors, regulators, and ultimately, customers and partners. Once customers are affected by a lapse in continuity, news spreads quickly. Social media brings on additional and extreme pressure as organizations are called upon to change their operational strategy. Geopolitics, corporate and social responsibility, and recently, Brexit are all strong forces in an evolving landscape.
What do you think are the top challenges faced by operational risk professionals?
Clearly identifying what critical processes are within an organization is a top challenge. This is so important from a regulatory perspective and from a business resilience and continuity perspective. Executives need to periodically recalibrate business resilience and continuity plans to ensure they are covering the critical processes and all the underpinnings supporting the business such as personnel and vendors. Heads of business units need to understand that what they may perceive as a critical process may not actually be as classified or categorized as critical by the corporation or a regulator. It really comes down to “if there’s an issue, will this ‘harm’ the corporation or the customer?”. With this understanding, organizations need to have a critical inventory of the necessary people required to immediately support and resolve the issue along with critical and key ancillary (downstream) vendors and partners. This ties into the periodic testing of plans to ensure the business can continue to operate in face of issues whether it’s a system going offline at a critical time or an environmental event affecting a wide-area.
How has technological advances influence the role and scope of operational risk management?
There are numerous tools that provide data to executives to help in decision making including tools for monitoring the critical processes and in scoping risk. These are tools to help make decisions and should not become a crutch. There is no replacement for business executives and risk professionals who have the acumen to make intelligent decisions.
What do you see ahead for the future of operational risk frameworks?
I see more collaboration — particularly between individual sectors. I also see member-based organizations shaping Thought Leadership to drive standardization that benefits the industry. I also see public-private partnerships increasing regardless of the sector. Government wants to ensure that organizations are doing the right thing for the industry and for the public.